Earticle

Current access control solutions in databases are based on tables and views. While view access control approach is flexible, it does not scale when the number of users (and therefore necessary views) is large. Consequently, most applications are forced to perform access control enforcement in the application code instead of the database. This approach has numerous disadvantages. We present a novel approach for fine-grained access control in large databases. Our solution combines relational databases with trust management techniques. Trust management systems such as KeyNote and CPOL can be used to evaluate policy rules to determine whether a given query can be performed and which parts of the resulting data can be presented to the user. We present the design and implementation of our system as well as a set of performance experiments based on MySQL database and CPOL policy evaluation engine.

This paper describes an ensemble design for cyber security threats detection, which fuses the results from multiple classifiers together to make a final assessment decision. For promoting both speed and accuracy in the detection performance, only some of the features in traffic data are selected for each base classifier. In the kernel of each classifier, we combine Dempster-Shafer theory with k-nearest neighbor technique to solve the uncertainty problems caused by ambiguous and limited intrusion information. In addition, we apply data mining techniques to reduce the number of false alarms. The results indicate that our ensemble approach achieves higher detection rates than that of using a full feature set of classifiers.

Digital watermarking is now drawing attention as a new method of protecting digital content from unauthorized copying. This paper proposes a new watermarking scheme in based on Fast Fourier Transformation (FFT) for copyright protection of digital audio. In the proposed watermarking scheme, the original audio is segmented into non-overlapping frames. Watermarks are embedded into the selected prominent peaks of the magnitude spectrum of each frame. Informal listening reveals excellent imperceptibility of the embedded watermark. The proposed watermarking scheme is tested by various kinds of attack to demonstrate the robustness of watermarking. Simulation results suggest that the imperceptible watermarks embedded with the proposed method are highly robust against various kinds of attacks such as noise addition, cropping, re-sampling, re-quantization, MP3 compression, and low pass filtering. We observe that the proposed scheme shows similar robustness compare to Cox’s method. In addition, the proposed method provides better performance than Cox’s method in terms of SNR result because of embedding watermarks into the selected prominent peaks of magnitude spectrum of each frame of the original audio signal. Our proposed scheme achieves SNR (signal-to-noise ratio) values ranging from 20 dB to 28 dB, in contrast to Cox's method which achieves SNR values ranging from only 14 dB to 23 dB.

Java Card are devices subject to either hardware and software attacks. Thus several countermeasures need to be embedded to avoid the effects of these attacks. Recently, the idea to combine logical attacks with a physical attack to bypass bytecode verification has emerged. For instance, correct and legitimate Java Card applications can be dynamically modified on-card using laser beam. Such applications become mutant applications, with a different behavior. This internal change could lead to bypass control and protection and thus should offer illegal access to secret data and operation inside the chip. In this paper, we propose a set of countermeasures that can be activated by the developer using the annotation mechanism. These countermeasures are efficient but also affordable for the smart card domain, as shown by the evaluation of the coverage and memory usage.

This paper presents a feature level fusion approach which uses the improved K-medoids clustering algorithm and isomorphic graph for face and palmprint biometrics. Partitioning around medoids (PAM) algorithm is used to partition the set of n invariant feature points of the face and palmprint images into k clusters. By partitioning face and palmprint images with scale invariant features SIFT points, a number of clusters are formed on both the images. Then on each cluster, an isomorphic graph is drawn. Most probable pair of graphs is searched using iterative relaxation algorithm from all possible isomorphic graphs for a pair of corresponding face and palmprint images. Finally, graphs are fused by pairing the isomorphic graphs into augmented groups in terms of addition of invariant SIFT points and in terms of combining pair of keypoint descriptors by concatenation rule. Experimental results obtained from the extensive evaluation show that the proposed feature level fusion with the improved K-medoids partitioning algorithm improves the performance of the system.

We propose a new definition for searchable proxy re-encryption scheme (Re-PEKS), define the first known searchable proxy re-encryption scheme with a designated tester (Re-dPEKS), and then give concrete constructions of both Re-PEKS and Re-dPEKS schemes that are secure in the random oracle model, along with the proofs.