Ali Abdallah

• Birmingham City University

We discuss the problem of accountability when multiple parties cooperate towards an end result such as multiple companies in a supply chain or departments of a government service under different authorities. In cases where a full trusted central point does not exist, it is difficult to obtain a trusted audit trail of a workflow when each individual...

Workflows involve actions and decision making at the level of each participant. Trusted generation, collection and storage of evidence is fundamental for these systems to assert accountability in case of disputes. Ensuring the security of audit systems requires reliable protection of evidence in order to cope with its confidentiality, its integrity...

Cyber Threat Intelligence (CTI) sharing has become a novel weapon in the arsenal of cyber defenders to proactively mitigate increasing cyber attacks. Automating the process of CTI sharing, and even the basic consumption, has raised new challenges for researchers and practitioners. This extensive literature survey explores the current state-of-the-a...

Microservices-based applications are considered to be a promising paradigm for building large-scale digital systems due to their flexibility, scalability, and agility of development. To achieve the adoption of digital services, applications holding personal data must be secure while giving end-users as much control as possible. On the other hand, f...

Microservices have drawn significant interest in recent years and are now successfully finding their way into different areas, from enterprise IT and the Internet of Things to critical applications. This paper discusses how microservices can be secured at different levels and stages considering a common software development lifecycle.

Cyber threat intelligence sharing has become a focal point for many organizations to improve resilience against cyberattacks. The objective lies in sharing relevant information achieved through automating as many processes as possible without losing control or compromising security. The intelligence may be crowdsourced from decentralized stakeholde...

Cyber threat intelligence sharing is an imperative process to survive current and future attacks. The received information may protect stakeholders from being attacked by utilizing the course of action to remedy on-site vulnerabilities. Automating this process has shown to be challenging because several processes have to be synchronized and orchest...

Several energy systems have been developed and studied to help occupants reduce energy usage by providing feedback about their consumption. But recently, a major challenge has emerged about how to enable users to make informed energy efficiency decisions based on consumption feedback. This is because existing systems only present abstract consumpti...

Existing electricity feedback systems provide home occupants with real-time consumption data to enable them to control their consumption. However, these systems provide abstract consumption data that is not related to the occupants surrounding. Although there are some attempts to enrich consumption data with some context information, the presented...

Cyber security is vital to the success of today’s digital economy. The major security threats are coming from within, as opposed to outside forces. Insider threat detection and prediction are important mitigation techniques. This study addresses the following research questions: 1) what are the research trends in insider threat detection and predic...

The significant advantages that biometric recognition technologies offer are in danger of being left aside in everyday life due to concerns over the misuse of such data. The biometric data employed so far focuses on the permanence of the characteristics involved. A concept known as ‘the right to be forgotten’ is gaining momentum in international la...

We present applications of audited credential delegation (ACD), a usable security solution for authentication, authorization and auditing in distributed virtual physiological human (VPH) project environments that removes the use of digital certificates from end-users' experience. Current security solutions are based on public key infrastructure (PK...

In this paper, we offer a comprehensible survey and classification on cryptographic schemes which serve as the building blocks for most privacy-enhancing protocols and systems being deployed nowadays. For each cryptography material here described we offer a brief description of its foundations, the privacy-related features it possesses and an illus...

Extended Paper based on C. Moeckel, Ali E. Abdallah (2010) "Threat Modelling Approaches and Tools for Securing Architectural Designs of an E-Banking Application", IEEE

Software is the most important line of defense for protecting critical information assets such as in e-banking. The continuous increase in sophistication and in volume of cyber security attacks provides compelling reasons for enhancing the security of software applications that control critical assets. There is a broad acceptance that in order to p...

One major problem faced by end-users and administrators of computational grid environments arise in connection with the usability of the security mechanisms usually deployed in these environments, in particular identity management. Many of the existing computational grid environments use Public Key Infrastructure (PKI) and X.509 digital certificate...

Degree of identity assurance has been realized in several different approaches to authentication assurance frameworks; to become one of the parameters used in decision making about whether to grant or deny a service. However, current approaches do not look at diversity of authentication mechanisms, used for establishing the identity of a user, as a...

This paper attempts to accurately model security requirements for computational grid environments with particular focus on authentication. We introduce the Audited Credential Delegation (ACD) architecture as a solution to some of the virtual organisations identity management usability problems. The approach uses two complementary models: one is sta...

In recent years, many cryptography protocols have been designed for many different scenarios, with the purpose of preserving security of communications as well as privacy and anonymity of participant entities. In general, every proposed solution has possed a real challenge to the existing formal methods of protocol analysis and verification. The ma...

Identity management (IDM) is a pillar upon which all security goals are usually founded. Recent years have witnessed the emergence of a large number of new technologies for IDM systems such as Kerberos, Microsoft Passport, Shibboleth and Liberty Alliance. On the one hand, these systems offer organizations and service providers features which widely...

One of the main aims of certificate based Public Key Infrastructure (PKI) is to provide authentication in distributed systems. Through its functions, PKI authentication can be viewed as a re-usable component that can be integrated with other systems to offer strong authentication, scalability, and mobility, particularly for large organizations. PKI...

This paper attempts to accurately model security requirements for computational grid environments with particular focus on authentication. We introduce the Audited Credential Delegation (ACD) architecture as a solution to some of the virtual organisations identity management usability problems. The approach uses two complementary models: one is sta...

Information Assurance and computer security are serious worldwide concerns of governments, industry, and academia. Computer security is one of the three new focal areas of the ACM/IEEE's Computer Science Curriculum update in 2008. This ACM/IEEE report describes, as the first of its three recent trends, "the emergence of security as a major area of...

A particular challenge which is critically important to the development and reusability of Web Service (WS) systems is to have a precise understanding of the functionality of the service under consideration. Currently, this information is not captured by the associated WS technologies. For instance, the WSDL description at best captures type inform...

Web services (WSs) compositions deal with specifying how to assemble a complex WS system from elementary services. These services can be provided on the Web by third parties as WSs, COTS, or bespoke components. In many cases, using a component “as-is” is very unlikely to occur. Components which act as building blocks for the construction of WSs hav...

Web services (WSs) compositions deal with specifying how to assemble a complex WS system from elementary services. These services can be provided on the Web by third parties as WSs, COTS, or bespoke components. Wrappers are becoming the norm for customising existing components in order to integrate them into larger WS systems. In many cases, using...

Role-based access control (RBAC) models are a powerful tool for describing and managing authorization, particularly, in large organizations. The benefits of using formal methods to describe RBAC models in a clear, consistent and rigorous manner have been recognized. Notable exemplars, that have been formulated in the formal specification notation Z...

This paper compares and contrasts authentication mechanisms used in three VO architectures: the first reflects ad-hoc connections among several organizations, the second uses a centrally managed database and the third is based on public key infrastructure (PKI). The reason for studying these particular three architectures is that they cover a large...

The use of Z in software development has focused on specifying the functionality of a system. However, when developing secure system, it is important to address fundamental security aspects, such as authentication, authorization, and auditing. In this paper, we show an approach for building systems from generic and modular security components using...

In this paper, we experiment with use of a formal framework for developing secure Web services (WSs) from components. The framework focuses on separating security requirements from the functional ones. For each component, the approach makes use of two complementary models: one is state-based, described in Z, and the other is event-based, expressed...

This paper presents new, efficient, massively pipelined algorithms for several list manipulation operations. Transformational programming is used in the development of these algorithms from clear functional specifications to networks of linearly connected communicating processes in CSP. The derivation of each algorithm is achieved by transforming t...

Role-based access control (RBAC) is a high level authorization mechanism in which access decisions are based on the roles that users hold within an organization. Because RBAC offers scalability, consistency and ease of maintenance, it is very useful, particularly for large organizations. RBAC has been used to describe authorization in a wide variet...

Many of the existing security components and frameworks for computational grid environments either suffer from significant usability issues for end-users and/or administrators, or their administration and deployment is extremely complex and resource-intensive. This has lead to a situation where using such environments securely is so difficult that...

This book commemorates the work done by Tony Hoare and published under the title Communicating Sequential Processes in the 1978 August issue of the Communications of ACM. The British Computer Society's specialist group Formal Aspects of Computing Science organized a meeting on July 7-8, 2004, in London, to mark the occasion of 25 years of CSP. The...

The paper focuses on the synthesis of a highly parallel reconfigurable hardware implementation for the International Data Encryption Algorithm (IDEA). Currently, IDEA is well known to be a strong encryption algorithm. The use of such an algorithm within critical applications, such as military, requires efficient, highly reliable and correct hardwar...

Given the recent emergence of cheap reconfigurable hardware, such as the FPGA, it is now possible to obtain reconfigurable circuits with up-wards of one hundred million gates. Although we have such enormously powerful hardware at our fingertips, we are still somewhat lacking in techniques to properly exploit this technology to its full potential. W...

Recent advances in manufacturing programmable logic devices, such as the FPGA, have made it possible to obtain reconfigurable circuits with upwards of one hundred million gates. Although we have such enormously powerful hardware at our fingertips, we are still somewhat lacking in techniques to properly exploit this technology to its full potential....

Role-Based Access Control (RBAC) usually enables a higher level view of authorization. In this model, access permissions are assigned to roles and, in turn, roles are allocated to subjects. The usefulness of the RBAC model is well documented. It includes simplicity, consistency, scalability and ease of manageability. In practice, however, only limi...

Summary form only given. Role-based access control (RBAC) is very useful for providing a high level description of access control. It enables a better understanding of the security problems in an institution because it bridges the gap between their technical aspects and their managerial descriptions. Several models have been devised to describe RBA...

We focus on implementing high level functional algorithms in reconfigurable hardware. The approach adopts the transformational programming paradigm for deriving massively parallel algorithms from functional specifications. It extends previous work by systematically generating efficient circuits and mapping them onto reconfigurable hardware. The mas...

This paper describes a systematic way of constructing correct prototypes in a functional language such as Miranda or Haskell from Z specifications. A formal relationship between Z specifications and functional prototypes is established. This relationship is based on model refinement in the sense of specification refinement in the model-oriented spe...

First Page of the Article

Enormous improvkU9: in e#ciency can be achiev d through exploiting parallelism and realizing implementation in hardware. On the other hand, conv -F:6 methods for achievF these improvrF:6 are traditionally costly, complex and error prone. Two significantadvk es in the past decade hav radically changed these perceptions. Firstly, the FPGA, which givc...

Enormous improvements in efficiency can be achieved through exploiting parallelism and realizing implementation in hardware. On the other hand, conventional methods for achieving these improvements are traditionally costly, complex and error prone. Two significant advances in the past decade have radically changed these perceptions. Firstly, the FP...

Improving performance is the main driving force behind the use of par- allel systems. Models for performance evaluation and techniques for performance optimisation are crucial for effectively exploiting the computational power of parallel systems. This paper focuses on methods for evaluating the performance of parallel ap- plications built from com...

The FPGA has provided us low cost yet extremely powerful reconfigurable hardware, which provides excellent scope for the implementation of parallel algorithms. We propose that despite having this enormous potential at our fingertips, we are somewhat lacking in techniques to properly exploit it. We propose a development strategy commencing with a cl...

Poster

This paper describes a systematic way of constructing correct prototypes in a functional language such as Miranda from Z specifications. A formal relationship between Z specifications and functional prototypes is established. This relationship is based on model refinement in the sense of specification refinement in the model-oriented specification...

The main purpose of this paper is to present a functional view of the fundamentals of the computer graphics process based on the classic polygonal model. There are several advantages for adopting such an approach. Firstly, the functional view is a natural abstraction of the problem. Secondly, many well known computer graphics optimization technique...

We present a generic genetic algorithm expressed in the functional programming style, specifically the language Haskell. This is a single, higher order function that can encapsulate the functionality of almost any genetic algorithm, and is accompanied by a library of standard GA components. We demonstrate its flexibility by expressing a number of d...

In recent years there has been growing interest in systematic methods for refining Z specifications into programs. We consider a transformational programming strategy known as filter promotion and examine its use for refining a class of Z specifications into sequential as well as parallel programs. This strategy is particularly useful for transform...

DNA matching is a computationally demanding task. The Human Genome Project is producing huge quantities of data, which have to be analyzed. A formal description of the task of searching a DNA sequence is given and an efficient parallel algorithm is derived using formal methods. The algorithm is implemented on an FPGA using Handel-C, a language that...

This paper adopts a transformational programming approach for deriving massively parallel algorithms from functional specifications. It gives a brief description of a framework for relating key higher order functions such as map, reduce, and scan with communicating processes with different configurations. The parallelisation of many interesting fun...

This paper presents ongoing research and development on an integrated tool for the visualisation and animation of message-passing communicating systems described in Hoare's CSP (Communicating Sequential Processes). It introduces major new developments to the original VisualNets implemented in C++ and reported in (Abdallah, 1998). The new tool is im...

In order to develop generic skeleton solutions for general parallel architectures, it is necessary to formulate the design within a concurrency framework such as CSP [284]. Often parallel functional programs [505] show peculiar behaviours which are only understandable in the sole terms of concurrency rather than relying on hidden implementation det...

This paper describes some aspects of an interactive graphical tool designed to exhibit, through animation, the dynamic behaviour of parallel systems of communicating processes. The tool, called VisualNets, provides functionalities for visually creating graphical representations of processes, connecting them via channels, defining their behaviours...

A binary operator which takes two lists os ar-guments is colled, multiscon if eaery element of the first list must be considered, in conjunction with eu-ery element of the second list in order to produce the result. Seuerol problems such as the relat'i,onal databose operators join, intersection, and, difference can be expressed as specific instance...

A transformational programming approach is proposed as a means for developing a class of parallel algorithms from clear functional specifications to efficient networks of communicating sequential processes (CSP). A foundation for the systematic refinement of functional specifications into CSP processes is established. Techniques for exhibiting impl...

We present the transformational derivations of several efficient, scalable, message-passing parallel algorithms from clear functional specifications. The starting algorithms rely on some commonly used combinatorial list generator functions such as tails, inits, splits and cp (Cartesian product) for generating useful intermediate results. This paper...