Attribute-Based Encryption for Access Control in Cloud Ecosystems

<p>We introduce a distributed, fine-granuled, policy-based resource access control protocol leveraging on Attribute-Based Encryption. The protocol secures the whole access control procedure from the authorization issuer to the resource server providing grant confidentiality, proof of possession, antiforgery and may be implemented through a common web token exchange flow plus a HTTP basic authentication. As such, it may easily map to Cloud computing SaaS paradigms, enabling services integration into a single authorization-centric ecosystem even across multiple identity domains. We also present the results of a performance evaluation on a first prototype implementation.</p>

Attribute-Based Encryption for Access Control in Cloud Ecosystems

<p>We introduce a distributed, fine-granuled, policy-based resource access control protocol leveraging on Attribute-Based Encryption. The protocol secures the whole access control procedure from the authorization issuer to the resource server providing grant confidentiality, proof of possession, antiforgery and may be implemented through a common web token exchange flow plus a HTTP basic authentication. As such, it may easily map to Cloud computing SaaS paradigms, enabling services integration into a single authorization-centric ecosystem even across multiple identity domains. We also present the results of a performance evaluation on a first prototype implementation.</p>

Experience of Implementation of the Protocol TLS 1.3 Verification

This paper presents the experience of verifying server implementations of the TLS cryptographic protocol version 1.3. TLS is a widely used cryptographic protocol designed to create secure data transmission channels and provides the necessary functionality for this: confidentiality of the transmitted data, data integrity, and authentication of the parties. The new version 1.3 of the TLS protocol was introduced in August 2018 and has a number of significant differences compared to the previous version 1.2. A number of TLS developers have already included support for the latest version in their implementations. These circumstances make it relevant to do research in the field of verification and security of the new TLS protocol implementations. We used a new test suite for verifying implementations of the TLS 1.3 for compliance with Internet specifications, developed on the basis of the RFC8446, using UniTESK technology and mutation testing methods. The current work is part of the TLS 1.3 protocol verification project and covers some of the additional functionality and optional protocol extensions. To test implementations for compliance with formal specifications, UniTESK technology is used, which provides testing automation tools based on the use of finite state machines. The states of the system under test define the states of the state machine, and the test effects are the transitions of this machine. When performing a transition, the specified impact is passed to the implementation under test, after which the implementation's reactions are recorded and a verdict is automatically made on the compliance of the observed behavior with the specification. Mutational testing methods are used to detect non-standard behavior of the system under test by transmitting incorrect data. Some changes are made to the protocol exchange flow created in accordance with the specification: either the values of the message fields formed on the basis of the developed protocol model are changed, or the order of messages in the exchange flow is changed. The protocol model allows one to make changes to the data flow at any stage of the network exchange, which allows the test scenario to pass through all the significant states of the protocol and in each such state to test the implementation in accordance with the specified program. So far, several implementations have been found to deviate from the specification. The presented approach has proven effective in several of our projects when testing network protocols, providing detection of various deviations from the specification and other errors.

Computational fluid dynamics simulation of buoyant mixing of miscible fluids in a tilted tube

Buoyancy-driven flows and mixing of fluids with different densities occur frequently both in nature and as part of industrial processes within chemical and petroleum engineering. This work investigates the buoyant exchange flow of two miscible fluids in a long tube with closed ends at varying tilt angles using OpenFOAM. The study focuses on the evolution of the concentration field and front velocities of the mixing zone at different inclinations. Numerical results based on a miscible solver agree with previous experiments and direct numerical simulations. Treating the fluids instead as immiscible with no surface tension leads to unrealistically high front velocities at intermediate inclinations.

The Momentum Conserving Scheme for Two-Layer Shallow Flows

This paper confronts the numerical simulation of steady flows of fluid layers through channels of varying bed and width. The fluid consists of two immiscible fluid layers with constant density, and it is assumed to be of a one-dimensional shallow flow. The governing equation is a coupled system of two-layer shallow water models. In this paper, we apply a direct extension of the momentum conserving scheme previously used for solving the one layer shallow water equations. Computations of various steady-state solutions are used to demonstrate the performance of the proposed numerical scheme. Under the influence of a given flow rate, the numerical steady interface is generated in a channel topography with a hump. The results obtained confirm the analytic steady interface of the two-layer rigid-lid model. Furthermore, the same scheme was used with an additional artificial damping to simulate the maximal exchange flow in channels of varying width. The numerical steady interface agreed well with the analytical steady solutions.

Compound flood modelling framework for rainfall-groundwater interactions

Compound floods are an active area of research where the complex interaction between pluvial, fluvial, coastal or groundwater flooding are analyzed. A number of studies have simulated the compound flooding impacts of precipitation, river discharge and storm surge variables with different numerical models and linking techniques. However, groundwater flooding is often neglected in flood risk assessments due to its sporadic frequency - as most regions have water tables sufficiently low that do not exacerbate flooding conditions -, isolated impacts and considerably less severity in respect to other types of flooding. This paper presents a physically-based, loosely-coupled modelling framework using FLO-2D and MODFLOW-2005 that is capable to simulate surface-subsurface water interactions to represent compound flooding events in North Miami. FLO-2D, responsible of the surface hydrology and infiltration processes, transfers the infiltration volume as recharge to MODFLOW-2005 until the soil absorption capacity is exceeded, while MODFLOW-2005 return exchange flow to the surface when groundwater heads are higher than the surface depth. The model calibration is based on three short-lived storm events that as individual processes represent minimum flooding conditions but in combination with pre-existing high-water table levels results in widespread flooding across the study area. Understanding groundwater flood risk is of particular interest to low-elevation coastal karst environments as the sudden emergence of the water table at ground surface can result in social disruption, adverse effects to essential services and damage infrastructure. Results are validated using FEMA’s severe repetitive loss (SRL) property records and crowdsourced data. Further research should assess the exacerbated impacts of high tides and sea level rise on water tables under current and future climate projections.

Attribute-Based Encryption for Access Control in Cloud Ecosystems

We introduce a distributed, fine-granuled, policy-based resource access control protocol leveraging on Attribute-Based Encryption. The protocol secures the whole access control procedure from the authorization issuer to the resource server providing grant confidentiality, proof of possession, antiforgery and may be implemented through a developer familiar web token exchange flow plus a HTTP basic authentication flow. As such, it may map to Cloud computing SaaS paradigm, enabling microservices integration into a single, authorization-centric digital ecosystem, even across multiple identity domains. We also present the results of a performance evaluation on a first prototype implementation.