R. K. Shyamasundar

• Professor at Indian Institute of Technology Bombay

Access control is one of the key mechanisms used for protecting system resources. While each of the existing access control models has its own benefits, it is difficult to satisfy all the requirements of a contemporary system with a single model. In this paper, we propose a unified model by combining three existing well-known models – Role-based Ac...

Web browser-based applications deal with humongous user information using applications of web scripts. In particular, JavaScript applications access information through built-in browser APIs that dynamically load remote scripts and execute with the same privilege as that of the applications – usually referred to as mashup model. Unfortunately, this...

Attribute-Based Access Control (ABAC) is an emerging access control model. It is increasingly gaining popularity, mainly because of its flexible and fine-grained access control. As a result, many Role-Based Access Control (RBAC) systems are migrating to ABAC. In such migrations, ABAC mining is used to create ABAC policies from existing RBAC policie...

Fortress provides a nice set of abstractions used widely in scientific computing. The use of such abstractions enhances the productivity of programmers/users. Also, in scientific computations, boilerplate code has extensive usage. Keeping this in view, we embed Fortress abstractions in an X10 environment so that we can get better productivity witho...

Ever since databases became an ubiquitous part of enterprises or businesses, security and privacy became a requirement. Traditionally, privacy was realized through various methods of database access control and relied much on the use of statically defined views, which are essentially logical constructs imposed over database tables that can alter or...

Compile-time information flow analysis has been a promising technique for protecting confidentiality and integrity of private data. In the last couple of decades, a large number of information flow security tools in the form of run-time execution-monitors or static type systems have been developed for programming languages to analyze information fl...

Realizing flow security in a concurrent environment is extremely challenging, primarily due to non-deterministic nature of execution. The difficulty is further exacerbated from a security angle if sequential threads disclose control locations through publicly observable statements like print, sleep, delay, etc. Such observations lead to internal an...

SPARK 2014 (SPARK hereafter) is a programming language designed for building highly-reliable applications where safety and security are key requirements. SPARK platform performs a rigorous data/information flow analysis to ensure the safety and reliability of a program. However, the flow analysis is oriented towards establishing functional correctn...

SELinux policies used in practice contain tens of thousands of rules, making it hard to comprehend their impact on the security and to verify whether they actually meet the intended security goals. In this paper, we describe an approach for reasoning about the consistency of a given SELinux policy by analyzing the information flows caused by it. Fo...

With the generation of vast amounts of data, there has been a tremendous need for processing the same in an economical way. MapReduce paradigm provides an economical processing of huge datasets in an effective way. Hadoop is a framework for managing huge amounts of data, and facilitates parallel computations on data using commodity hardware, throug...

Cyber resiliency has been a very challenging engineering research. There have been several case studies done to assess cyber resiliency of enterprise business application through application of attack graphs. The challenge of automation lies in extracting from a general business enterprise system, the distinct layers like asset layer, service layer...

With the ever increase in the demand of building secure systems, recent years are witnessing a plethora of research on information flow control (IFC) techniques in programming languages to enforce a finer-grained restriction on the propagation of information among untrusted objects. In this paper, we introduce a dynamic labelling (DL) algorithm (Th...

The management of personal information has become an insurmountable problem. The reasons are multi-fold and intertwined: technological, legal, regulatory, commercial, and behavioural. The proliferation of online social networks like Facebook has made the problem even more acute because of its business model where users' personally identifiable info...

It is highly desirable to have a safety property characterizing a general notion of secure information flow that succinctly captures the underpinnings of language-based security for general purpose programming languages. Such a notion must necessarily consider both implicit and explicit flows, and the need to provide labeled outputs. The notion mus...

A client-server architecture mapped to a multi-level security (MLS) system maintain independent access restrictions for various system resources. Traditional access control mechanisms e.g., discretionary access matrix often lead to indirect access, therefore are incapable to enforce confidentiality and integrity at process-level. The confused deput...

There are various approaches to the formalization of systems that operate in accordance with the principles of the Internet of Things (IoT). The main goal of creating such formalisms is the need to build complete digital models of real objects used for the purposes of their optimal management and the rational (optimal) use of available resources. T...

This book constitutes the proceedings of the 15th International Conference on Information Systems Security, ICISS 2019, held in Hyderabad, India, in December 2019. The 13 revised full papers and 4 short papers presented in this book together with 4 abstracts of invited talks were carefully reviewed and selected from 63 submissions. The papers cover...

Online social networks (OSNs) like Facebook witness our online activities either by our consent or by bartering our desire to avail free services. Being a witness, OSNs have access to users’ personal data, their social relationships and a continuous flow of their online interactions from various tracking techniques the OSNs deploy in collaboration...

Graphics Processing Units (GPUs) have evolved from pure graphics applications toward general purpose applications, often referred to as GPGPU computing. However, its scope is still limited to data‐parallel applications that require little synchronization. As synchronization on GPUs is quite costly, synchronization requirements in GPUs are usually r...

Information-flow control (IFC) encompasses several practical end-to-end security requirements including confidentiality and integrity, and is widely regarded as a uniform approach to building secure systems. File system is an important component of any secure system as it is the most widely used channel for information sharing among applications. I...

Facebook allows its users to specify privacy settings for the information they share with other users and Apps. Apps seek a set of permissions from the user at the time of installation. There is no check that is performed to evaluate any possible adverse implications of App’s permissions on the in-force privacy settings of an user. In this paper, w...

SELinux/SEAndroid policies used in practice contain tens of thousands of access rules making it hard to analyse them. In this paper, we present an algorithm for reasoning about the consistency of a given policy by analysing the information flows implied by it. For this purpose, we model SELinux policy rules using the Readers-Writers Flow Model (RWF...

Disaster management demands a near real-time information dissemina-tion so that the emergency services can be provided to the right people at the right time. Recent advances in information and communication technologies enable collection of real-time information from various sources. For example, sensors deployed in the fields collect data about th...

TRUST is the cornerstone of our relationships; whether in business, society, or with the institutions that govern us. As Internet has extended the sphere of our ability to do business and conduct personal interactions across the world, its trustworthiness has come under stress in past two decades. Our collective journey through the Internet seems i...

Smartness in smart cities is achieved by sensing phenomena of interest and using them to make smart decisions. Since the decision makers may not own all the necessary sensing infrastructures, crowdsourced sensing can help collect important information of the city in near real-time. However, involving people brings the risk of exposing their private...

In this paper, we propose an enhanced Automatic Checkpointing and Partial Rollback (CaPR++) algorithm to realize Software Transactional Memory (STM), that employs partial rollback mechanism for conflict resolution. We have comparatively evaluated the “Abort” and “Partial Rollback” mechanisms for STMs. For purposes of comparison, we have used the st...

Programming languages are pivotal for building robust secure systems, and language-based security platforms are very much in demand for building secure systems. In this paper, we explore an approach for static security certification of a class of imperative programs using a hybrid of static and dynamic labelling via information flow control (IFC) m...

Lattice-based access control models (LBAC) initiated by Bell-LaPadula (BLP)/Biba models, and consolidated by Denning have played a vital role in building secure systems via Information Flow Control (IFC). IFC systems typically label data and track labels, while allowing users to exercise appropriate access privileges. This is defined through a fini...

Facebook has a very flexible privacy and security policy specification that is based on intensional and extensional categories of user relationships. The former is fixed by Facebook but controlled by users whereas the latter is facilitated by Facebook with limited control to users. Relations and flows among categories is through a well-defined set...

Security protocols are essential for establishing trust in electronic transactions over open networks. Currently used languages/logics for protocol specifications do not facilitate/force the designer to make explicit goals, intentional assumptions or the preceding history across interactions among the stakeholders. This has resulted in gaps in spec...

Conformance of declared security policies while traversing different sites has been a challenge for realizing work-flows on clouds that need to move from one cloud domain to another domain from the perspective of optimization of utilization. Such a possibility will enable optimization of communication and thereby realize the tenet of Utility Comput...

The primary aim of web application development frameworks like Django is to provide a platform for developers to realize applications from concepts to launch as quickly as possible. While Django framework provides hooks that enable the developer to avoid the common security mistakes, there is no systematic way to assure compliance of a security pol...

In this paper, we describe an enhanced Automatic Check- pointing and Partial Rollback algorithm(CaP R + ) to realize Software Transactional Memory(STM) that is based on con- tinuous conflict detection, lazy versioning with automatic checkpointing, and partial rollback. Further, we provide a proof of correctness of CaP R+ algorithm, in particular, O...

Security protocols are essential for establishing trustworthiness of electronic transactions over open networks. Currently used languages and logics for protocol specifications do not facilitate/force the designer to make explicit goals, intentional assumptions or the preceding history across interactions among the stakeholders. Readers-Writers Flo...

Lattice model of secure information flow (referred as LIFS) is the foundation for building secure systems. In this paper, we capture the lattice model of security for mobility in a distributed setup using the formalism of Mobile Ambient calculus (MA) that has been widely used to model mobility and concurrency. Our model, referred to as Labelled Mob...

Embodiments of the invention provide efficient scheduling of parallel computations for higher productivity and performance. Embodiments of the invention provide various methods effective for affinity driven and distributed scheduling of multi-place parallel computations with physical deadlock freedom.

Techniques for static code analysis are provided. The techniques include routing a code analysis request to a set of one or more static code analysis tools based on a context of the request, merging one or more tool-specific outputs of the code analysis, wherein merging the one or more tool-specific outputs comprises using one or more tool-specific...

Alan Turing is considered one among the 20th century's 100 greatest minds. The invention of storedprogram universal computer by him, is arguably the most influential mathematical abstraction of the 20th century that changed the whole world for good. While this invention became one of the cornerstones of computer science, Turing was best known durin...

This book constitutes the refereed proceedings of the 10th International Conference on Information Systems Security, ICISS 2014, held in Hyderabad, India, in December 2014. The 20 revised full papers and 5 short papers presented together with 3 invited papers were carefully reviewed and selected from 129 submissions. The papers address the followin...

Due to technological advances, it has been a common practice for quite some time to use embedded computers for the monitoring and control of physical processes/plants. These are essentially networked computer-based systems consisting of application-specific control-processing systems, actuators, sensors etc., used for digitally controlling physical...

Public Private Partnerships (PPP) as a model is an efficient formula to implement public services by forming collaboration between private partners and the government. PPPs are complex legal arrangements designed to share the control, risks and rewards of a set of specific investments among private partners and a government sector. In most PPP mode...

Techniques for generating concurrent static single assignment (CSSA) are provided. The techniques include generating a clocked control flow graph of a program, for each thread of the program created through async instruction, determining each part of the program that can execute concurrently with each thread to create a pair comprising a thread and...

Exascale computing requires complex runtime systems that need to consider affinity, load balancing and low time and message complexity for scheduling massive scale parallel computations. Simultaneous consideration of these objectives makes online distributed scheduling a very challenging problem. Prior distributed scheduling approaches are limited...

Current security practices do not provide confidentiality and integrity assurance on end-to-end behavior of distributed computing systems. An end-to-end confidentiality and integrity policy should be strong enough so that an attacker cannot infer crucial confidential information, modify control flow of programs, even though attacker may be observin...

In this paper, we propose a lightweight, application independent transport protocol for communication of the nodes belonging to a wireless sensor network (WSN) with the nodes belonging to a local area network. The framework consists of a novel downstream routing scheme and a well-known tree based upstream routing protocol for WSNs. The downstream r...

Petascale computing requires complex runtime systems that need to consider affinity, load balancing and low time and message complexity for scheduling massive scale parallel computations. Simultaneous consideration of these objectives makes online distributed scheduling a very challenging problem. Prior distributed scheduling approaches are limited...

Techniques for providing safe user-managed memory are provided. The techniques include performing memory allocation in constant time, performing memory de-allocation in constant time, performing memory access overhead for safety checking in constant time, and using the memory allocation, memory de-allocation and memory access overhead to protect at...

This book constitutes the refereed proceedings of the 14th International Conference on Distributed Computing and Networking, ICDCN 2013, held in Mumbai, India, during January 3-6, 2013. The 27 revised full papers, 5 short papers presented together with 7 poster papers were carefully reviewed and selected from 149 submissions. The papers cover topic...

These keynote discusses the following: multicore and extreme scale computing: programming and software challenges; strategies for neutralizing sexually explicit language in cyberspace; and decision analysis in societal planning.

Increasing number of services available on web makes service discovery a difficult problem. Existing webservice search techniques follow search by names or inputs, outputs. Here we propose a new method to search web services on the basis of service elements and the maps they make. Service maps are also found useful in exploring alternatives and bus...

Petascale computing requires complex runtime systems that need to consider load balancing along with low time and message complexity for scheduling massive scale parallel computations. Simultaneous consideration of these objectives makes online distributed scheduling a very challenging problem. For state space search applications such as UTS, NQuee...

May-happen-in-parallel analysis is a very important analysis which enables several optimizations in parallel programs. Most of the work on MHP analysis has used forward flow analysis to compute "parallel(n)" | set of nodes which may execute in parallel to a given node "n" | including those approaches that addressed the issue for dynamic barrier lan...

In this paper, we propose a protocol for downstream communication in a wireless sensor network (WSN) based on the Postorder Numbering (PN) scheme in a tree. The existing solutions are either based on mesh routing or on full dissemination. Mesh routing is not suitable for large collection networks, while dissemination based routing can not address i...

BPMN is widely used in Model Drive Architectures (MDA) for enterprise-scale solutions. In this paper, we shall realize an executional platform for MDA framework using BPMN. We transform BPMN into an executional framework using Orc [1]. Orc is a web orchestration language that provides uniform access to computational services, including distributed...

Asynchronous and Synchronous languages have been in use for the specification of reactive systems. One of the main distinguishing features of these two classes lies in the way nondeterminism is used for the specification of programs. From this viewpoint, we analyze CSP (a typical asynchronous language) and ESTEREL (a synchronous language). The sync...

Service Level Agreements (SLAs) need to be monitored at runtime to assure that the Business Level Agreements (BLAs) / Business Level Objectives (BLOs) are indeed satisfied in the realized business workflow and allow the organization to adjust its business processes best to the environment. In this paper, we show how multiple SLAs specified on vario...

With the advent of many-core architectures and strong need for Petascale (and Exascale) performance in scientific domains and industry analytics, efficient scheduling of parallel computations for higher productivity and performance has become very important. Further, movement of massive amounts (Terabytes to Petabytes) of data is very expensive, wh...

Exascale computing is fast becoming a mainstream research area. In order to realize exascale performance, it is necessary to have efficient scheduling of large parallel computations with scalable performance on a large number of cores/processors. The scheduler needs to execute in a pure distributed and online fashion, should follow affinity inheren...

The distributed nature of web services, absence of a single stakeholder and the resulting fact that there is no control on the individual web services makes it difficult to ensure that the computation underlying the web service composition proceeds as intended. Thus, it is essential to monitor the computations at runtime to satisfy the needs of the...

Barrier synchronization is widely used in shared-memory parallel programs to synchronize between phases of data-parallel algorithms. With proliferation of many-core processors, barrier synchronization has been adapted for higher level language abstractions in new languages such as X10 wherein the processes participating in barrier synchronization a...