Leszek Lilien's research while affiliated with Western Michigan University and other places
What is this page?
This page lists the scientific contributions of an author, who either does not have a ResearchGate profile, or has not yet added these contributions to their profile.
It was automatically created by ResearchGate to create a record of this author's body of work. We create such pages to advance our goal of creating and maintaining the most comprehensive scientific repository possible. In doing so, we process publicly available (personal) data relating to the author as a member of the scientific community.
If you're a ResearchGate member, you can follow this page to keep up with this author's work.
If you are this author, and you don't want us to display this page anymore, please let us know.
It was automatically created by ResearchGate to create a record of this author's body of work. We create such pages to advance our goal of creating and maintaining the most comprehensive scientific repository possible. In doing so, we process publicly available (personal) data relating to the author as a member of the scientific community.
If you're a ResearchGate member, you can follow this page to keep up with this author's work.
If you are this author, and you don't want us to display this page anymore, please let us know.
Publications (80)
The management of sensitive data, including identity management (IDM), is an important problem in cloud computing, fundamental for authentication and fine-grained service access control. Our goal is creating an efficient and robust IDM solution that addresses critical issues in cloud computing. The proposed IDM scheme does not rely on trusted third...
Traditional topology controls existed on wireless networks are mostly based on a deterministic link model which only takes the decisive links into consideration. All these algorithms do not utilize the benefit of wide existence of lossy links. In a more realistic environment, lossy links are tremendous. Failure to utilize these links leads to low r...
Opportunistic resource utilization networks face many security and privacy challenges
that need to be addressed. In our view, the common key to improving both security and
privacy in Oppnets is using trust. We exploit the PTF paradigm, in which trust is the basis for security and privacy. We describe a new architecture for Oppnets called PTF-based...
We decided to use simpler definitions of security and privacy, boiling down to their most essential characteristics. Our guide was the famous Cooley’s classic definition of personal immunity as “a right of complete immunity: to be let alone” [3]. This phrase was soon adapted for definition of privacy. Being provided by a lawyer, it includes physica...
Some IoT data are time-sensitive and cannot be processed in clouds, which are too far away from IoT devices. Fog computing, located as close as possible to data sources at the edge of IoT systems, deals with this problem. Some IoT data are sensitive and require privacy controls. The proposed Policy Enforcement Fog Module (PEFM), running within a si...
The lack of the protection tools and the fast pace of technological advancement make people unable to control privacy of their data in clouds and other distribution environments. We propose an approach called Active Privacy Bundles with Multi-Party Computation (APB-MPC), that protects senesitive data and identities of their owners/guardians during...
We report on use of Active Privacy Bundles using a Trusted Third Party (APB-TTP) for protecting privacy of users’ healthcare data (incl. patients’ Electronic Health Records). APBTTP protects data that are being disseminated among different authorized parties within a healthcare cloud. We are nearing completion of the pilot APB-TTP for healthcare ap...
Extending lifetime of wireless sensor networks (WSNs) is one of the most critical issues in WSNs. Lifetime limitations are caused by limited energy resources. Significant extensions of WSN lifetime can be achieved by adding spare nodes. The spares are ready to be switched on when any primary (original) WSN node uses up its energy. We propose the LE...
![Figure 1: Basic structure of an Active Bundle [Ben Othmane & Lilien, 2009]](profile/Akram-Sarhan/publication/316545525/figure/fig1/AS:581702125080576@1515700002655/Basic-structure-of-an-Active-Bundle-Ben-Othmane-Lilien-2009_Q320.jpg)
The management of sensitive data, including identity management (IDM), is an important problem in cloud computing, fundamental for authentication and fine-grained service access control. Our goal is creating an efficient and robust IDM solution that addresses critical issues in cloud computing. The proposed IDM scheme does not rely on trusted third...
The management of sensitive data, including identity management (IDM), is an important problem in cloud computing, fundamental for authentication and fine-grained service access control. Our goal is creating an efficient and robust IDM solution that addresses critical issues in cloud computing. The proposed IDM scheme does not rely on trusted third...
Specialized ad hoc networks of unmanned aerial vehicles (UAVs) have been playing increasingly important roles in applications for homeland defense and security. Common resource virtualization techniques are mainly designed for stable networks; they fall short in providing optimal performance in more dynamic networks—such as mobile ad hoc networks (...
We investigate supporting emergency response operations with opportunistic resource utilization networks (“oppnets”), based on a network paradigm for inviting and integrating diverse devices and systems available in the environment. We simulate chemical spill on a single floor of a building and indicate how oppnets can assist first responders in fi...
We describe our experience with teaching computer security labs at two different universities. We report on the hardware and software lab setups, summarize lab assignments, present the challenges encountered, and discuss the lessons learned. We agree with and emphasize the viewpoint that security labs must train the students not just in “security h...
Over the next decade, cloud computing has a good chance of becoming a widely used technology. However, many challenges face the cloud to be overcome before the average user or business team will trust their vital information with a cloud server. Most of these challenges tie into developing sound security measures for the cloud. One of the largest s...
We propose a solution that provides protection for patients' electronic health/medical records disseminated among different authorized healthcare information systems. The solution is known as Active Bundles using a Trusted Third Party (ABTTP). It is based on the use of trusted third parties, and the construct named active bundles. The latter keep e...
Lifetime of a wireless sensor network (WSN) is one of the most critical issues in WSNs due to limited energy resources. Earlier research results reveal that significant improvement in WSN lifetime can be achieved by making WSNs redundant by adding spare nodes. The passive (switched off) spares are ready to become active (be switched on) when any ac...
The main problem in pervasive healthcare monitoring systems is protection of patient privacy without compromising their safety. Current solutions have two main limitations: (1) they require an extensive exchange of messages among patient's caregivers and devices in order to protect data, and (2) they depend on using data decryption keys that must b...
Extending the period of operation (lifetime) of wireless sensor networks (WSNs) is one of the most critical issues. Their limitations are due to limited energy resources. Available research results reveal that significant improvement in WSN lifetime can be achieved by adding spares (spare nodes). At the moment of WSN deployment, the minimum require...
After a wireless sensor network (WSN) is deployed, its operational lifetime depends on its energy resources. Available results reveal that significant improvement in WSN lifetime can be achieved by making WSNs redundant, that is, by adding to WSNs spare nodes that are initially asleep but are ready to be switched on when any primary node (i.e., a n...
Entities (e.g., users, services) have to authenticate themselves to service providers (SPs) in order to use their services. An entity provides personally identifiable information (PII) that uniquely identifies it to an SP. In the traditional application-centric Identity Management (IDM) model, each application keeps trace of identities of the entit...
Cloud computing allows the use of Internet-based services to support business processes and rental of IT-services on a utility-like basis. It offers a concentration of resources but also poses risks for data privacy. A single breach can cause significant loss. The heterogeneity of “users” represents a danger of multiple, collaborative threats. In c...
We propose a new paradigm—named the Pervasive Trust Foundation (PTF)—for computer security in Next Generation Networks, including the Future Internet. We start with a review of basic trust-related terms and concepts. We present motivation for using PTF as the basis for security in ISO OSI networks. The paper includes our five contributions. First,...
Privacy and security in cloud computing is an important concern for both the public and private sector. Cloud computing allows the use of internet-based services to support business process and rental of ITservices on a utility-like basis. While cloud computing offers a massive concentration of resources, it poses risks for privacy preservation. Th...
We present opportunistic resource utilization networks or oppnets, a novel paradigm of specialized ad hoc networks. We believe that applications can benefit from using specialized ad hoc networks that provide a natural basis for them, the basis more efficient and effective than what general-purpose ad hoc networks can offer. Oppnets constitute the...
The solution for protecting data privacy proposed in this paper-called Active Bundles-protects sensitive data from their disclosure to unauthorized parties and from unauthorized dissemination (even if started by an authorized party). The Active Bundles solution protects private or sensitive data throughout their entire lifecycle, from creation thro...
Semantic Web is emerging as a promising integration of trust management systems, fostering the use of ontology to achieve a common language for communication among humans, computers, and programs. In this paper, a novel Semantic Web solution called COmposite trust and Trust management in Opportunistic Networks (COTTON) is proposed, which provides a...
In this paper, we discuss security problems, with a focus on collaborative attacks, in the Worldwide Interoperability for Microwave Access (WiMAX) scenario. The WiMAX protocol suite, which includes but is not limited to DOCSIS, DES, and AES, consists of a large number of protocols. We present briefly the WiMAX standard and its vulnerabilities. We p...
Rather than concentrating on general ad hoc networks and systems (GAHNS) that have to provide one-size-fits-all basis for all kinds of applications, this workshop proposes to focus on a variety of specialized ad hoc networks and systems (SAHNS), each suitable as a foundation for a restricted class of applications or even for an individual applicati...
In tracking applications of wireless sensor networks (WSNs), the classification of an object or event of interest is envisaged to be one of the most computationally intensive tasks that recur frequently over the lifetime of the network. It is imperative that the implementations of such tasks be power efficient and computationally feasible for resou...
Any interaction-from a simple transaction to a complex collaboration-requires an adequate level of trust between interacting parties. Trust includes a conviction that one's privacy is protected by the other partner. This is as true in online transactions as in social systems. The recognition of the importance of privacy is growing since privacy gua...
Class 2 opportunistic networks (oppnets) are a new paradigm for collaborative computing that aims at integrating communication, computation, sensing, actuation, storage, and other resources and services. Oppnets achieve global tasks and goals through the collaboration and coordination of their nodes (some of which join an oppnet dynamically). We de...
Specialized ad hoc networks and systems (SAHNS) can facilitate design and implementation of applications supported by them. We propose a SAHNS taxonomy for emergency preparation and response (EPR) applications. It is constructed by a simple method based on extracting critical requirements for an arbitrary application area. Once the taxonomy is cons...
We present a novel paradigm of opportunistic networks or oppnets in the context of emergency preparedness and response (EPR). Oppnets constitute the category of ad hoc networks where diverse systems, not employed originally as nodes of an oppnet, join it dynamically in order to perform certain tasks they have been called to participate in. After de...
We introduce a new paradigm and a new technology, which we call opportunistic networks or oppnets . An oppnet grows from its seed —the original set of nodes employed together at the time of the initial oppnet deployment. The seed grows into a larger network by extending invitations to join the oppnet to foreign devices, node clusters, or networks t...
The classification phase is computationally intensive and frequently recurs in tracking applications in sensor networks. Most related work uses tradi- tional signal processing classifiers, such as Maximum A Posterior (MAP) clas- sifier. Naïve formulations of MAP are not feasible for resource constraint sen- sornet nodes. In this paper, we study com...
An adequate level of trust must be established between prospective partners before an interaction can begin. In asymmetric trust relationships, one of the interacting partners is stronger. The weaker partner can gain a higher level of trust by disclosing private information. Dissemination of sensitive data owned by the weaker partner starts at this...
We introduce the notion of opportunistic networks or oppnets, some of which can be considered a subclass of the peer-to-peer (P2P) networks. Initially, a relatively small seed oppnet is deployed, which grows into a bigger expanded oppnet . Oppnet growth starts with detecting diverse systems existing in its relative vicinity. Systems with best evalu...
We discuss research issues and models for vulnerabilities and threats in distributed computing systems. We present four diverse approaches to reduc- ing system vulnerabilities and threats. They are: using fault tolerance and reli- ability principles for security, enhancing role-based access control with trust ratings, protecting privacy during data...
Trust - "reliance on the integrity, ability, or character of a person or thing" - is pervasive in social systems. We constantly apply it in interactions between people, organizations, animals, and even artifacts. We use it instinctively and implicitly in closed and static systems, or consciously and explicitly in open or dynamic systems. An epitome...
Trust - "reliance on the integrity, ability, or character of a person or thing" - is pervasive in social systems. We constantly apply it in interactions between people, organizations, animals, and even artifacts. We use it instinctively and implicitly in closed and static systems, or consciously and explicitly in open or dynamic systems. An epitome...
Preserving privacy during Web transactions is a major concern for individuals and organizations. One of the solutions proposed in the literature is to maintain anonymity through group cooperation during Web transactions. The lack of understanding of incentives for encouraging group cooperation is a major drawback in such systems. We propose an anon...
Transaction processing in mobile database systems faces new challenges to accommodate the limitations of mobile environments, such as frequent disconnections and low bandwidth. We propose a transaction processing protocol that increases the autonomy of clients, based on the dependency relation among updated data items. Lists of dependents, sent by...
Microsensors operate under severe energy constraints and should be deployed in large numbers without any pre-configuration. We construct a generalized self-clustering algorithm, called Low-energy Localized Clustering (LLC). It integrates the ideas of two self-configuring clustering algorithms: the Localized algorithm and the Low Energy Adaptive Clu...
The paper proposes an adaptive relation decomposition algorithm for conjunctive retrieval queries and provides some hard experimental data for its performance analysis. Our algorithm performs horizontal relation partitioning first, followed by vertical partitioning of every horizontal cut created in the first step. Since the problem of the optimal...
A communication link failure can result in a network partitioning
that fragments a distributed database system into isolated parts. If a
severed high-speed link (e.g. satellite link) between the partitions can
be replaced by a much slower backup link (e.g. a dial-up telephone
line), the partitioning becomes a quasipartitioning. Two protocols for
tr...
The quasi-partitioning paradigm of operation for partitioned
database systems is discussed in which a broken main link between two
partitions can be replaced by a much slower backup link (e.g. a dial-up
telephone connection). The paradigm solves the problem of preparation
for network partitioning. The quasi-partitioning mode of operation has
two pr...
The authors propose two protocols for transaction processing in
quasi-partitioned databases. The protocols are pessimistic in that they
permit the execution of update transactions in exactly one partition.
The first protocol is defined for a fully partition-replicated database
in which every partition contains a copy of every data object. The
secon...
A study is made of a known implementation of an optimistic
concurrency-control algorithm for centralized database systems and
improvements are suggested to the algorithm. The authors propose an
implementation of an algorithm for the basic timestamp-ordering
concurrency control in centralized database systems. The two algorithms
are compared by simu...
With the increasing need for efficient means of automatic fault diagnosis in large distributed computing systems, system-level fault diagnosis has been a fertile research area for the last few years. There are two types of system-level fault diagnosis methods: classical and adaptive. The classical methods select a set of tests, find results of all...
The absolute correctness of a database is an ideal goal and can not be guaranteed. Only a lower level of database consistency
can be enforced in practice. We discuss the issue of database consistency beginning with identification of correctness criteria
for database systems. A taxonomy of methods for verification and restoration of database consist...
Many sophisticated computer applications could be significantly simplified if they are built on top of a general-purpose distributed database management system. In spite of much research on distributed database management systems there are only a few homogenous distributed database system architectures, that have reached the development stage. The...
When a crash occurs in a transaction processing system, the database can enter an unacceptable state. To continue the processing, the recovery system has three tasks: 1) verification of the database state for acceptability, 2) restoration of an acceptable database state, and 3) restoration of an acceptable history of transaction processing. Unfortu...
A database management system can ensure the semantic integrity of a database via an integrity control subsystem. A technique for implementation of such a subsystem is proposed. After a database is updated by transactions, its integrity must be verified by evaluation of a set of semantic integrity assertions. For evaluation of an integrity assertion...
Semantic integrity of a database is guarded by a set of integrity assertions expressed as predicates on database values. The problem of efficient evaluation of integrity assertions in transaction processing systems is considered. Three methods of validation (compile-time, run-time, and post-execution validations) are analyzed in terms of database a...
Database recovery techniques in a real-time environment for so called single-division databases are investigated. A classification of database recovery goals and a classification of database system crashes is presented. It is shown that the (best) recovery goal is a function of a crash category against which the system is to be protected. In partic...
Protecting sensitive data (including private data) requires preventing their unauthorized disclosure and dissemination. Most of the approaches proposed in the literature focus on protecting data in only a subset of its life cycle, namely during its creation, transmission, and dissemination. We intend to work on a solution that protects sensitive da...
Adoption of the electronic medical records (EMRs) or electronic health records (EHRs) by healthcare providers will improve the quality of the American healthcare and reduce the annual bill. However, it will also increase privacy threats due to easier dissemination of EMRs/EHRs than "paper" medical records. Current privacy protection solutions for p...
We present a novel paradigm of opportunistic net- works or oppnets in the context of Emergency Preparedness and Response ( EPR ). Oppnets constitute the category of ad hoc net- works where diverse systems, not employed originally as nodes of an oppnet, join it dynamically in order to perform certain tasks they have been called to participate in. Af...
This short paper discusses our work in progress on intrusion detection (ID) in wireless sensor networks (sensornets). Its major goals are threefold. First, we discuss characteristics and vulnerabilities of sensornets that make necessary designing ID solutions specialized for sensornets. Second, we identify research challenges in ID for sensornets....
Microsensors operate under severe energy constraints and should be deployed in large numbers without any pre-configuration. The main contribution of this paper is a generalized self- clustering protocol, called Low-energy Localized Clustering (LLC). It incorporates the best features of two other recently proposed self-configuring protocols for sens...
Some level of trust must be established before any collabora- tion or interaction can take place. Since trust and privacy are closely intertwined, a mere possibility of a privacy violation reduces trust among interacting entities. This impedes shar- ing and dissemination of sensitive data. Affected interactions range from simple transactions to the...
Trust plays a growing role in research on security in open computing systems, including Grid computing. We propose using trust for authorization in such systems. Traditionally, authentication and authorization in computer systems guard only user interfaces, thus providing only a perimeter defense against at- tacks. We search for an authentication a...
Citations
... Class 1 introduces opportunistic communication when devices are in each other range; while class 2 defines opportunistic expansion and opportunistic usage of resources gained by this opportunistic expansion. Class 1.5 is a specialized network facilitated for opportunistic data forwarding [2]. ...
![[object Object]](https://i1.rgstatic.net/ii/profile.image/272407063691269-1441958313114_Q64/Ajay-Gupta-20.jpg)
... In [29], Yallouz and Orda established algorithmic schemes for optimizing the level of survivability while obeying an additive end-to-end Quality of Service (QoS) constraint. Topology control for enhancing the survivability of wireless ad hoc networks is investigated in [30]. An entropy-based quantitative evaluation metric is proposed in [31] to calculate the survivability of Wireless Sensor Networks (WSNs) routing protocols. ...
... From the perspective of privacy preservation, the most valuable benefit from distributed data processing is its inherent capability of reducing the privacy risks and security breaches incurred by healthcare data transmission [21], [22]. For example, the privacy-preserving record linkage techniques only collect (and mask) names and home addresses to link patient records, while the other direct identifiers like patients' medical record numbers are suppressed as they are both sensitive and not universal for record linkage [23]. ...
... An exception is the smart building approach in [14], where the collection of data through building sensors can be controlled in addition to the sharing of data with building services. Some approaches [1,3,9,16] also store data at an element of the architecture before it is shared with data consumers. ...
![[object Object]](https://i1.rgstatic.net/ii/profile.image/747319024709634-1555186148135_Q64/Abduljaleel-Al-Hasnawi.jpg)
... So we need to encrypt the information by using the cryptography approach and forward it to the receiver. In this section, we discuss IoT security and controls shown in Fig. 4 [4], [57], [28]. ...
... Data classification using security policies has been used in many domains military, business, and healthcare [29]. For instance, a secure data and identity multilevel security outsourcing scheme are proposed in [30]. ...
... Opportunistic Networks [1] as a natural evolution of mobile Ad-Hoc network, are self-configured and made up of diverse systems, not formerly employed as components, which join dynamically to exploit the resources of separate networks according to the needs of a specific application task. Opportunistic Networks do not have an end-to-end path and rely solely on a Seed node (supernode, source node or root note) that invites other nodes called Helpers to form together, the opportunistic networks, whenever needs are. ...
... The recent and continuously increasing research in the field of Unmanned Aerial Vehicles (UAVs) has boosted them as suitable platforms for carrying sensors and computer systems in order to perform advanced tasks, such as terrain thematic and topographic mapping [1][2][3]; exploration of unreachable areas like islands [4], rivers [5], forests [6] or oceans [7]; for surveillance purposes [8,9]; for traffic monitoring [10], including the estimation of the traffic flow behavior [11], and traffic speed [12]; and search and rescue operations after disasters [13][14][15]. ...
![[object Object]](https://i1.rgstatic.net/ii/profile.image/284632701521926-1444873132991_Q64/Pelin-Angin.jpg)
... Some advanced AI facial recognition algorithms are used to allow access to the vehicle and detect which driver is operating the vehicle, the system can automatically adjust the seat, mirrors, and temperature to suit the individual. For example, [44] presents a deep face detection vehicle system for driver identification that can be used in access control policies. These systems have been devised to provide customers greater user experience and to ensure safety on the roads. ...
![[object Object]](https://i1.rgstatic.net/ii/profile.image/272570616381445-1441997307659_Q64/Rohit-Ranchal.jpg)
... To avoid DoS attacks in cloud servers, in [129] Panja et al. propose DOSBAD. It first finds the server's available bandwidth and periodically sends a number of packets to each path within the cloud and monitors how much of the bandwidth is used by the routers. ...
