is achieved by using another method as compare to the old way. The need for security and privacy for IoT devices is illuminated here. Moreover, assessment of various schemes related to accesscontrol in IoT over the latest years is discussed. Lastly, we provide guesses for upcoming research in the field of accesscontrol in IoT. On the basis of shortcomings observed in the existing model, the proposed model is designed to protect IoT networks with context-awareaccesscontrol scheme. The proposed model covers the accesscontrol policy for IoT networks with context awareness. IoT is a very useful ecosystem that provides various services; however, at the same time, risk can be huge too. The main purpose of this paper is to survey the accesscontrol and authentication in IOT and analyzing three basic characteristics (i.e., heterogeneity, resource constraint, dynamic environment)of security requirements along six key elements of IoT (i.e., IoT network, cloud, user, attacker, service, Platform).
functionality to build and interact with distributed application by sending eXtensible Markup Language (XML) message.But security management is a difficult work of balancing security and usability. This paper present a context-aware system for user access model. Context-aware computing system successfully undertaking by sensor data. The main objective of the contextaware system is to find and identify the client. To distributing personal information between different devices need privacy support. By introducing new accesscontrol model for accessing resource is needed. This paper proposes an overview of the context-awareaccesscontrol.
For a smartphone user, the GPS sensor can capture the real-time location data, the camera can be used to recognize a person's face etc. Thus, lots of contextual data can be used to identity a user . Paruchuri and Chellappan  proposed an architecture using the sensor data from the smartphone to generate the context and identify the user to the outside world. Various context information such as location, phone call history, Web browser history etc. are used to identify the user. However, their architecture is built and ran on a mobile device, thus it cannot work in a collaborated environment. Kim et al.  presented a context-aware platform for user authentication in Cloud computing. There are three components in the proposed platform: agent, middleware and Cloud service providers. The agent works on smart devices. It collects the context information, stores those information as a user profile. The profile also contains user's preferences. Thus, a user can initially control the data and specify the object that he wants to reveal his personal information. Middleware is responsible for connecting the agent and Cloud service providers. The proposed platform protects users' identity when authentication with a Cloud service provider, but it does not protect user's online data.
Ubiquitous technologies have penetrated in every walk of life ,which helps in spanning the Universe itself . There are a few Ubiquitous technologies like Mobile Phones , PDA’S, RFID, wireless Sensor Networks ,Wireless Network etc, to name a few. During data transmission in these environments, It is open to attacks , data alteration, intrusion , data forgery and impersonations. In order to overcome such shortcomings an improved security service is required. In recent times many networks have come into existence. This is an indicator for diverse properties and these changes dynamically according to the given environment. As of now these have been security models that have been proposed up to this proposal which have included static security functions and policies that cannot provide adaptive security services for a changing environment. Hence, the present proposal for a Dynamic ContextAware Role Based AccessControl Security Model which can provide Security Services based on users and network environmental changes using Fuzzy Logic and the DCARBAC for the Dynamic ContextAware Security Services.
The reference architecture for policy-based access con- trol infrastructures was defined by IETF and DMTF and refined by the XACML standard . In the reference architecture (see Figure 2), the policy decision point (PDP) makes the actual accesscontrol decision. The policy enforcement point (PEP, e.g., an API or a reference mon- itor) requests an accesscontrol decision from the PDP through the context handler. An accesscontrol request generally consists of information about the subject, the object, the action and the environment. The context han- dler gathers initially known attributes from one or more policy information points (PIPs, e.g., a database), which the PDP uses to evaluate the applicable policies loaded from the policy administration point (PAP). Since the required attributes for evaluating a policy depend on the values of former attributes, it is generally impossible to determine the set of required attributes up-front and the PDP can request additional attributes from the context handler if needed. Eventually, the PDP returns its decision (permit or deny), which the PEP enforces.
Since business processes execution may be spread over different organizational units, it is noticed that workflow accesscontrol models should be organizational aware. Wainer et al.  propose a workflow accesscontrol model based on RBAC model extended with case and organization unit entities and appropriate relations. The entity case is added to be able to refer to an instance of a process. Within organizations, and thus in workflow applications, the concept of a hierarchy of people/organizations is prevalent. While work- flow systems, as a rule, include some form of organizational modeling capabilities, RBAC by itself does not have such a hierarchy modeled. Therefore, the RBAC model is extended with the organization unit entity. Constraints can be established over any of the relation- ships of the model and can be broadly classified into static and dynamic. Authors consider that some constraints are more important than others. In certain situations, it may be ac- ceptable to override the less important constraints. Therefore, a priority of constraints is introduced.
We provide two types of context constraints: activity context constraint and role context constraint. Context conditions are applied to both activities and roles associated with the activity. For an activity or role to be active, all context conditions associated with the entity must be true. Associated with each condition is a set a context variable that must be active and ready to be validated. The Activity-based AccessControl Model context constraint validation only occurs if the role requirements, role-cardinality activation constraint, and activity separation have been validated and satisfied. Upon a session's association with
In this paper, We divide the scenario into familiar Context and unfamiliarContext. With present technology, we can use the mobile device’s sensors to infer the user ’ s context. we rely on positioning techniques to identify devices thatare familiar with Context. In the outdoors, we collect location data from theGlobal Positioning System (GPS) to determine a familiar context. However, inthe interior, due to the complexity of the building structure, GPS-based positioning technology has low accuracy, we use Wi-Fi-based location technology forcontext-aware. Under normal circumstances, the receiver at least need to observefour GPS satellite signals to be able to carry out the normal three-dimensionalpositioning. Therefore, when we get more than four satellites, we use GPS toinfer the user ’ s context. Assume that M1 is the first influencing factor in positioning decisions. if num satellite >=4, M1= 1, otherwise, M1=
Role Based AccessControl (RBAC)  is one of the most influential schemes for authorized access information. Within an organization, roles are cre- ated for various job functions. The permissions to per- form certain operations are assigned to specific roles without directly associated with subjects. RBAC pro- vides an effective and easy way to enforce complex accesscontrol policies. Different from RBAC, Con- text Based AccessControl (CBAC)  avoids the notion of roles and directly associates permissions to the subjects by the context information. Usage Con- trol (UCON) [19, 20] combines the notions of accesscontrol, trust management and digital rights manage- ment to provide fine-grained accesscontrol to un- known subjects. None of these schemes have the abil- ity of privacy preservation when the system under emergency situations. The accesscontrol policies run in a reactive manner and the explicit access require from subjects is needed. The accesscontrol policies of RBAC are static in nature and predefined before deployment. Though UCON and CBAC have the abil- ity to change the permissions available to subjects, they only consider the change of the subject context, which is too simplistic for CPS to manage the emer- gency situations.
In addition to context awareness, other works propose to increase the accesscontrol flexibility by taking in consideration operational need. McGraw  (and later Kan- dala et al. ) presents a Risk-Adaptable AccessControl (RAdAC) mechanism that determines access decision based on a computation of security risk and operational need. Multiple factors are used to determine the risk and operational need for every request (e.g. user trustworthiness, the sensitivity of the information requested, user role and privileges, level of uncertainty and history of access decisions). This model allows adapting the deci- sion thresholds such that operational needs may outweigh security risk when appropriate, but it does not itself specify any risk model. In our model (see Chapter 4) we also propose dynamic risk thresholds considering business needs among other factors. We include these factors in the trustworthiness of the request following this reasoning: if a requester needs to access a resource to accomplish a business task the likelihood the access is misused is lower and the request is more trustworthy. In addition, our approach provides (according to the organization preferences) the possibility to enhance this trustworthiness level and allow more permissive access when this is required. These trust enhancement strategies require the fulfillment of obligations providing assurances that the access will not be mis- used (e.g., monitoring of the access) and to mitigate potential misuse impacts (e.g., create a back of a modified data).
ABSTRACT: Rapid growth in biomedical sensors, low power circuits and wireless communications has enabled a new generation of Wireless Sensor Networks, the Body Area Networks (BANs) to serve a variety of applications, mainly dedicated for health care monitoring applications by providing freedom of movement for patients. The existing design challenges in wireless BAN includes energy efficiency, since it is inconvenient to recharge/replace batteries; heterogeneous and dynamic traffic, which may lead to intolerant latency; fading and packet loss due to body movements and environment. MAC protocols ensure proper channel accesscontrol for reliable link level communication and are responsible for coordinating the access from active nodes. An Energy Efficient MAC protocol design is crucially needed to ensure reliable transmission. Recent developments include hybrid MAC protocols, which give consideration to WBAN contexts traffic nature and channel status. A ContextAware MAC (CAMAC) protocol can overcome challenges in WBAN. Our objective is to develop an Enhanced Congestion Aware MAC protocol that takes into consideration the energy that is remaining in the nodes. The existing works make use of OMNET++, TinyOS and NS2 software for analysis. Simulation studies are done using ns2 installed on Fedora. The effectiveness of this suggested MAC is studied by comparing with the existing 802.11 MAC. The new protocol outperforms traditional MAC and strike a desired trade-off between efficiency and reliability. The performance metrics used for analysis are Packet Delivery Ratio, Throughput, Overhead, Jitter, Delay and Average Energy Consumption.
user, the user always retains the ability to define fixed groups of individuals who absolutely can, or cannot access some information. The ability of users to audit system behaviour is critical if such mechanisms are to be accepted, and this goal can be supported by the capture of provenance . Our model considers the trustworthiness of requesters, but does not consider aspects of the context when making trust updates, such as the reason behind a particular violation. For example, a doctor may be bound by legal or ethical responsibilities to share information in certain situations. Sometimes, it is appropriate to mitigate trust update based on the context of a violation, without necessarily changing the data owner’s policy. Capturing rich provenance about the contexts and reasons behind violations, we can avoid forming trust assess- ments which do not reflect the underlying trustworthiness of a requester.
Wireless local area network (WLAN) brings us a low cost and high bandwidth experience and thus plays a critically important role in current/future networks to support high-rate transmissions. To better provide quality-of-service (QoS) for WLAN users, we in this paper propose an improved scheme called “A-EDCA ” (adaptive EDCA), based on en- hanced distributed channel access (EDCA) of IEEE 802.11e under the infrastructure mode. Our proposed scheme aims at efficiently adapting the transmission over WLAN to the time-varying network conditions and mitigating the competi- tion ability unfairness between access point (AP) and non-AP stations (STAs). Specifically, all non-AP STAs adaptive- ly modify the contention window based on the network condition. Moreover, AP skips the backoff phase by setting its backoff counter as zero when non-AP STA completes transmission successfully to relieve the unfairness. At last, simu- lation results demonstrate the effectiveness of the proposed approach.
Abstract—In recent times, image inpainting has witnessed rapid progress due to the generative adversarial networks (GANs) that are able to synthesize realistic contents. However, most existing GAN-based methods for semantic inpainting apply an auto-encoder architecture with a fully connected layer, which cannot accurately maintain spatial information. In addition, the discriminator in existing GANs struggles to comprehend high- level semantics within the image context and yields semantically consistent content. Existing evaluation criteria are biased toward blurry results and cannot well characterize edge preservation and visual authenticity in the inpainting results. In this paper, we propose an improved GAN to overcome the aforementioned limitations. Our proposed GAN-based framework consists of a fully convolutional design for the generator which helps to bet- ter preserve spatial structures and a joint loss function with a revised perceptual loss to capture high-level semantics in the context. Furthermore, we also introduce two novel measures to better assess the quality of image inpainting results. The exper- imental results demonstrate that our method outperforms the state-of-the-art under a wide range of criteria.
Starting from the above considerations, we designed and built Inbooki, a system to develop and read e- books that take into account the context of the readers and adapt the content and the flow to it. So, they can be considered context-aware e-books. The contribution of this paper is the detailed description of Inbooki. Some similar approaches exist, but, as we explain the the next section, they are limited because either they are bound to a specific field or they exploit little context information; instead, our approach aims at being more general and at considering many sources of information. Inbooki enables writers to structure their book taking into consideration different aspects of the context where readers will actually read the e-book. The resulting e-books are called immersive-books (shortly in-books), meaning that the readers are “immersed” in the context where they read the e-books.
In this chapter, we argue that IDS and IPS should dynamically adapt the parallelization and separation of rules based on the observed traffic on the network and the input rules database. That is, all IDS and IPS workloads are not the same, and systems should adapt to the environment in which they are placed to effectively trade-off memory requirements for run-time rule evaluation. To demonstrate this idea, we have developed an adaptive algorithm that systematically profiles the traffic and the input rules to determine a high performance and memory efficient packet inspection strategy that matches the workload. To effectively use memory for high performance, the rules are separated into groups by values of protocol fields and then these rule groups are chosen to be maintained in memory following a simple idea of “the rule groups that have a large number of rules and match the network traffic only a few times should be separated from others.” This idea follows our observation that if rules with value v for a protocol field are grouped separately from others, then for any packet that does not have value v for the protocol field, we can quickly reject all those rules, and if only a few packets have that value, then those rules will be rejected most of the time. Therefore, our workload-aware scheme aims to determine a small number of effective groups for a given workload.
CoBrA  is a design supported broke Agent to support the event of context-aware applications in AN intelligent house. The broker is AN autonomous agent that manages and controls the context model of a selected domain. It runs on a fervent laptop (server) with powerful resources. The broker agent encompasses a bedded design containing the subsequent components: context information, context ratiocinator engine, context acquisition module and privacy management module. The broker agent collects context from devices, alternative agents and sensors of its close surroundings and makes their fusion in a very coherent model which is able to be shared among devices and their corresponding agents. elapid uses metaphysics for context description that permits a decent reasoning and a far better sharing of discourse data. It uses a centralized model for the storage and also the process of context so as to avoid wasting the restricted resources of mobile devices and uses a confidentiality policy for the user. The design needs a fervent server for the broker that will
Contextaware E-Learning systems provide learning content according to a learner’s context. In order to determine a learner’s context, the parameters that constitute the context and the values of these parameters in the current learner’s situation have to be found. There are several existing contextaware E-Learning systems and each of these are taking care of some of the context parameters - like learning styles, learner preferences etc. But, a standardized static context model that helps to capture a learner’s context in its entirety is not available. This paper proposes a static context model that helps to capture a learner’s context. The static context model is developed by consolidating the various context parameters used in the existing contextaware E-Learning systems and organizing them into an appropriate structure. The structure of the static context model along with the parameters that constitute the context is explained in the paper
The AFS takes the abstract distributed file system model requirements a step further with its support for disconnected operation. This is achieved by using a caching strategy that leaves files on client machines until an update of some sort is made known to the server. While this minimises network communication, it throws up obvious consistency issues that require a robust protocol to administer. By using whole-file caching where possible, most client requests will be serviced by local copies. When a close operation or some equivalent is invoked, the AFS is responsible for updating the master copy back at the server. This approach is based on observation of file access behaviour on UNIX systems whereby locality of reference is strong in other words, most files on a system are not considered collaborative, and users tend to modify their own files and theirs alone in general—obviating the need for update resolution for long periods of time and so freeing network resources.