Browsing by Author "Needham, Don"
Now showing 1 - 6 of 6
Results Per Page
Sort Options
Item Cluster-Based Join for Geographically Distributed Big RDF Data(IEEE, 2019-08-29) Yang, Fan; Crainiceanu, Adina; Chen, Zhiyuan; Needham, DonFederated RDF systems allow users to retrieve data from multiple independent sources without needing to have all the data in the same triple store. The performance of these systems can be poor for large and geographically distributed RDF data where network transfer costs are high. This paper introduces CBTP, a novel join algorithm that takes advantage of network topology to decrease the cost of processing SPARQL queries in a geographically distributed environment. Federation members are grouped in clusters, based on the network communication cost between the members, and the bulk of the join processing is pushed to the clusters. We use an overlap list to efficiently compute join results from triples in different clusters. We implement our algorithms in OpenRDF Sesame federated framework and use Apache Rya triple store instances as federation members. Experimental evaluation results show the advantages of our approach over existing techniques.Item Efficient and Privacy-Preserving Collaborative Intrusion Detection Using Additive Secret Sharing and Differential Privacy(IEEE, 2022-01-13) Mokry, Laylon; Slife, Paul; Bishop, Patrick; Quiroz, Jose; Guzzi, Cooper; Chen, Zhiyuan; Crainiceanu, Adina; Needham, DonIntrusion Detection Systems are commonly used by organizations to monitor network traffic and detect attacks or suspicious behaviours. However, many attacks occur across organizations and are often difficult to detect using any single IDS. Collaborative Intrusion Detection Systems could lead to more accurate prediction and detection of cyber threats as well as a reduction of security administrators’ workload as similar threats from different places can be merged. However, most organizations are unwilling to disclose sensitive information about their internal network topology and traffic, lending these systems unusable. Existing solutions using homomorphic encryption and secure multi-party computation are often expensive. In this paper, we propose efficient and privacy preserving techniques to correlate alerts generated at different organizations. We propose skPrototypes, a distributed clustering algorithm for horizontally partitioned mixed data using additive secret sharing. This algorithm can be used to create a privacy preserving, collaborative intrusion detection system. We also propose dpkPrototypes which uses differential privacy on categorical attributes and is more efficient than skPrototypes for categorical attributes with many distinct values. Theoretical and experimental results validate the effectiveness of our algorithms.Item A Framework for Situation-Aware Access Control in Federated Data-as-a-Service Systems Based on Query Rewriting(IEEE, 2020-10-19) Oni, Samson; Chen, Zhiyuan; Crainiceanu, Adina; Joshi, Karuna Pande; Needham, DonOrganizations often need to share mission dependent data in a secure and flexible way. Examples include contact tracing for a contagious disease such as COVID-19, maritime search and rescue operations, or creating a collaborative bid for a contract. In such examples, the ability to access data may need to change dynamically, depending on the situation of a mission (e.g., whether a person tested positive for a disease, a ship is in distress, or a bid offer with given properties needs to be created). We present a novel framework to enable situation-aware access control in a federated Data-as a- Service architecture by using semantic web technologies. Our framework allows distributed query rewriting and semantic reasoning that automatically adds situation based constraints to ensure that users can only see results that they are allowed to access. We have validated our framework by applying it to two dynamic use cases: maritime search and rescue operations and contact tracing for surveillance of a contagious disease. This paper details our implemented solution and experimental results of the two use cases. Our framework can be adopted by organizations that need to share sensitive data securely during dynamic, limited duration scenarios.Item MATS: A Multi-aspect and Adaptive Trust-based Situation-aware Access Control Framework for Federated Data-as-a-Service Systems(IEEE, 2022-08-22) Kim, Dae-young; Alodadi, Nujood; Chen, Zhiyuan; Joshi, Karuna; Crainiceanu, Adina; Needham, DonFederated Data-as-a-Service systems are helpful in applications that require dynamic coordination of multiple organizations, such as maritime search and rescue, disaster relief, or contact tracing of an infectious disease. In such systems it is often the case that users cannot be wholly trusted, and access control conditions need to take the level of trust into account. Most existing work on trust-based access control in web services focuses on a single aspect of trust, like user credentials, but trust often has multiple aspects such as users’ behavior and their organization. In addition, most existing solutions use a fixed threshold to determine whether a user’s trust is sufficient, ignoring the dynamic situation where the trade-off between benefits and risks of granting access should be considered. We have developed a Multi-aspect and Adaptive Trust-based Situation-aware Access Control Framework we call “MATS” for federated data sharing systems. Our framework is built using Semantic Web technologies and uses game theory to adjust a system’s access decisions based on dynamic situations. We use query rewriting to implement this framework and optimize the system’s performance by carefully balancing efficiency and simplicity. In this paper we present this framework in detail, including experimental results that validate the feasibility of our approach.Item A Semantic Framework for Secure and Efficient Contact Tracing of Infectious Diseases(IEEE, 2022-01-14) Schubel, Payton; Chen, Zhiyuan; Crainiceanu, Adina; Joshi, Karuna; Needham, DonContact tracing is the process of identifying people who came into contact with an infected person (“case”) and collecting information about these contacts. Contact tracing is an essential part of public health infrastructure and slows down the spread of infectious diseases. Existing contact tracing methods are extremely time and labor intensive due to their reliance on manually interviewing cases, contacts, and locations visited by cases. Additionally, complex privacy regulations mean that contact tracers must be extensively trained to avoid improper data sharing. App-based contact tracing, a proposed solution to these problems, has not been widely adopted by the general public due to privacy and security concerns. We develop a secure, semantically rich framework for automating the contact tracing process. This framework includes a novel, flexible ontology for contact tracing and is based on a semi-federated data-as-a-service architecture that automates contact tracing operations. Our framework supports security and privacy through situation-aware access control, where distributed query rewriting and semantic reasoning are used to automatically add situation based constraints to protect data. In this paper, we present our framework along with the validation of our system via common use cases extracted from CDC guidelines on COVID-19 contact tracing.Item Situation-Aware Access Control in Federated Data-as-a-Service for Maritime Search and Rescue(IEEE, 2019-08-29) Oni, Samson; Chen, Zhiyuan; Crainiceanu, Adina; Joshi, Karuna; Needham, DonMaritime Search and Rescue missions involve complex operations in which multiple entities, playing different roles in dynamic situations, benefit from sharing mission-dependent data. We propose an approach to support situation-aware access control in a federated Data-as-a-Service architecture. We develop an ontology and rules to represent access control policies and a distributed reasoning framework to enforce these policies. We implement our proposed solution in a proof-of-concept system.