Enforcement Algorithm Research Articles

Hybrid firefly bat algorithm (HFBA)–based network security policy enforcement for PSA

SummaryNetwork operators heavily depend on security services to secure their information technology infrastructures. On the other hand, due to the complexity of security policies, it is not appropriate to straightforwardly use previous pathwise enforcement approaches. In this paper, the enforcement problem of the security policy on middleboxes is formulated as a weighted K set covering problem that requires a policy space analysis tool. This tool is intended to be supported on range‐represented hyperrectangles, which are tagged using a prioritized R‐tree. This methodological work initially evaluates the topological features of diverse types of policies. Hybrid firefly bat algorithm–supported heuristic information shows the inherent difficulties of security policies and provides direction for the design of the enforcement algorithm. At the same time, a scopewise policy enforcement procedure is proposed, which requires a moderate number of enforcement network nodes for organizing the various policy subsets in a greedy manner. Our results demonstrate that the proposed hybrid firefly bat algorithm with policy space analysis offer greatly improved outcomes in terms of the rule overhead, network security, packet delivery ratio, packet loss ratio, and time efficiency above the set operations of the security policy.

Contribution au dialogue entre la psychanalyse, la psychiatrie et les neurosciences dans la recherche clinique actuelle individuelle et sociale, par l’étude des phénomènes d’automatisme

Computer network security is the first line of protection for guaranteeing information reliability. A computer network can be threatened when it does not have a well-designed or properly implemented network security policy. The major issue is that network operators cannot always support their network security strategy. Network operators often depend on security facilities to defend their Information Technology (IT) organizations. Different forms of security policies concerned with the network are distinct and circulated among various security middleboxes (MBs) organized into networks. Conversely, due to the inherent sophistication of security policies, it is not appropriate to use recent path-wise implementation algorithms. The present study solves the problem of policy implementation with MBs relatively faster compared to existing methods. In particular, this research models security policy implementation as a Weighted K Set Covering Problem (WKSCP) and employs a computational-geometry-based Policy Space Analysis (PSA) tool for a set of procedures as the security mechanism. Using the PSA tool leads to a Non-Dominated Multi-Objective Genetic Algorithm (NDMGA), which reveals the inherent complexities involved in a security policy and informs implementation of the policy enforcement algorithm. The resolution to this issue is to determine a collection of enforcement network nodes for an MB to execute on-datapath examination with globally distinct security policies. Therefore, the chosen policy enforcement nodes should be initially positioned on paths that are related to security strategies. Compared to the scope-wise strategy enforcement mechanism, where the procedures are executed over the objects of the network path, the scheme in this present work is implemented over the objects pertaining to the network nodes. A secure node may contain multiple paths, thus storing a large possible flow space that preserves the distribution and circumvents the ineffective usage of network bandwidth due to random traffic steering. Compared to current methodologies, the suggested NDMGA-based PSA tool yielded a 95% decrease in policy implemented nodes and a 93% decline in implemented rules.

Geometry simplification of open-cell porous materials for elastic deformation FEA

Estimation of mechanical properties of porous materials is central for their medical and industrial application. However, the massive size of accurate boundary representations (B-Rep) of the foams makes the numerical estimations intractable. Even for small domain sizes, the mesh generation for finite element analysis (FEA) may not terminate. Current efforts for simulating porous materials use statistical predictions of the material structure. The simulated and actual materials present different geometry and topology, with consequences on the simulation results. To overcome these limitations, this manuscript presents a method, which (1) synthesizes an accurate truss abstraction from the raw geometry data, (2) executes efficient FEA simulations, and (3) processes nodal displacements to estimate apparent mechanical moduli of the porous material. The method addresses materials whose ligaments have circular cross-sections. The iso-surface present in the Computer Tomography (CT) scan of the porous material is used to synthesize a truss graph whose edges are truncated cones. Then, optimization and simplification methods are applied to produce a topologically and geometrically correct truss representation for the foam domain. Comparative FEA load simulations are conducted between the full B-Rep and truss representations of the material. The truss model proves to be significantly more efficient for FEA, departing from the Full B-Rep FEA by a maximum of 16% in the estimation of equivalent mechanical moduli. Geometric assessments such as porosity and Hausdorff distance confirm that the truss abstraction is a cost-effective one. Ongoing efforts concentrate on point set geometric algorithms for enforcement of standardized material testing.

Non‐dominated sorting particle swarm optimization (NSPSO) and network security policy enforcement for Policy Space Analysis

SummaryNetwork operators depend on security services with the aim of safeguarding their IT infrastructure. Various types of network security policies are employed on a global scale and are disseminated among several security middleboxes implemented in networks. But, owing to the complications in security policies, it is not quite efficient to directly use the path‐wise enforcement schemes that are prevalent. The major motivation of this work is to improve security levels and solve the policy enforcement problem. For the first time, this work reports the issue of policy enforcement on middleboxes. The major contribution of this work is to design security policy enforcement as a Weighted K Set Covering Problem, and we designed a Policy Space Analysis (PSA) tool intended for a group of operations in the security policy. This PSA tool was developed based on range‐signified hyper‐rectangles, which are indexed by the Hilbert R‐tree. Leveraging the PSA, we first investigated the topological features of various kinds of policies. Balancing the PSA tool in a non‐dominated sorting particle swarm optimization technique exposes the intrinsic difficulties of this security strategy and provides guidance for designing the enforcement approach. In addition, in this research, a new fuzzy rule‐based classification system is introduced for packet classification. A scope‐wise policy enforcement algorithm was proposed, which chooses a moderate number of enforcement network nodes for deploying multiple policy subsets in a greedy manner. This scheme is much quicker compared with the first one and therefore has found its application in real‐time deployments.

On-line Algorithm for Current State Opacity Enforcement in a Petri Net Framework

Opacity notion is a security and privacy property that verifies whether an external observer (intruder) can deduce a secret of a system by observing its behaviour. This paper addresses the current state opacity verification and enforcement in the framework of Petri Net (PN): an observation of the system is said to be current-state opaque if an intruder is unable to determine whether the current-state of the system belongs to a set of secret states, otherwise it is said to be not current-state opaque. The run time verifier waits for an observable event and performs an algorithm based on the solution of Integer Linear Programming problem to verify the current state opacity and preserve the secret. Indeed, if the secret may be discovered, then the last event is hidden. An example shows the efficiency of the proposed approach.

Financial time series prediction using ℓ2,1RF-ELM

Financial time series forecasting is a complicated task because the behavior of investors can be influenced by lots of tiny and unpredictable factors. In this paper, in order to maximize the return of capital and manage liquidity risk effectively, an 2,1-norm and Random Fourier Mapping based Extreme Learning Machine(2,1 RF-ELM) is applied to the problem of financial time series prediction. The advantages of ELM in efficiency and generalization performance over traditional fuzzy neural network(FNN) algorithms have been demonstrated on a wide range of problems from different fields, thanks to the integration of 2,1-norm, the 2,1 RF-ELM is able to automatically prune the irrelevant and redundant hidden neurons to form a more discriminative and compact hidden layer. The performance of the 2,1RF-ELM is compared with other hidden layer enforcement algorithms, two long-term time series data sets, including TianChi and BCS, are used for this comparison. The performance of the 2,1RF-ELM was comparable to those of other widely used machine learning techniques like support vector machines (SVM), artificial neural networks (ANN) and other popular ELM method. The experiments demonstrate favorable prediction results of the 2,1RF-ELM in terms of annualized return, prediction error and running time. In addition, we also find that the underlying rules of the correlation between cash inflow and outflow that can help us improve accuracy, which is valuable for financial institutions to predict the trend of liquidity.

Complexity Results and Algorithms for Extension Enforcement in Abstract Argumentation

Argumentation is an active area of modern artificial intelligence (AI) research, with connections to a range of fields, from computational complexity theory and knowledge representation and reasoning to philosophy and social sciences, as well as application-oriented work in domains such as legal reasoning, multi-agent systems, and decision support. Argumentation frameworks (AFs) of abstract argumentation have become the graph-based formal model of choice for many approaches to argumentation in AI, with semantics defining sets of jointly acceptable arguments, i.e., extensions. Understanding the dynamics of AFs has been recently recognized as an important topic in the study of argumentation in AI. In this work, we focus on the so-called extension enforcement problem in abstract argumentation as a recently proposed form of argumentation dynamics. We provide a nearly complete computational complexity map of argument-fixed extension enforcement under various major AF semantics, with results ranging from polynomial-time algorithms to completeness for the second level of the polynomial hierarchy. Complementing the complexity results, we propose algorithms for NP-hard extension enforcement based on constraint optimization under the maximum satisfiability (MaxSAT) paradigm. Going beyond NP, we propose novel MaxSAT-based counterexample-guided abstraction refinement procedures for the second-level complete problems and present empirical results on a prototype system constituting the first approach to extension enforcement in its generality.

A game theoretic method to model and analyze attack‐defense strategy of resource service in cloud application

SummaryCloud computing has attracted much attention recently in both industry field and academic research area. More and more Internet applications are moving to the cloud environment. However, it is difficult to construct perfectly secure mechanisms facing up with complex and various attacks in cloud computing, the efficient attack‐defense strategy is highly demanded. In this paper, a stochastic game model is proposed based on combining stochastic Petri nets with game theory, which is used to describe the attack‐defense behaviors in cloud computing. The physical machine, attack‐defense behavior, and their attributes are also modeled by stochastic game model thus forming the attack‐defense game model of cloud computing. On this basis, the Nash equilibrium of attack‐defense process in physical machine is computed to get the optimal defense strategy. The related theories of Petri nets and the reachable states of attack‐defense game model are used to formally verify the correctness and effectiveness of the proposed method. The enforcement algorithm is proposed to make cloud computing dynamically evaluate and select the defense strategy to against attack behavior as quickly as possible. Both case study and simulation results show that the proposed method can adapt quickly to the changes in cloud application thus improving the security of cloud computing.

Efficient Network Security Policy Enforcement With Policy Space Analysis

Network operators rely on security services to protect their IT infrastructures. Different kinds of network security policies are defined globally and distributed among multiple security middleboxes deployed in networks. However, due to the complexity of security policy, it is inefficient to directly employ existing path-wise enforcement approaches. This paper models the enforcement of network security policy as the set-covering problem, and designs a computational-geometry-based policy space analysis (PSA) tool for set operations of security policy. Leveraging the PSA, this paper first investigates the topological characteristics of different types of policies. This heuristic information reveals intrinsic complexities of security policy and guides the design of our enforcement approach. Then the paper proposes a scope-wise policy enforcement algorithm that selects a modest number of enforcement network nodes to deploy multiple policy subsets in a greedy manner. This approach can be employed on network topologies of both datacenter and service provider. The efficiencies of the PSA tool and the enforcement algorithm are also evaluated. Compared with the header space analysis, the PSA achieves much better memory and time efficiencies on set operations of security policy. Additionally, the proposed enforcement algorithm is able to guarantee network security within a reasonable number of enforcement network nodes, without introducing many extra rules.

Minimum cost rule enforcement for cooperative database access

In this paper, we consider restricted data sharing between a set of parties that wish to provide some set of online services requiring such data sharing. Each party is assumed to store its data in private relational databases, and is given a set of mutually agreed set of authorization rules that specify access to attributes over individual relations or joins over relations owned by one or more parties. The access restrictions introduce significant additional complexity in rule enforcement and query planning as compared with a traditional distributed database environment. We examine the problem of minimum cost rule enforcement which simultaneously checks for the enforceability of each rule and generation of minimum cost plan of its execution. However, the paper is not focused on specific cost functions, but instead of efficient methods for enforcing rules in the face of access restrictions and inter-party data transfer needs. We propose an efficient heuristic algorithm for this minimal enforcement since the exact problem is NP-hard. In some cases, it is not possible to enforce the rules with the regular parties only. In such cases, we need help of trusted third parties (TPs). If all parties trust a single TP, such a party can enforce all unenforced rules, but it is desirable to use the TP minimally. We also consider the extended case where multiple TPs are required since not every regular party can trust a single TP.

A Formal Aspect-Oriented Method for Modeling and Analyzing Adaptive Resource Scheduling in Cloud Computing

Cloud computing has attracted much interest recently from both industry and academia. However, the scale and highly dynamic nature of cloud application imposes significant new challenges to resource management, and efficient resource scheduling schemes are highly demanded. In this paper, we propose a systematic method to address the reliability, running time, and failure processing of resource scheduling in cloud computing. A reflection mechanism is used to abstract the resource scheduling process as a metaobject. Petri nets are used to construct the base layer model, meta layer model, metaobject protocol, and other components, thus forming the resource scheduling model. The adaptive resource scheduling strategy is converted into CTL formulas, and the properties are analyzed. Meanwhile, an enforcement algorithm is proposed, which can guarantee the correct behavior of cloud computing while meeting the required reliability within deadline constraints. The operational semantics and related theories of Petri nets help prove its effectiveness and correctness. We have also performed a series of simulations to evaluate our approach. Results show that it can help reveal the structural and behavioral characteristics of cloud computing and improve the efficiency of resource management.

Runtime enforcement of regular timed properties by suppressing and delaying events

Runtime enforcement is a verification/validation technique aiming at correcting possibly incorrect executions of a system of interest. In this paper, we consider enforcement monitoring for systems where the physical time elapsing between actions matters. Executions are thus modelled as timed words (i.e., sequences of actions with dates). We consider runtime enforcement for timed specifications modelled as timed automata. Our enforcement mechanisms have the power of both delaying events to match timing constraints, and suppressing events when no delaying is appropriate, thus possibly allowing for longer executions. To ease their design and their correctness-proof, enforcement mechanisms are described at several levels: enforcement functions that specify the input–output behaviour in terms of transformations of timed words, constraints that should be satisfied by such functions, enforcement monitors that describe the operational behaviour of enforcement functions, and enforcement algorithms that describe the implementation of enforcement monitors. The feasibility of enforcement monitoring for timed properties is validated by prototyping the synthesis of enforcement monitors from timed automata.

Complexity Results and Algorithms for Extension Enforcement in Abstract Argumentation

Understanding the dynamics of argumentation frameworks (AFs) is important in the study of argumentation in AI. In this work, we focus on the so-called extension enforcement problem in abstract argumentation. We provide a nearly complete computational complexity map of fixed-argument extension enforcement under various major AF semantics, with results ranging from polynomial-time algorithms to completeness for the second-level of the polynomial hierarchy. Complementing the complexity results, we propose algorithms for NP-hard extension enforcement based on constrained optimization. Going beyond NP, we propose novel counterexample-guided abstraction refinement procedures for the second-level complete problems and present empirical results on a prototype system constituting the first approach to extension enforcement in its generality.

Hierarchical NURBS in frictionless contact

Abstract This work investigates mortar-based frictionless contact in the context of NURBS discretizations that are subjected to local hierarchical refinement. The investigations emphasize three sets of choices which lead to different contact algorithms that have distinct advantages and disadvantages. First, on the optimization side, both exterior and interior point methods are applied, thus spanning inexact constraint enforcement algorithms of the penalty or barrier type as well as exact ones of the primal–dual type. Second, on the discretization side, the hierarchical basis set of the mortar variables is inherited either directly from the discretization of the slave surface or after an intermediate normalization step to satisfy the partition of unity. Third, in interaction with both optimization and discretization, the kinematic mortar variable is recovered from the actual normal gap through the full or lumped solution of a linear system of equations. The implications of different choices are highlighted through benchmark problems which monitor the solution quality at the global level through the structural force evolution and at the local level through the contact pressure distribution.

Simulation of Secondary Contact to Generate Very High Accelerations

This paper investigates the design of a typical commercially available drop system for generating very high shock and drop accelerations. Some commercially available drop towers produce accelerations greater than 5000 G by utilizing the dynamics of secondary impact, using an attachment termed a dual mass shock amplifier (DMSA). Depending on the design, some DMSAs are capable of repeatedly generating accelerations as high as 100,000 G. The results show that a finite element model (FEM) can capture the peak acceleration for the drop tower and the DMSA within 15%. In this paper, a detailed description of the test equipment and modeling techniques is provided. The effects of different design parameters, such as table mass, spring stiffness, and programmer material properties, on the drop profile, are investigated through parametric modeling. The effects of contact parameters on model accuracy are explored, including constraint enforcement algorithms, contact stiffness, and contact damping. Simple closed-form analytic models are developed, based on the basic principles of a single impact and the dynamics of secondary impact. Model predictions are compared with test results. Details of the test methodology and simulations guidelines are provided. Detailed finite element analysis (FEA) is conducted and validated against the experimental tests and compared to the simplified theoretical simulations. Benefits in exploring FEM to simulate contact between materials can be extrapolated to different architectures and materials such that with minimal experimental validation impact acceleration can be determined.

A formal aspect-oriented method to model and analyse secure service composition

Service-oriented computing SOC is becoming a prominent paradigm for creating value-added enterprise applications by composing web services. However, this flexibility comes along with new security risks. In this paper, Petri nets are used to precisely describe the different components of service composition, such as service, component, the basic relation between components, etc. The dynamic matching strategy of service composition is proposed, aspect orientation is used to weave it into the base net, which includes evaluation concern, authorisation concern and failure processing concern, the weaving mechanism dynamically integrates these schemas into a secure aspect model. Based on this, the operation semantics and related theories of Petri nets help prove the effectiveness and feasibility of proposed method, the enforcement algorithm is also given. An example explains the modelling process of service composition, and a series of experiments are done to explain that the use of aspects for service composition is more efficient than conventional techniques.

Consistency techniques for polytime linear global cost functions in weighted constraint satisfaction

Lee and Leung make practical the consistency enforcement of global cost functions in Weighted Constraint Satisfaction Problems (WCSPs). The main idea of their approach lies in the derivation of polynomial time algorithms for the computation of the minimum cost of global cost functions. In this paper, we investigate how soft arc consistency can also be applied on global cost functions with no known efficient minimum cost computation algorithms. We propose polytime linear projection-safe (PLPS) cost functions, which have a polynomial size integer linear formulation and can maintain this good property across projection/extension operations. We observe that the minimum of the linear relaxation gives a good approximation to the minimum of the integer formulation. This is used as the basis for the enforcement of relaxed forms of existing soft arc consistencies. By using the linear formulations, we can easily enforce conjunctions of overlapping PLPS, which give stronger pruning power. We further propose polytime integral linear projection-safe (PILPS) cost functions, which are PLPS cost functions with guaranteed integral solutions to the linear relaxation. We prove theorems to compare the consistency strengths among PLPS, PILPS and their conjunctions. Extensive experimentations are conducted to compare our proposed algorithms against state of the art global cost functions consistency enforcement algorithms and integer programming. Empirical results agree with our theoretical predictions, and confirm orders of magnitude improvement in terms of pruning and runtime by our proposals.

Optimal Liveness-Enforcing Control for a Class of Petri Nets Arising in Multithreaded Software

We investigate the synthesis of optimal liveness-enforcing control policies for Gadara nets, a special class of Petri nets that arises in the modeling of the execution of multithreaded computer programs for the purpose of deadlock avoidance. We consider maximal permissiveness as the notion of optimality. Deadlock-freeness of a multithreaded program corresponds to liveness of its Gadara net model. We present a new control synthesis algorithm for liveness enforcement of Gadara nets that need not be ordinary. The algorithm employs structural analysis of the net and synthesizes monitor places to prevent the formation of a special class of siphons, termed resource-induced deadly-marked siphons. The algorithm also accounts for uncontrollable transitions in the net in a minimally restrictive manner. The algorithm is generally an iterative process and converges in a finite number of iterations. It exploits a covering of the unsafe states that is updated at each iteration. The proposed algorithm is shown to be correct and maximally permissive with respect to the goal of liveness enforcement.

Petri net based techniques for constructing reliable service composition

Service composition is an important mean for integrating the individual Web services to create new value added systems that satisfy complex requirements. However, it is challenging to guarantee the reliability of service composition in a distributed, dynamic and complex environment. This paper proposes an approach to constructing the reliable service composition. The underlying formalism is Petri net, which provides means to observe behaviors of basic component, and to describe their interrelationship. The transaction attributes, reliability and failure processing mechanisms are articulated. The composition mechanism systematically integrates these schemas into a transaction mapping model. Based on this, a reliable composition strategy and its enforcement algorithm are proposed, which can verify the behaviors of service composition at design time or after runtime to repair design errors. The operational semantics and related theories of Petri nets help prove the effectiveness of the proposed method. Finally, we use a simplified Export Service system to demonstrate the feasiability of the method.

Wireless LAN Location-based Access Control

Location-based access control model for Wireless LAN is presented. It integrates location-based features and uses the hierarchy of spatial roles. On basis of presented model Wireless LAN location-based access control system was designed and implemented. Location-based access control and policy enforcement algorithms that use location mapping functions and the evaluation of location information confidence were offered and presented. The system is evaluated by testing its operating speed.DOI: http://dx.doi.org/10.5755/j01.eee.18.9.2820