dotnet titles abstract 2013-2014

IEEE- Project Title 2013

1

33,Meenakshi Sundaram Building, Sivaji st, (Near Tnagar Bus Terminus),TNagar Chennai-17, Ph: 044-42070551

Mobile: 9025439777/ www.sybiantechnologies.com / [email protected]

DOTNET

BIO MEDICAL / MEDICAL IMAGING

1. Toward Ubiquitous Healthcare Services With a Novel Efficient Cloud

Platform

ABSTRACT:

Ubiquitous healthcare services are becoming more and more popular,

especially under the urgent demand of the global aging issue. Cloud computing

owns the pervasive and on-demand service-oriented natures, which can fit the

characteristics of healthcare services very well. However, the abilities in dealing

with multimodal, heterogeneous, and nonstationary physiological signals to

provide persistent personalized services, meanwhile keeping high concurrent

online analysis for public, are challenges to the general cloud. In this paper, we

proposed a private cloud platform architecture which includes six layers according

to the specific requirements. This platform utilizes message queue as a cloud

engine, and each layer thereby achieves relative independence by this loosely

coupled means of communications with publish/subscribe mechanism.

Furthermore, a plug-in algorithm framework is also presented, and massive

semistructure or unstructured medical data are accessed adaptively by this cloud

architecture. As the testing results showing, this proposed cloud platform, with

robust, stable, and efficient features, can satisfy high concurrent requests from

ubiquitous healthcare services.


2



2. Spine Segmentation in Medical Images Using Manifold Embeddings

and Higher-Order MRFs

ABSTRACT:

We introduce a novel approach for segmenting articulated spine shape

models from medical images. A nonlinear low-dimensional manifold is created

from a training set of mesh models to establish the patterns of global shape

variations. Local appearance is captured from neighborhoods in the manifold once

the overall representation converges. Inference with respect to the manifold and

shape parameters is performed using a higher-order Markov random field

(HOMRF). Singleton and pairwise potentials measure the support from the global

data and shape coherence in manifold space respectively, while higher-order

cliques encode geometrical modes of variation to segment each localized vertebra

models. Generic feature functions learned from ground-truth data assigns costs to

the higher-order terms. Optimization of the model parameters is achieved using

efficient linear programming and duality. The resulting model is geometrically

intuitive, captures the statistical distribution of the underlying manifold and

respects image support. Clinical experiments demonstrated promising results in

terms of spine segmentation. Quantitative comparison to expert identification

yields an accuracy of 1.6 $pm$ 0.6 mm for CT imaging and of 2.0 $pm$ 0.8 mm

for MR imaging, based on the localization of anatomical landmarks.


3



3. Combination Strategies in Multi-Atlas Image Segmentation:

Application to Brain MR Data

ABSTRACT:

It has been shown that employing multiple atlas images improves

segmentation accuracy in atlas-based medical image segmentation. Each atlas

image is registered to the target image independently and the calculated

transformation is applied to the segmentation of the atlas image to obtain a

segmented version of the target image. Several independent candidate

segmentations result from the process, which must be somehow combined into a

single final segmentation. Majority voting is the generally used rule to fuse the

segmentations, but more sophisticated methods have also been proposed. In this

paper, we show that the use of global weights to ponderate candidate

segmentations has a major limitation. As a means to improve segmentation

accuracy, we propose the generalized local weighting voting method. Namely, the

fusion weights adapt voxel-by-voxel according to a local estimation of

segmentation performance. Using digital phantoms and MR images of the human

brain, we demonstrate that the performance of each combination technique

depends on the gray level contrast characteristics of the segmented region, and that

no fusion method yields better results than the others for all the regions. In

particular, we show that local combination strategies outperform global methods in

segmenting high-contrast structures, while global techniques are less sensitive to

noise when contrast between neighboring structures is low. We conclude that, in


4



order to achieve the highest overall segmentation accuracy, the best combination

method for each particular structure must be selected.

4. Splat Feature Classification With Application to Retinal Hemorrhage

Detection in Fundus Images

ABSTRACT:

A novel splat feature classification method is presented with application to

retinal hemorrhage detection in fundus images. Reliable detection of retinal

hemorrhages is important in the development of automated screening systems

which can be translated into practice. Under our supervised approach, retinal color

images are partitioned into nonoverlapping segments covering the entire image.

Each segment, i.e., splat, contains pixels with similar color and spatial location. A

set of features is extracted from each splat to describe its characteristics relative to

its surroundings, employing responses from a variety of filter bank, interactions

with neighboring splats, and shape and texture information. An optimal subset of

splat features is selected by a filter approach followed by a wrapper approach. A

classifier is trained with splat-based expert annotations and evaluated on the

publicly available Messidor dataset. An area under the receiver operating

characteristic curve of 0.96 is achieved at the splat level and 0.87 at the image

level. While we are focused on retinal hemorrhage detection, our approach has

potential to be applied to other object detection tasks.


5



CLOUD COMPUTING

1. Dynamic Audit Services for Outsourced Storages in Clouds

ABSTRACT:

In this paper, we propose a dynamic audit service for verifying the integrity

of an untrusted and outsourced storage. Our audit service is constructed based on

the techniques, fragment structure, random sampling, and index-hash table,

supporting provable updates to outsourced data and timely anomaly detection. In

addition, we propose a method based on probabilistic query and periodic

verification for improving the performance of audit services. Our experimental

results not only validate the effectiveness of our approaches, but also show our

audit system verifies the integrity with lower computation overhead and requiring

less extra storage for audit metadata.

2. Toward Ubiquitous Healthcare Services With a Novel Efficient Cloud

Platform

ABSTRACT:

Ubiquitous healthcare services are becoming more and more popular,

especially under the urgent demand of the global aging issue. Cloud computing

owns the pervasive and on-demand service-oriented natures, which can fit the

characteristics of healthcare services very well. However, the abilities in dealing

with multimodal, heterogeneous, and nonstationary physiological signals to

provide persistent personalized services, meanwhile keeping high concurrent

online analysis for public, are challenges to the general cloud. In this paper, we


6



proposed a private cloud platform architecture which includes six layers according

to the specific requirements. This platform utilizes message queue as a cloud

engine, and each layer thereby achieves relative independence by this loosely

coupled means of communications with publish/subscribe mechanism.

Furthermore, a plug-in algorithm framework is also presented, and massive

semistructure or unstructured medical data are accessed adaptively by this cloud

architecture. As the testing results showing, this proposed cloud platform, with

robust, stable, and efficient features, can satisfy high concurrent requests from

ubiquitous healthcare services.

3. Mona: Secure Multi-Owner Data Sharing for Dynamic Groups in the

Cloud

ABSTRACT:

With the character of low maintenance, cloud computing provides an

economical and efficient solution for sharing group resource among cloud users.

Unfortunately, sharing data in a multi-owner manner while preserving data and

identity privacy from an untrusted cloud is still a challenging issue, due to the

frequent change of the membership. In this paper, we propose a secure multi-

owner data sharing scheme, named Mona, for dynamic groups in the cloud. By

leveraging group signature and dynamic broadcast encryption techniques, any

cloud user can anonymously share data with others. Meanwhile, the storage

overhead and encryption computation cost of our scheme are independent with the

number of revoked users. In addition, we analyze the security of our scheme with

rigorous proofs, and demonstrate the efficiency of our scheme in experiments.


7



4. Privacy-Preserving Public Auditing for Secure Cloud Storage

ABSTRACT:

Using cloud storage, users can remotely store their data and enjoy the on-

demand high-quality applications and services from a shared pool of configurable

computing resources, without the burden of local data storage and maintenance.

However, the fact that users no longer have physical possession of the outsourced

data makes the data integrity protection in cloud computing a formidable task,

especially for users with constrained computing resources. Moreover, users should

be able to just use the cloud storage as if it is local, without worrying about the

need to verify its integrity. Thus, enabling public auditability for cloud storage is of

critical importance so that users can resort to a third-party auditor (TPA) to check

the integrity of outsourced data and be worry free. To securely introduce an

effective TPA, the auditing process should bring in no new vulnerabilities toward

user data privacy, and introduce no additional online burden to user. In this paper,

we propose a secure cloud storage system supporting privacy-preserving public

auditing. We further extend our result to enable the TPA to perform audits for

multiple users simultaneously and efficiently. Extensive security and performance

analysis show the proposed schemes are provably secure and highly efficient. Our

preliminary experiment conducted on Amazon EC2 instance further demonstrates

the fast performance of the design.


8



5. Harnessing the Cloud for Securely Outsourcing Large-Scale Systems of

Linear Equations

ABSTRACT:

Cloud computing economically enables customers with limited

computational resources to outsource large-scale computations to the cloud.

However, how to protect customers' confidential data involved in the computations

then becomes a major security concern. In this paper, we present a secure

outsourcing mechanism for solving large-scale systems of linear equations (LE) in

cloud. Because applying traditional approaches like Gaussian elimination or LU

decomposition (aka. direct method) to such large-scale LEs would be prohibitively

expensive, we build the secure LE outsourcing mechanism via a completely

different approach-iterative method, which is much easier to implement in practice

and only demands relatively simpler matrix-vector operations. Specifically, our

mechanism enables a customer to securely harness the cloud for iteratively finding

successive approximations to the LE solution, while keeping both the sensitive

input and output of the computation private. For robust cheating detection, we

further explore the algebraic property of matrix-vector operations and propose an

efficient result verification mechanism, which allows the customer to verify all

answers received from previous iterative approximations in one batch with high

probability. Thorough security analysis and prototype experiments on Amazon

EC2 demonstrate the validity and practicality of our proposed design.


9



6. A Decentralized Self-Adaptation Mechanism for Service-Based

Applications in the Cloud

ABSTRACT:

Cloud computing, with its promise of (almost) unlimited computation,

storage, and bandwidth, is increasingly becoming the infrastructure of choice for

many organizations. As cloud offerings mature, service-based applications need to

dynamically recompose themselves to self-adapt to changing QoS requirements. In

this paper, we present a decentralized mechanism for such self-adaptation, using

market-based heuristics. We use a continuous double-auction to allow applications

to decide which services to choose, among the many on offer. We view an

application as a multi-agent system and the cloud as a marketplace where many

such applications self-adapt. We show through a simulation study that our

mechanism is effective for the individual application as well as from the collective

perspective of all applications adapting at the same time.

7. A Privacy Leakage Upper Bound Constraint-Based Approach for Cost-

Effective Privacy Preserving of Intermediate Data Sets in Cloud

ABSTRACT:

Cloud computing provides massive computation power and storage capacity

which enable users to deploy computation and data-intensive applications without

infrastructure investment. Along the processing of such applications, a large


10



volume of intermediate data sets will be generated, and often stored to save the

cost of recomputing them. However, preserving the privacy of intermediate data

sets becomes a challenging problem because adversaries may recover privacy-

sensitive information by analyzing multiple intermediate data sets. Encrypting

ALL data sets in cloud is widely adopted in existing approaches to address this

challenge. But we argue that encrypting all intermediate data sets are neither

efficient nor cost-effective because it is very time consuming and costly for data-

intensive applications to en/decrypt data sets frequently while performing any

operation on them. In this paper, we propose a novel upper bound privacy leakage

constraint-based approach to identify which intermediate data sets need to be

encrypted and which do not, so that privacy-preserving cost can be saved while the

privacy requirements of data holders can still be satisfied. Evaluation results

demonstrate that the privacy-preserving cost of intermediate data sets can be

significantly reduced with our approach over existing ones where all data sets are

encrypted.

8. Toward Secure Multikeyword Top-k Retrieval over Encrypted Cloud

Data

ABSTRACT:

Cloud computing has emerging as a promising pattern for data outsourcing

and high-quality data services. However, concerns of sensitive information on

cloud potentially causes privacy problems. Data encryption protects data security

to some extent, but at the cost of compromised efficiency. Searchable symmetric

encryption (SSE) allows retrieval of encrypted data over cloud. In this paper, we


11



focus on addressing data privacy issues using SSE. For the first time, we formulate

the privacy issue from the aspect of similarity relevance and scheme robustness.

We observe that server-side ranking based on order-preserving encryption (OPE)

inevitably leaks data privacy. To eliminate the leakage, we propose a two-round

searchable encryption (TRSE) scheme that supports top-$(k)$ multikeyword

retrieval. In TRSE, we employ a vector space model and homomorphic encryption.

The vector space model helps to provide sufficient search accuracy, and the

homomorphic encryption enables users to involve in the ranking while the majority

of computing work is done on the server side by operations only on ciphertext. As

a result, information leakage can be eliminated and data security is ensured.

Thorough security and performance analysis show that the proposed scheme

guarantees high security and practical efficiency.

9. On Data Staging Algorithms for Shared Data Accesses in Clouds

ABSTRACT:

In this paper, we study the strategies for efficiently achieving data staging

and caching on a set of vantage sites in a cloud system with a minimum cost.

Unlike the traditional research, we do not intend to identify the access patterns to

facilitate the future requests. Instead, with such a kind of information presumably

known in advance, our goal is to efficiently stage the shared data items to

predetermined sites at advocated time instants to align with the patterns while

minimizing the monetary costs for caching and transmitting the requested data

items. To this end, we follow the cost and network models in [1] and extend the

analysis to multiple data items, each with single or multiple copies. Our results


12



show that under homogeneous cost model, when the ratio of transmission cost and

caching cost is low, a single copy of each data item can efficiently serve all the

user requests. While in multicopy situation, we also consider the tradeoff between

the transmission cost and caching cost by controlling the upper bounds of

transmissions and copies. The upper bound can be given either on per-item basis or

on all-item basis. We present efficient optimal solutions based on dynamic

programming techniques to all these cases provided that the upper bound is

polynomially bounded by the number of service requests and the number of

distinct data items. In addition to the homogeneous cost model, we also briefly

discuss this problem under a heterogeneous cost model with some simple yet

practical restrictions and present a 2-approximation algorithm to the general case.

We validate our findings by implementing a data staging solver, whereby

conducting extensive simulation studies on the behaviors of the algorithms.

10. Scalable and Secure Sharing of Personal Health Records in Cloud

Computing Using Attribute-Based Encryption

ABSTRACT:

Personal health record (PHR) is an emerging patient-centric model of health

information exchange, which is often outsourced to be stored at a third party, such

as cloud providers. However, there have been wide privacy concerns as personal

health information could be exposed to those third party servers and to

unauthorized parties. To assure the patients' control over access to their own PHRs,

it is a promising method to encrypt the PHRs before outsourcing. Yet, issues such

as risks of privacy exposure, scalability in key management, flexible access, and


13



efficient user revocation, have remained the most important challenges toward

achieving fine-grained, cryptographically enforced data access control. In this

paper, we propose a novel patient-centric framework and a suite of mechanisms for

data access control to PHRs stored in semitrusted servers. To achieve fine-grained

and scalable data access control for PHRs, we leverage attribute-based encryption

(ABE) techniques to encrypt each patient's PHR file. Different from previous

works in secure data outsourcing, we focus on the multiple data owner scenario,

and divide the users in the PHR system into multiple security domains that greatly

reduces the key management complexity for owners and users. A high degree of

patient privacy is guaranteed simultaneously by exploiting multiauthority ABE.

Our scheme also enables dynamic modification of access policies or file attributes,

supports efficient on-demand user/attribute revocation and break-glass access

under emergency scenarios. Extensive analytical and experimental results are

presented which show the security, scalability, and efficiency of our proposed

scheme.


14



DATA MINING

1. A Survival Modeling Approach to Biomedical Search Result

Diversification Using Wikipedia

ABSTRACT:

In this paper, we propose a survival modeling approach to promoting

ranking diversity for biomedical information retrieval. The proposed approach

concerns with finding relevant documents that can deliver more different aspects of

a query. First, two probabilistic models derived from the survival analysis theory

are proposed for measuring aspect novelty. Second, a new method using Wikipedia

to detect aspects covered by retrieved documents is presented. Third, an aspect

filter based on a two-stage model is introduced. It ranks the detected aspects in

decreasing order of the probability that an aspect is generated by the query. Finally,

the relevance and the novelty of retrieved documents are combined at the aspect

level for reranking. Experiments conducted on the TREC 2006 and 2007 Genomics

collections demonstrate the effectiveness of the proposed approach in promoting

ranking diversity for biomedical information retrieval. Moreover, we further

evaluate our approach in the Web retrieval environment. The evaluation results on

the ClueWeb09-T09B collection show that our approach can achieve promising

performance improvements.


15



2. AML: Efficient Approximate Membership Localization within a Web-

Based Join Framework

ABSTRACT:

In this paper, we propose a new type of Dictionary-based Entity Recognition

Problem, named Approximate Membership Localization (AML). The popular

Approximate Membership Extraction (AME) provides a full coverage to the true

matched substrings from a given document, but many redundancies cause a low

efficiency of the AME process and deteriorate the performance of real-world

applications using the extracted substrings. The AML problem targets at locating

nonoverlapped substrings which is a better approximation to the true matched

substrings without generating overlapped redundancies. In order to perform AML

efficiently, we propose the optimized algorithm P-Prune that prunes a large part of

overlapped redundant matched substrings before generating them. Our study using

several real-word data sets demonstrates the efficiency of P-Prune over a baseline

method. We also study the AML in application to a proposed web-based join

framework scenario which is a search-based approach joining two tables using

dictionary-based entity recognition from web documents. The results not only

prove the advantage of AML over AME, but also demonstrate the effectiveness of

our search-based approach.


16



3. Supporting Flexible, Efficient, and User-Interpretable Retrieval of

Similar Time Series

ABSTRACT:

Supporting decision making in domains in which the observed phenomenon

dynamics have to be dealt with, can greatly benefit of retrieval of past cases,

provided that proper representation and retrieval techniques are implemented. In

particular, when the parameters of interest take the form of time series,

dimensionality reduction and flexible retrieval have to be addresses to this end.

Classical methodological solutions proposed to cope with these issues, typically

based on mathematical transforms, are characterized by strong limitations, such as

a difficult interpretation of retrieval results for end users, reduced flexibility and

interactivity, or inefficiency. In this paper, we describe a novel framework, in

which time-series features are summarized by means of Temporal Abstractions,

and then retrieved resorting to abstraction similarity. Our approach grants for

interpretability of the output results, and understandability of the (user-guided)

retrieval process. In particular, multilevel abstraction mechanisms and proper

indexing techniques are provided, for flexible query issuing, and efficient and

interactive query answering. Experimental results have shown the efficiency of our

approach in a scalability test, and its superiority with respect to the use of a

classical mathematical technique in flexibility, user friendliness, and also quality of

results.


17



4. A Context-Based Word Indexing Model for Document Summarization

ABSTRACT:

Existing models for document summarization mostly use the similarity

between sentences in the document to extract the most salient sentences. The

documents as well as the sentences are indexed using traditional term indexing

measures, which do not take the context into consideration. Therefore, the sentence

similarity values remain independent of the context. In this paper, we propose a

context sensitive document indexing model based on the Bernoulli model of

randomness. The Bernoulli model of randomness has been used to find the

probability of the cooccurrences of two terms in a large corpus. A new approach

using the lexical association between terms to give a context sensitive weight to the

document terms has been proposed. The resulting indexing weights are used to

compute the sentence similarity matrix. The proposed sentence similarity measure

has been used with the baseline graph-based ranking models for sentence

extraction. Experiments have been conducted over the benchmark DUC data sets

and it has been shown that the proposed Bernoulli-based sentence similarity model

provides consistent improvements over the baseline IntraLink and UniformLink

methods.

5. Preventing Private Information Inference Attacks on Social Networks

ABSTRACT:

Online social networks, such as Facebook, are increasingly utilized by many

people. These networks allow users to publish details about themselves and to


18



connect to their friends. Some of the information revealed inside these networks is

meant to be private. Yet it is possible to use learning algorithms on released data to

predict private information. In this paper, we explore how to launch inference

attacks using released social networking data to predict private information. We

then devise three possible sanitization techniques that could be used in various

situations. Then, we explore the effectiveness of these techniques and attempt to

use methods of collective inference to discover sensitive attributes of the data set.

We show that we can decrease the effectiveness of both local and relational

classification algorithms by using the sanitization methods we described.

6. A Novel Profit Maximizing Metric for Measuring Classification

Performance of Customer Churn Prediction Models

ABSTRACT:

The interest for data mining techniques has increased tremendously during

the past decades, and numerous classification techniques have been applied in a

wide range of business applications. Hence, the need for adequate performance

measures has become more important than ever. In this paper, a cost-benefit

analysis framework is formalized in order to define performance measures which

are aligned with the main objectives of the end users, i.e., profit maximization. A

new performance measure is defined, the expected maximum profit criterion. This

general framework is then applied to the customer churn problem with its

particular cost-benefit structure. The advantage of this approach is that it assists

companies with selecting the classifier which maximizes the profit. Moreover, it


19



aids with the practical implementation in the sense that it provides guidance about

the fraction of the customer base to be included in the retention campaign.

7. Achieving Data Privacy through Secrecy Views and Null-Based Virtual

Updates

ABSTRACT:

We may want to keep sensitive information in a relational database hidden

from a user or group thereof. We characterize sensitive data as the extensions of

secrecy views. The database, before returning the answers to a query posed by a

restricted user, is updated to make the secrecy views empty or a single tuple with

null values. Then, a query about any of those views returns no meaningful

information. Since the database is not supposed to be physically changed for this

purpose, the updates are only virtual, and also minimal. Minimality makes sure that

query answers, while being privacy preserving, are also maximally informative.

The virtual updates are based on null values as used in the SQL standard. We

provide the semantics of secrecy views, virtual updates, and secret answers (SAs)

to queries. The different instances resulting from the virtually updates are specified

as the models of a logic program with stable model semantics, which becomes the

basis for computation of the SAs.


20



8. Single-Database Private Information Retrieval from Fully

Homomorphic Encryption

ABSTRACT:

Private Information Retrieval (PIR) allows a user to retrieve the $(i)$th bit

of an $(n)$-bit database without revealing to the database server the value of $(i)$.

In this paper, we present a PIR protocol with the communication complexity of

$(O(gamma log n))$ bits, where $(gamma)$ is the ciphertext size. Furthermore, we

extend the PIR protocol to a private block retrieval (PBR) protocol, a natural and

more practical extension of PIR in which the user retrieves a block of bits, instead

of retrieving single bit. Our protocols are built on the state-of-the-art fully

homomorphic encryption (FHE) techniques and provide privacy for the user if the

underlying FHE scheme is semantically secure. The total communication

complexity of our PBR is $(O(gamma log m+gamma n/m))$ bits, where $(m)$ is

the number of blocks. The total computation complexity of our PBR is $(O(mlog

m))$ modular multiplications plus $(O(n/2))$ modular additions. In terms of total

protocol execution time, our PBR protocol is more efficient than existing PBR

protocols which usually require to compute $(O(n/2))$ modular multiplications

when the size of a block in the database is large and a high-speed network is

available.


21



IMAGE PROCESSING

1. Action Recognition From Video Using Feature Covariance Matrices

ABSTRACT:

We propose a general framework for fast and accurate recognition of actions

in video using empirical covariance matrices of features. A dense set of spatio-

temporal feature vectors are computed from video to provide a localized

description of the action, and subsequently aggregated in an empirical covariance

matrix to compactly represent the action. Two supervised learning methods for

action recognition are developed using feature covariance matrices. Common to

both methods is the transformation of the classification problem in the closed

convex cone of covariance matrices into an equivalent problem in the vector space

of symmetric matrices via the matrix logarithm. The first method applies nearest-

neighbor classification using a suitable Riemannian metric for covariance matrices.

The second method approximates the logarithm of a query covariance matrix by a

sparse linear combination of the logarithms of training covariance matrices. The

action label is then determined from the sparse coefficients. Both methods achieve

state-of-the-art classification performance on several datasets, and are robust to

action variability, viewpoint changes, and low object resolution. The proposed

framework is conceptually simple and has low storage and computational

requirements making it attractive for real-time implementation.


22



2. Locally Optimal Detection of Image Watermarks in the Wavelet

Domain Using Bessel K Form Distribution

ABSTRACT:

A uniformly most powerful watermark detector, which applies the Bessel K

form (BKF) probability density function to model the noise distribution was

proposed by Bian and Liang. In this paper, we derive a locally optimum (LO)

detector using the same noise model. Since the literature lacks thorough discussion

on the performance of the BKF-LO nonlinearities, the performance of the proposed

detector is discussed in detail. First, we prove that the test statistic of the proposed

detector is asymptotically Gaussian and evaluate the actual performance of the

proposed detector using the receiver operating characteristic (ROC). Then, the

large sample performance of the proposed detector is evaluated using asymptotic

relative efficiency (ARE) and “maximum ARE.” The experimental results show

that the proposed detector has a good performance with or without attacks in terms

of its ROC curves, particularly when the watermark is weak. Therefore, the

proposed method is suitable for wavelet domain watermark detection, particularly

when the watermark is weak.

3. Analysis Operator Learning and its Application to Image

Reconstruction

ABSTRACT:

Exploiting a priori known structural information lies at the core of many

image reconstruction methods that can be stated as inverse problems. The synthesis


23



model, which assumes that images can be decomposed into a linear combination of

very few atoms of some dictionary, is now a well established tool for the design of

image reconstruction algorithms. An interesting alternative is the analysis model,

where the signal is multiplied by an analysis operator and the outcome is assumed

to be sparse. This approach has only recently gained increasing interest. The

quality of reconstruction methods based on an analysis model severely depends on

the right choice of the suitable operator. In this paper, we present an algorithm for

learning an analysis operator from training images. Our method is based on lp-

norm minimization on the set of full rank matrices with normalized columns. We

carefully introduce the employed conjugate gradient method on manifolds, and

explain the underlying geometry of the constraints. Moreover, we compare our

approach to state-of-the-art methods for image denoising, inpainting, and single

image super-resolution. Our numerical results show competitive performance of

our general approach in all presented applications compared to the specialized

state-of-the-art techniques.

4. Novel True-Motion Estimation Algorithm and Its Application to

Motion-Compensated Temporal Frame Interpolation

ABSTRACT:

In this paper, a new low-complexity true-motion estimation (TME)

algorithm is proposed for video processing applications, such as motion-

compensated temporal frame interpolation (MCTFI) or motion-compensated frame

rate up-conversion (MCFRUC). Regular motion estimation, which is often used in

video coding, aims to find the motion vectors (MVs) to reduce the temporal


24



redundancy, whereas TME aims to track the projected object motion as closely as

possible. TME is obtained by imposing implicit and/or explicit smoothness

constraints on the block-matching algorithm. To produce better quality-

interpolated frames, the dense motion field at interpolation time is obtained for

both forward and backward MVs; then, bidirectional motion compensation using

forward and backward MVs is applied by mixing both elegantly. Finally, the

performance of the proposed algorithm for MCTFI is demonstrated against

recently proposed methods and smoothness constraint optical flow employed by a

professional video production suite. Experimental results show that the quality of

the interpolated frames using the proposed method is better when compared with

the MCFRUC techniques.

5. ViBe: A Universal Background Subtraction Algorithm for Video

Sequences

ABSTRACT:

This paper presents a technique for motion detection that incorporates

several innovative mechanisms. For example, our proposed technique stores, for

each pixel, a set of values taken in the past at the same location or in the

neighborhood. It then compares this set to the current pixel value in order to

determine whether that pixel belongs to the background, and adapts the model by

choosing randomly which values to substitute from the background model. This

approach differs from those based upon the classical belief that the oldest values

should be replaced first. Finally, when the pixel is found to be part of the

background, its value is propagated into the background model of a neighboring


25



pixel. We describe our method in full details (including pseudo-code and the

parameter values used) and compare it to other background subtraction techniques.

Efficiency figures show that our method outperforms recent and proven state-of-

the-art methods in terms of both computation speed and detection rate. We also

analyze the performance of a downscaled version of our algorithm to the absolute

minimum of one comparison and one byte of memory per pixel. It appears that

even such a simplified version of our algorithm performs better than mainstream

techniques.

6. A New Fast Encoding Algorithm Based on an Efficient Motion

Estimation Process for the Scalable Video Coding Standard

ABSTRACT:

In this paper, a new fast encoding algorithm based on an efficient motion

estimation (ME) process is proposed to accelerate the encoding speed of the

scalable video coding standard. Through analysis of the ME process performed in

the enhancement layer, we discovered that there are redundant MEs and some MEs

can simply be unified at the fully overlapped search range (FOSR). In order to

make the unified ME more efficient, we theoretically derive a skip criterion to

determine whether the computation of rate-distortion cost can be omitted. In the

proposed algorithm, the unnecessary MEs are removed and a unified ME with the

skip criterion is applied in the FOSR. Simulation results show that the proposed

algorithm achieves computational savings of approximately 46% without coding

performance degradation when compared with the original SVC encoder.


26



MOBILE COMPUTING

1. Discovery and Verification of Neighbor Positions in Mobile Ad Hoc

Networks

ABSTRACT:

A growing number of ad hoc networking protocols and location-aware

services require that mobile nodes learn the position of their neighbors. However,

such a process can be easily abused or disrupted by adversarial nodes. In absence

of a priori trusted nodes, the discovery and verification of neighbor positions

presents challenges that have been scarcely investigated in the literature. In this

paper, we address this open issue by proposing a fully distributed cooperative

solution that is robust against independent and colluding adversaries, and can be

impaired only by an overwhelming presence of adversaries. Results show that our

protocol can thwart more than 99 percent of the attacks under the best possible

conditions for the adversaries, with minimal false positive rates.

2. Understanding the Scheduling Performance in Wireless Networks with

Successive Interference Cancellation

ABSTRACT:

Successive interference cancellation (SIC) is an effective way of multipacket

reception to combat interference in wireless networks. We focus on link scheduling

in wireless networks with SIC, and propose a layered protocol model and a layered

physical model to characterize the impact of SIC. In both the interference models,

we show that several existing scheduling schemes achieve the same order of


27



approximation ratios, independent of whether or not SIC is available. Moreover,

the capacity order in a network with SIC is the same as that without SIC. We then

examine the impact of SIC from first principles. In both chain and cell topologies,

SIC does improve the throughput with a gain between 20 and 100 percent.

However, unless SIC is properly characterized, any scheduling scheme cannot

effectively utilize the new transmission opportunities. The results indicate the

challenge of designing an SIC-aware scheduling scheme, and suggest that the

approximation ratio is insufficient to measure the scheduling performance when

SIC is available.

3. Evaluating Implementation Strategies for Location-Based Multicast

Addressing

ABSTRACT:

Location-based multicast addressing (LMA) yields an important building

block for context-aware applications in mobile ad hoc networks (MANETs). In

LMA, messages are routed based on their content as well as on the location of the

sending and the receiving nodes. The same dynamism that motivates locations as

part of the addressing mechanism for multicast applications in MANETs, makes

such a multicast challenging to implement both efficiently and reliably across

application scenarios. Different implementation strategies have been proposed in

literature for abstractions similar to LMA, motivated and validated by specific

applications. The goal of this paper is to devise specific implementation strategies

for LMA and compare these strategies in the context of several application

scenarios, in order to aid in the selection of a scheme for a given application. To


28



that end, we first detail three algorithms for implementing LMA. The first,

message-centric, strategy uses geographically scoped gossiping to propagate

messages. The second, query-centric, strategy propagates queries of receivers to

subsequently route messages. The third, hybrid, strategy strives for the best of both

worlds through a restricted multicasting of both messages and queries. We

compare these algorithms both analytically and empirically. We pinpoint

differences and break-even points among the approaches based on communication

patterns, contrasting our findings with common expectations and our analysis. Our

evaluations show that the hybrid approach invariably outperforms at least one of

the other approaches, making it a safe choice for settings with varying or unknown

communication patterns.

4. Secret Key Extraction from Wireless Signal Strength in Real

Environments

ABSTRACT:

We evaluate the effectiveness of secret key extraction, for private

communication between two wireless devices, from the received signal strength

(RSS) variations on the wireless channel between the two devices. We use real

world measurements of RSS in a variety of environments and settings. The results

from our experiments with 802.11-based laptops show that 1) in certain

environments, due to lack of variations in the wireless channel, the extracted bits

have very low entropy making these bits unsuitable for a secret key, 2) an

adversary can cause predictable key generation in these static environments, and 3)

in dynamic scenarios where the two devices are mobile, and/or where there is a


29



significant movement in the environment, high entropy bits are obtained fairly

quickly. Building on the strengths of existing secret key extraction approaches, we

develop an environment adaptive secret key generation scheme that uses an

adaptive lossy quantizer in conjunction with Cascade-based information

reconciliation and privacy amplification. Our measurements show that our scheme,

in comparison to the existing ones that we evaluate, performs the best in terms of

generating high entropy bits at a high bit rate. The secret key bit streams generated

by our scheme also pass the randomness tests of the NIST test suite that we

conduct. We also build and evaluate the performance of secret key extraction using

small, low-power, hand-held devices—Google Nexus One

phones—that are equipped 802.11 wireless network cards. Last, we

evaluate secret key extraction in a multiple input multiple output (MIMO)-like

sensor network testbed that we create using multiple TelosB sensor nodes. We find

that our MIMO-like sensor environment produces prohibitively high bit mismatch,

which we address using an iterative distillation stage that we add to the key

extraction process. Ultimately, we show that the secret key generation rate is

increased when multiple sensors are involved- in the key extraction process.


30



5. Probability-Based Prediction and Sleep Scheduling for Energy-Efficient

Target Tracking in Sensor Networks

ABSTRACT:

A surveillance system, which tracks mobile targets, is one of the most

important applications of wireless sensor networks. When nodes operate in a duty

cycling mode, tracking performance can be improved if the target motion can be

predicted and nodes along the trajectory can be proactively awakened. However,

this will negatively influence the energy efficiency and constrain the benefits of

duty cycling. In this paper, we present a Probability-based Prediction and Sleep

Scheduling protocol (PPSS) to improve energy efficiency of proactive wake up.

We start with designing a target prediction method based on both kinematics and

probability. Based on the prediction results, PPSS then precisely selects the nodes

to awaken and reduces their active time, so as to enhance energy efficiency with

limited tracking performance loss. We evaluated the efficiency of PPSS with both

simulation-based and implementation-based experiments. The experimental results

show that compared to MCTA algorithm, PPSS improves energy efficiency by 25-

45 percent (simulation based) and 16.9 percent (implementation based), only at the

expense of an increase of 5-15 percent on the detection delay (simulation based)

and 4.1 percent on the escape distance percentage (implementation based),

respectively.


31



6. Estimation of Task Persistence Parameters from Pervasive Medical

Systems with Censored Data

ABSTRACT:

This paper compares two statistical models of location within a smart flat

during the day. The location is then identified with a task executed normally or

repeated pathologically, e.g., in case of Alzheimer disease (AD), whereas a task

persistence parameter assesses tendency to perseverate. Compared with a Pólya's

urns derived approach, the Markovian one is more effective and offers up to 98

percent of good prediction using only the last known location but distinguishing

days of week. To extend these results to a multisensor context, some difficulties

must be overcome. An external knowledge is made from a set of observable

random variables provided by body sensors and organized either in a Bayesian

network or in a reference knowledge base system (KBS) containing the person's

actimetric profile. When data missed or errors occurred, an estimate of the joint

probabilities of these random variables and hence the probability of all events

appearing in the network or the KBS was developed and corrects the bias of the

Lancaster and Zentgraf classical approach which in certain circumstances provides

negative estimates. Finally, we introduce a correction corresponding to a possible

loss of the person's synchronization with the nycthemeral (day versus night)

zeitgebers (synchronizers) to avoid false alarms.


32



7. Target Tracking and Mobile Sensor Navigation in Wireless Sensor

Networks

ABSTRACT:

This work studies the problem of tracking signal-emitting mobile targets

using navigated mobile sensors based on signal reception. Since the mobile target's

maneuver is unknown, the mobile sensor controller utilizes the measurement

collected by a wireless sensor network in terms of the mobile target signal's time of

arrival (TOA). The mobile sensor controller acquires the TOA measurement

information from both the mobile target and the mobile sensor for estimating their

locations before directing the mobile sensor's movement to follow the target. We

propose a min-max approximation approach to estimate the location for tracking

which can be efficiently solved via semidefinite programming (SDP) relaxation,

and apply a cubic function for mobile sensor navigation. We estimate the location

of the mobile sensor and target jointly to improve the tracking accuracy. To further

improve the system performance, we propose a weighted tracking algorithm by

using the measurement information more efficiently. Our results demonstrate that

the proposed algorithm provides good tracking performance and can quickly direct

the mobile sensor to follow the mobile target.


33



8. Design and Analysis of Adaptive Receiver Transmission Protocols for

Receiver Blocking Problem in Wireless Ad Hoc Networks

ABSTRACT:

Due to the lack of a centralized coordinator for wireless resource allocation,

the design of medium access control (MAC) protocols is considered crucial for

throughput enhancement in the wireless ad hoc networks. The receiver blocking

problem, which has not been studied in most of the MAC protocol design, can lead

to severe degradation on the throughput performance. In this paper, the multiple

receiver transmission (MRT) and the fast NAV truncation (FNT) mechanisms are

proposed to alleviate the receiver blocking problem without the adoption of

additional control channels. The adaptive receiver transmission (ART) scheme is

proposed to further enhance the throughput performance with dynamic adjustment

of the selected receivers. Analytical model is also derived to validate the

effectiveness of the proposed ART protocol. Simulations are performed to evaluate

and compare the proposed three protocols with existing MAC schemes. It can be

observed that the proposed ART protocol outperforms the other schemes by both

alleviating the receiver blocking problem and enhancing the throughput

performance for the wireless multihop ad hoc networks.


34



NETWORK SECURITY

1. Location-Aware and Safer Cards: Enhancing RFID Security and

Privacy via Location Sensing

ABSTRACT:

In this paper, we report on a new approach for enhancing security and

privacy in certain RFID applications whereby location or location-related

information (such as speed) can serve as a legitimate access context. Examples of

these applications include access cards, toll cards, credit cards, and other payment

tokens. We show that location awareness can be used by both tags and back-end

servers for defending against unauthorized reading and relay attacks on RFID

systems. On the tag side, we design a location-aware selective unlocking

mechanism using which tags can selectively respond to reader interrogations rather

than doing so promiscuously. On the server side, we design a location-aware

secure transaction verification scheme that allows a bank server to decide whether

to approve or deny a payment transaction and detect a specific type of relay attack

involving malicious readers. The premise of our work is a current technological

advancement that can enable RFID tags with low-cost location (GPS) sensing

capabilities. Unlike prior research on this subject, our defenses do not rely on

auxiliary devices or require any explicit user involvement.


35



2. A System for Timely and Controlled Information Sharing in Emergency

Situations

ABSTRACT:

During natural disasters or emergency situations, an essential requirement

for an effective emergency management is the information sharing. In this paper,

we present an access control model to enforce controlled information sharing in

emergency situations. An in-depth analysis of the model is discussed throughout

the paper, and administration policies are introduced to enhance the model

flexibility during emergencies. Moreover, a prototype implementation and

experiments results are provided showing the efficiency and scalability of the

system.

3. On the Privacy Risks of Virtual Keyboards: Automatic Reconstruction

of Typed Input from Compromising Reflections

ABSTRACT:

We investigate the implications of the ubiquity of personal mobile devices

and reveal new techniques for compromising the privacy of users typing on virtual

keyboards. Specifically, we show that so-called compromising reflections (in, for

example, a victim's sunglasses) of a device's screen are sufficient to enable

automated reconstruction, from video, of text typed on a virtual keyboard. Through

the use of advanced computer vision and machine learning techniques, we are able

to operate under extremely realistic threat models, in real-world operating

conditions, which are far beyond the range of more traditional OCR-based attacks.


36



In particular, our system does not require expensive and bulky telescopic lenses:

rather, we make use of off-the-shelf, handheld video cameras. In addition, we

make no limiting assumptions about the motion of the phone or of the camera, nor

the typing style of the user, and are able to reconstruct accurate transcripts of

recorded input, even when using footage captured in challenging environments

(e.g., on a moving bus). To further underscore the extent of this threat, our system

is able to achieve accurate results even at very large distances-up to 61 m for direct

surveillance, and 12 m for sunglass reflections. We believe these results highlight

the importance of adjusting privacy expectations in response to emerging

technologies.

4. Secure Overlay Cloud Storage with Access Control and Assured

Deletion

ABSTRACT:

We can now outsource data backups off-site to third-party cloud storage

services so as to reduce data management costs. However, we must provide

security guarantees for the outsourced data, which is now maintained by third

parties. We design and implement FADE, a secure overlay cloud storage system

that achieves fine-grained, policy-based access control and file assured deletion. It

associates outsourced files with file access policies, and assuredly deletes files to

make them unrecoverable to anyone upon revocations of file access policies. To

achieve such security goals, FADE is built upon a set of cryptographic key

operations that are self-maintained by a quorum of key managers that are

independent of third-party clouds. In particular, FADE acts as an overlay system


37



that works seamlessly atop today's cloud storage services. We implement a proof-

of-concept prototype of FADE atop Amazon S3, one of today's cloud storage

services. We conduct extensive empirical studies, and demonstrate that FADE

provides security protection for outsourced data, while introducing only minimal

performance and monetary cost overhead. Our work provides insights of how to

incorporate value-added security features into today's cloud storage services.

5. Ensuring Distributed Accountability for Data Sharing in the Cloud

ABSTRACT:

Cloud computing enables highly scalable services to be easily consumed

over the Internet on an as-needed basis. A major feature of the cloud services is

that users' data are usually processed remotely in unknown machines that users do

not own or operate. While enjoying the convenience brought by this new emerging

technology, users' fears of losing control of their own data (particularly, financial

and health data) can become a significant barrier to the wide adoption of cloud

services. To address this problem, in this paper, we propose a novel highly

decentralized information accountability framework to keep track of the actual

usage of the users' data in the cloud. In particular, we propose an object-centered

approach that enables enclosing our logging mechanism together with users' data

and policies. We leverage the JAR programmable capabilities to both create a

dynamic and traveling object, and to ensure that any access to users' data will

trigger authentication and automated logging local to the JARs. To strengthen

user's control, we also provide distributed auditing mechanisms. We provide


38



extensive experimental studies that demonstrate the efficiency and effectiveness of

the proposed approaches.

6. Nymble: Blocking Misbehaving Users in Anonymizing Networks

ABSTRACT:

Anonymizing networks such as Tor allow users to access Internet services

privately by using a series of routers to hide the client's IP address from the server.

The success of such networks, however, has been limited by users employing this

anonymity for abusive purposes such as defacing popular Web sites. Web site

administrators routinely rely on IP-address blocking for disabling access to

misbehaving users, but blocking IP addresses is not practical if the abuser routes

through an anonymizing network. As a result, administrators block all known exit

nodes of anonymizing networks, denying anonymous access to misbehaving and

behaving users alike. To address this problem, we present Nymble, a system in

which servers can “blacklist” misbehaving users, thereby blocking users without

compromising their anonymity. Our system is thus agnostic to different servers'

definitions of misbehavior-servers can blacklist users for whatever reason, and the

privacy of blacklisted users is maintained.


39



7. Toward Secure Multikeyword Top-k Retrieval over Encrypted Cloud

Data

ABSTRACT:

Cloud computing has emerging as a promising pattern for data outsourcing

and high-quality data services. However, concerns of sensitive information on

cloud potentially causes privacy problems. Data encryption protects data security

to some extent, but at the cost of compromised efficiency. Searchable symmetric

encryption (SSE) allows retrieval of encrypted data over cloud. In this paper, we

focus on addressing data privacy issues using SSE. For the first time, we formulate

the privacy issue from the aspect of similarity relevance and scheme robustness.

We observe that server-side ranking based on order-preserving encryption (OPE)

inevitably leaks data privacy. To eliminate the leakage, we propose a two-round

searchable encryption (TRSE) scheme that supports top-$(k)$ multikeyword

retrieval. In TRSE, we employ a vector space model and homomorphic encryption.

The vector space model helps to provide sufficient search accuracy, and the

homomorphic encryption enables users to involve in the ranking while the majority

of computing work is done on the server side by operations only on ciphertext. As

a result, information leakage can be eliminated and data security is ensured.

Thorough security and performance analysis show that the proposed scheme

guarantees high security and practical efficiency.


40



NETWORKING

1. An Effective Network Traffic Classification Method with Unknown

Flow Detection

ABSTRACT:

Traffic classification technique is an essential tool for network and system

security in the complex environments such as cloud computing based environment.

The state-of-the-art traffic classification methods aim to take the advantages of

flow statistical features and machine learning techniques, however the

classification performance is severely affected by limited supervised information

and unknown applications. To achieve effective network traffic classification, we

propose a new method to tackle the problem of unknown applications in the crucial

situation of a small supervised training set. The proposed method possesses the

superior capability of detecting unknown flows generated by unknown applications

and utilizing the correlation information among real-world network traffic to boost

the classification performance. A theoretical analysis is provided to confirm

performance benefit of the proposed method. Moreover, the comprehensive

performance evaluation conducted on two real-world network traffic datasets

shows that the proposed scheme outperforms the existing methods in the critical

network environment.

2. A Formal Data-Centric Approach for Passive Testing of

Communication Protocols

ABSTRACT:

There is currently a high level of consciousness of the importance and

impact of formally testing communicating networks. By applying formal

description techniques and formal testing approaches, we are able to validate the

conformance of implementations to the requirements of communication protocols.

In this context, passive testing techniques are used whenever the system under test

cannot be interrupted or access to its interfaces is unavailable. Under such


41



conditions, communication traces are extracted from points of observation and

compared to the expected behavior formally specified as properties. Since most

works on the subject come from a formal model context, they are optimized for

testing the control part of the communication with a secondary focus on the data

parts. In the current work, we provide a data-centric approach for black-box testing

of network protocols. A formalism is provided to express complex properties in a

bottom-up fashion starting from expected data relations in messages. A novel

algorithm is provided for evaluation of properties in protocol traces. Experimental

results on Session Initiation Protocol (SIP) traces for IP Multimedia Subsystem

(IMS) services are provided.

3. A Distributed Control Law for Load Balancing in Content Delivery

Networks

ABSTRACT:

In this paper, we face the challenging issue of defining and implementing an

effective law for load balancing in Content Delivery Networks (CDNs). We base

our proposal on a formal study of a CDN system, carried out through the

exploitation of a fluid flow model characterization of the network of servers.

Starting from such characterization, we derive and prove a lemma about the

network queues equilibrium. This result is then leveraged in order to devise a novel

distributed and time-continuous algorithm for load balancing, which is also

reformulated in a time-discrete version. The discrete formulation of the proposed

balancing law is eventually discussed in terms of its actual implementation in a

real-world scenario. Finally, the overall approach is validated by means of

simulations.


42



4. Combined Optimal Control of Activation and Transmission in Delay-

Tolerant Networks

ABSTRACT:

Performance of a delay-tolerant network has strong dependence on the nodes

participating in data transportation. Such networks often face several resource

constraints especially related to energy. Energy is consumed not only in data

transmission, but also in listening and in several signaling activities. On one hand

these activities enhance the system's performance while on the other hand, they

consume a significant amount of energy even when they do not involve actual node

transmission. Accordingly, in order to use energy efficiently, one may have to limit

not only the amount of transmissions, but also the amount of nodes that are active

at each time. Therefore, we study two coupled problems: 1) the activation problem

that determines when a mobile will turn on in order to receive packets; and 2) the

problem of regulating the beaconing. We derive optimal energy management

strategies by formulating the problem as an optimal control one, which we then

explicitly solve. We also validate our findings through extensive simulations that

are based on contact traces.

5. Quantifying and Verifying Reachability for Access Controlled Networks

ABSTRACT:

Quantifying and querying network reachability is important for security

monitoring and auditing as well as many aspects of network management such as

troubleshooting, maintenance, and design. Although attempts to model network

reachability have been made, feasible solutions to computing network reachability

have remained unknown. In this paper, we propose a suite of algorithms for

quantifying reachability based on network configurations [mainly Access Control

Lists (ACLs)] as well as solutions for querying network reachability. We present a

network reachability model that considers connectionless and connection-oriented


43



transport protocols, stateless and stateful routers/firewalls, static and dynamic

NAT, PAT, IP tunneling, etc. We implemented the algorithms in our network

reachability tool called Quarnet and conducted experiments on a university

network. Experimental results show that the offline computation of reachability

matrices takes a few hours, and the online processing of a reachability query takes

0.075 s on average.

6. Fast Transmission to Remote Cooperative Groups: A New Key

Management Paradigm

ABSTRACT:

The problem of efficiently and securely broadcasting to a remote

cooperative group occurs in many newly emerging networks. A major challenge in

devising such systems is to overcome the obstacles of the potentially limited

communication from the group to the sender, the unavailability of a fully trusted

key generation center, and the dynamics of the sender. The existing key

management paradigms cannot deal with these challenges effectively. In this

paper, we circumvent these obstacles and close this gap by proposing a novel key

management paradigm. The new paradigm is a hybrid of traditional broadcast

encryption and group key agreement. In such a system, each member maintains a

single public/secret key pair. Upon seeing the public keys of the members, a

remote sender can securely broadcast to any intended subgroup chosen in an ad

hoc way. Following this model, we instantiate a scheme that is proven secure in the

standard model. Even if all the nonintended members collude, they cannot extract

any useful information from the transmitted messages. After the public group

encryption key is extracted, both the computation overhead and the communication

cost are independent of the group size. Furthermore, our scheme facilitates simple

yet efficient member deletion/addition and flexible rekeying strategies. Its strong

security against collusion, its constant overhead, and its implementation

friendliness without relying on a fully trusted authority render our protocol a very

promising solution to many applications.


44



7. Cross-Domain Privacy-Preserving Cooperative Firewall Optimization

ABSTRACT:

Firewalls have been widely deployed on the Internet for securing private

networks. A firewall checks each incoming or outgoing packet to decide whether

to accept or discard the packet based on its policy. Optimizing firewall policies is

crucial for improving network performance. Prior work on firewall optimization

focuses on either intrafirewall or interfirewall optimization within one

administrative domain where the privacy of firewall policies is not a concern. This

paper explores interfirewall optimization across administrative domains for the

first time. The key technical challenge is that firewall policies cannot be shared

across domains because a firewall policy contains confidential information and

even potential security holes, which can be exploited by attackers. In this paper, we

propose the first cross-domain privacy-preserving cooperative firewall policy

optimization protocol. Specifically, for any two adjacent firewalls belonging to two

different administrative domains, our protocol can identify in each firewall the

rules that can be removed because of the other firewall. The optimization process

involves cooperative computation between the two firewalls without any party

disclosing its policy to the other. We implemented our protocol and conducted

extensive experiments. The results on real firewall policies show that our protocol

can remove as many as 49% of the rules in a firewall, whereas the average is

19.4%. The communication cost is less than a few hundred kilobytes. Our protocol

incurs no extra online packet processing overhead, and the offline processing time

is less than a few hundred seconds.

8. An Efficient and Robust Addressing Protocol for Node

Autoconfiguration in Ad Hoc Networks

ABSTRACT:

Address assignment is a key challenge in ad hoc networks due to the lack of

infrastructure. Autonomous addressing protocols require a distributed and self-

managed mechanism to avoid address collisions in a dynamic network with fading


45



channels, frequent partitions, and joining/leaving nodes. We propose and analyze a

lightweight protocol that configures mobile ad hoc nodes based on a distributed

address database stored in filters that reduces the control load and makes the

proposal robust to packet losses and network partitions. We evaluate the

performance of our protocol, considering joining nodes, partition merging events,

and network initialization. Simulation results show that our protocol resolves all

the address collisions and also reduces the control traffic when compared to

previously proposed protocols.


46



PARALLEL AND DISTRIBUTED SYSTEM

1. Mona: Secure Multi-Owner Data Sharing for Dynamic Groups in the

Cloud

ABSTRACT:

With the character of low maintenance, cloud computing provides an

economical and efficient solution for sharing group resource among cloud users.

Unfortunately, sharing data in a multi-owner manner while preserving data and

identity privacy from an untrusted cloud is still a challenging issue, due to the

frequent change of the membership. In this paper, we propose a secure multi-

owner data sharing scheme, named Mona, for dynamic groups in the cloud. By

leveraging group signature and dynamic broadcast encryption techniques, any

cloud user can anonymously share data with others. Meanwhile, the storage

overhead and encryption computation cost of our scheme are independent with the

number of revoked users. In addition, we analyze the security of our scheme with

rigorous proofs, and demonstrate the efficiency of our scheme in experiments.

2. Harnessing the Cloud for Securely Outsourcing Large-Scale Systems of

Linear Equations

ABSTRACT:

Cloud computing economically enables customers with limited

computational resources to outsource large-scale computations to the cloud.

However, how to protect customers' confidential data involved in the computations


47



then becomes a major security concern. In this paper, we present a secure

outsourcing mechanism for solving large-scale systems of linear equations (LE)

in cloud. Because applying traditional approaches like Gaussian elimination or LU

decomposition (aka. direct method) to such large-scale LEs would be prohibitively

expensive, we build the secure LE outsourcing mechanism via a completely

different approach-iterative method, which is much easier to implement in practice

and only demands relatively simpler matrix-vector operations. Specifically, our

mechanism enables a customer to securely harness the cloud for iteratively finding

successive approximations to the LE solution, while keeping both the sensitive

input and output of the computation private. For robust cheating detection, we

further explore the algebraic property of matrix-vector operations and propose an

efficient result verification mechanism, which allows the customer to verify all

answers received from previous iterative approximations in one batch with high

probability. Thorough security analysis and prototype experiments on Amazon

EC2 demonstrate the validity and practicality of our proposed design.

3. A Privacy Leakage Upper Bound Constraint-Based Approach for Cost-

Effective Privacy Preserving of Intermediate Data Sets in Cloud

ABSTRACT:

Cloud computing provides massive computation power and storage capacity

which enable users to deploy computation and data-intensive applications without

infrastructure investment. Along the processing of such applications, a large

volume of intermediate data sets will be generated, and often stored to save the


48



cost of recomputing them. However, preserving the privacy of intermediate data

sets becomes a challenging problem because adversaries may recover privacy-

sensitive information by analyzing multiple intermediate data sets. Encrypting

ALL data sets in cloud is widely adopted in existing approaches to address this

challenge. But we argue that encrypting all intermediate data sets are neither

efficient nor cost-effective because it is very time consuming and costly for data-

intensive applications to en/decrypt data sets frequently while performing any

operation on them. In this paper, we propose a novel upper bound privacy leakage

constraint-based approach to identify which intermediate data sets need to be

encrypted and which do not, so that privacy-preserving cost can be saved while the

privacy requirements of data holders can still be satisfied. Evaluation results

demonstrate that the privacy-preserving cost of intermediate data sets can be

significantly reduced with our approach over existing ones where all data sets are

encrypted.

4. On Data Staging Algorithms for Shared Data Accesses in Clouds

ABSTRACT:

In this paper, we study the strategies for efficiently achieving data staging

and caching on a set of vantage sites in a cloud system with a minimum cost.

Unlike the traditional research, we do not intend to identify the access patterns to

facilitate the future requests. Instead, with such a kind of information presumably

known in advance, our goal is to efficiently stage the shared data items to

predetermined sites at advocated time instants to align with the patterns while


49



minimizing the monetary costs for caching and transmitting the requested data

items. To this end, we follow the cost and network models in [1] and extend the

analysis to multiple data items, each with single or multiple copies. Our results

show that under homogeneous cost model, when the ratio of transmission cost and

caching cost is low, a single copy of each data item can efficiently serve all the

user requests. While in multicopy situation, we also consider the tradeoff between

the transmission cost and caching cost by controlling the upper bounds of

transmissions and copies. The upper bound can be given either on per-item basis or

on all-item basis. We present efficient optimal solutions based on dynamic

programming techniques to all these cases provided that the upper bound is

polynomially bounded by the number of service requests and the number of

distinct data items. In addition to the homogeneous cost model, we also briefly

discuss this problem under a heterogeneous cost model with some simple yet

practical restrictions and present a 2-approximation algorithm to the general case.

We validate our findings by implementing a data staging solver, whereby

conducting extensive simulation studies on the behaviors of the algorithms.

5. Scalable and Secure Sharing of Personal Health Records in Cloud

Computing Using Attribute-Based Encryption

ABSTRACT:

Personal health record (PHR) is an emerging patient-centric model of

health information exchange, which is often outsourced to be stored at a third

party, such as cloud providers. However, there have been wide privacy concerns as


50



personal health information could be exposed to those third party servers and to

unauthorized parties. To assure the patients' control over access to their own PHRs,

it is a promising method to encrypt the PHRs before outsourcing. Yet, issues such

as risks of privacy exposure, scalability in key management, flexible access, and

efficient user revocation, have remained the most important challenges toward

achieving fine-grained, cryptographically enforced data access control. In this

paper, we propose a novel patient-centric framework and a suite of mechanisms

for data access control to PHRs stored in semitrusted servers. To achieve fine-

grained and scalable data access control for PHRs, we leverage attribute-based

encryption (ABE) techniques to encrypt each patient's PHR file. Different from

previous works in secure data outsourcing, we focus on the multiple data owner

scenario, and divide the users in the PHR system into multiple security domains

that greatly reduces the key management complexity for owners and users. A high

degree of patient privacy is guaranteed simultaneously by exploiting multiauthority

ABE. Our scheme also enables dynamic modification of access policies or file

attributes, supports efficient on-demand user/attribute revocation and break-glass

access under emergency scenarios. Extensive analytical and experimental results

are presented which show the security, scalability, and efficiency of our proposed

scheme.


51



SERVICE COMPUTING

1. Agent-Based Cloud Computing

ABSTRACT:

Agent-based cloud computing is concerned with the design and development

of software agents for bolstering cloud service discovery, service negotiation, and

service composition. The significance of this work is introducing an agent-based

paradigm for constructing software tools and testbeds for cloud resource

management. The novel contributions of this work include: 1) developing Cloudle:

an agent-based search engine for cloud service discovery, 2) showing that agent-

based negotiation mechanisms can be effectively adopted for bolstering cloud

service negotiation and cloud commerce, and 3) showing that agent-based

cooperative problem-solving techniques can be effectively adopted for automating

cloud service composition. Cloudle consists of 1) a service discovery agent that

consults a cloud ontology for determining the similarities between providers'

service specifications and consumers' service requirements, and 2) multiple cloud

crawlers for building its database of services. Cloudle supports three types of

reasoning: similarity reasoning, compatibility reasoning, and numerical reasoning.

To support cloud commerce, this work devised a complex cloud negotiation

mechanism that supports parallel negotiation activities in interrelated markets: a

cloud service market between consumer agents and broker agents, and multiple

cloud resource markets between broker agents and provider agents. Empirical

results show that using the complex cloud negotiation mechanism, agents achieved

high utilities and high success rates in negotiating for cloud resources. To automate


52



cloud service composition, agents in this work adopt a focused selection contract

net protocol (FSCNP) for dynamically selecting cloud services and use service

capability tables (SCTs) to record the list of cloud agents and their services.

Empirical results show that using FSCNP and SCTs, agents can successfully

compose cloud services by autonomously selecting services.

2. Toward Secure and Dependable Storage Services in Cloud Computing

ABSTRACT:

Cloud storage enables users to remotely store their data and enjoy the on-

demand high quality cloud applications without the burden of local hardware and

software management. Though the benefits are clear, such a service is also

relinquishing users' physical possession of their outsourced data, which inevitably

poses new security risks toward the correctness of the data in cloud. In order to

address this new problem and further achieve a secure and dependable cloud

storage service, we propose in this paper a flexible distributed storage integrity

auditing mechanism, utilizing the homomorphic token and distributed erasure-

coded data. The proposed design allows users to audit the cloud storage with very

lightweight communication and computation cost. The auditing result not only

ensures strong cloud storage correctness guarantee, but also simultaneously

achieves fast data error localization, i.e., the identification of misbehaving server.

Considering the cloud data are dynamic in nature, the proposed design further

supports secure and efficient dynamic operations on outsourced data, including

block modification, deletion, and append. Analysis shows the proposed scheme is


53



highly efficient and resilient against Byzantine failure, malicious data modification

attack, and even server colluding attacks.

3. Social Cloud Computing: A Vision for Socially Motivated Resource

Sharing

ABSTRACT:

Online relationships in social networks are often based on real world

relationships and can therefore be used to infer a level of trust between users. We

propose leveraging these relationships to form a dynamic "Social Cloud,” thereby

enabling users to share heterogeneous resources within the context of a social

network. In addition, the inherent socially corrective mechanisms (incentives,

disincentives) can be used to enable a cloud-based framework for long term

sharing with lower privacy concerns and security overheads than are present in

traditional cloud environments. Due to the unique nature of the Social Cloud, a

social market place is proposed as a means of regulating sharing. The social market

is novel, as it uses both social and economic protocols to facilitate trading. This

paper defines Social Cloud computing, outlining various aspects of Social Clouds,

and demonstrates the approach using a social storage cloud implementation in

Facebook.


54



4. A Framework for Consumer-Centric SLA Management of Cloud-

Hosted Databases

ABSTRACT:

Currently, we are witnessing a proliferation in the number of cloud-hosted

applications with a tremendous increase in the scale of the data generated as well

as being consumed by such applications. The specifications of existing service

level agreements (SLA) for cloud services are not designed to flexibly handle even

relatively straightforward performance and technical requirements of consumer

applications. In this article, we present a novel approach for SLA-based

management of cloud-hosted databases from the consumer perspective. The

framework facilitates adaptive and dynamic provisioning of the database tier of the

software applications based on application-defined policies for satisfying their own

SLA performance requirements, avoiding the cost of any SLA violation and

controlling the monetary cost of the allocated computing resources. In this

framework, the SLA of the consumer applications are declaratively defined in

terms of goals which are subjected to a number of constraints that are specific to

the application requirements. The framework continuously monitors the

application-defined SLA and automatically triggers the execution of necessary

corrective actions (scaling out/in the database tier) when required. The

experimental results demonstrate the effectiveness of our SLA-based framework in

providing the consumer applications with the required flexibility for achieving

their SLA requirements.


55



5. THEMIS: A Mutually Verifiable Billing System for the Cloud

Computing Environment

ABSTRACT:

With the widespread adoption of cloud computing, the ability to record and

account for the usage of cloud resources in a credible and verifiable way has

become critical for cloud service providers and users alike. The success of such a

billing system depends on several factors: the billing transactions must have

integrity and nonrepudiation capabilities; the billing transactions must have a

minimal computation cost; and the SLA monitoring should be provided in a trusted

manner. Existing billing systems are limited in terms of security capabilities or

computational overhead. In this paper, we propose a secure and nonobstructive

billing system called THEMIS as a remedy for these limitations. The system uses a

novel concept of a cloud notary authority for the supervision of billing. It generates

mutually verifiable binding information that can be used to resolve future disputes

between a user and a cloud service provider in a computationally efficient way.

Furthermore, to provide a forgery-resistive SLA monitoring mechanism, we

devised a SLA monitoring module enhanced with a trusted platform module

(TPM), called S-Mon. This work has been undertaken on a real cloud computing

service called iCubeCloud.


56



SOFTWARE ENGINEERING

1. A Decentralized Self-Adaptation Mechanism for Service-Based

Applications in the Cloud

ABSTRACT:

Cloud computing, with its promise of (almost) unlimited computation,

storage, and bandwidth, is increasingly becoming the infrastructure of choice for

many organizations. As cloud offerings mature, service-based applications need to

dynamically recompose themselves to self-adapt to changing QoS requirements. In

this paper, we present a decentralized mechanism for such self-adaptation, using

market-based heuristics. We use a continuous double-auction to allow applications

to decide which services to choose, among the many on offer. We view an

application as a multi-agent system and the cloud as a marketplace where many

such applications self-adapt. We show through a simulation study that our

mechanism is effective for the individual application as well as from the collective

perspective of all applications adapting at the same time.

2. Automated API Property Inference Techniques

ABSTRACT:

Frameworks and libraries offer reusable and customizable functionality

through Application Programming Interfaces (APIs). Correctly using large and

sophisticated APIs can represent a challenge due to hidden assumptions and

requirements. Numerous approaches have been developed to infer properties of

APIs, intended to guide their use by developers. With each approach come new


57



definitions of API properties, new techniques for inferring these properties, and

new ways to assess their correctness and usefulness. This paper provides a

comprehensive survey of over a decade of research on automated property

inference for APIs. Our survey provides a synthesis of this complex technical field

along different dimensions of analysis: properties inferred, mining techniques, and

empirical results. In particular, we derive a classification and organization of over

60 techniques into five different categories based on the type of API property

inferred: unordered usage patterns, sequential usage patterns, behavioral

specifications, migration mappings, and general information.

3. Resource Management for Complex, Dynamic Environments

ABSTRACT:

This paper describes an approach to the specification and management of the

agents and resources that are required to support the execution of complex systems

and processes. The paper suggests that a resource should be viewed as a provider

of a set of capabilities that are needed by a system or process, where that set may

vary dynamically over time and with circumstances. This view of resources is

defined and then made the basis for the framework of an approach to specifying,

managing, and allocating resources in the presence of real-world complexity and

dynamism. The ROMEO prototype resource management system is presented as

an example of how this framework can be instantiated. Some case studies of the

use of ROMEO to support system execution are presented and used to evaluate the

framework, the ROMEO prototype, and our view of the nature of resources.


58



4. Self-Management of Adaptable Component-Based Applications

ABSTRACT:

The problem of self-optimization and adaptation in the context of

customizable systems is becoming increasingly important with the emergence of

complex software systems and unpredictable execution environments. Here, a

general framework for automatically deciding on when and how to adapt a system

whenever it deviates from the desired behavior is presented. In this framework, the

system's target behavior is described as a high-level policy that establishes goals

for a set of performance indicators. The decision process is based on information

provided independently for each component that describes the available

adaptations, their impact on performance indicators, and any limitations or

requirements. The technique consists of both offline and online phases. Offline,

rules are generated specifying component adaptations that may help to achieve the

established goals when a given change in the execution context occurs. Online, the

corresponding rules are evaluated when a change occurs to choose which

adaptations to perform. Experimental results using a prototype framework in the

context of a web-based application demonstrate the effectiveness of this approach.

dotnet titles abstract 2013-2014

Technology

medical image segmentation

tnagar chennai

segmentation accuracy

multiatlas image segmentation

tnagar bus terminus

global data

medical images

terms of spine segmentation