Papers by Brajendra Panda
arXiv (Cornell University), Jan 13, 2020
People have used cloud computing approach to store their data remotely. As auspicious as this app... more People have used cloud computing approach to store their data remotely. As auspicious as this approach is, it brings forth many challenges: from data security to time latency issues with data computation as well as delivery to end users. Fog computing has emerged as an extension for cloud computing to bring data processing and storage close to end-users; however, it minimizes the time latency issue but still suffers from data security challenges. For instance, when a fog node providing services to end users is compromised, the users' data security can be violated. Thus, this paper proposes a secure and fine-grained data access control scheme by integrating the Ciphertext Policy Attribute-Based Encryption (CP-ABE) algorithm and blockchain concept to prevent fog nodes from violating end users' data security in a situation where a compromised fog node is being ousted. We also classify the fog nodes into fog federations, based on their attributes such as services and locations, to minimize the time latency and communication overhead between fog nodes and cloud server. Further, the exploitation and integration of the blockchain concept and the CP-ABE algorithm enables fog nodes in the same fog federation to perform the authorization process in a distributed manner. In addition, to solve time latency and communication overhead problems, we equip every fog node with an off-chain database to store most frequently accessed data files for specific time, and with an on-chain access control policies table (On-chain Files Tracking Table) which must be protected from being tampered by malicious (rogue) fog nodes. Therefore, blockchain plays a vital role here as it is tamper-proof by nature. We demonstrate our scheme's efficiency and feasibility by designing algorithms and conducting a security analysis. The provided analysis shows that the proposed scheme is efficient and feasible in ousting malicious (rogue) fog nodes.
Communications of The ACM, Feb 1, 2006
ACM Symposium on Applied Computing, Mar 11, 2002
Welcome to the 17th Annual ACM Symposium on Applied Computing (SAC'2002) as hosted by Univers... more Welcome to the 17th Annual ACM Symposium on Applied Computing (SAC'2002) as hosted by Universidad Carlos III de Madrid in Leganes, Spain, which is strategically located South of Madrid! Thanks for attending this international forum for computer scientists, engineers and practitioners that includes many innovative computational ideas and a wide spectrum of applications.SAC is a conference devoted to the study of real-world problem applications using many varieties of computation algorithms. As such, it provides an avenue for discussion and exchange of new ideas, associated computation algorithms, and interesting complex applications. The Symposium is rightly sponsored by the ACM Special Interest Group on Applications (SIGAPP) whose mission is to further the interests of the computing professional engaged in the development of new computing applications, interdisciplinary applications areas, and applied research. Thus, the spectrum of applications and tutorials covers databases and computational finance to evolutionary algorithms, software engineering, and parallel and distributed computing plus others designed to provide a wide range of topics as reflected in the SAC'2002 program. Note that Biomedical Computing is also a special element of the Symposium with an innovative bioinformatics track and associated tutorial and plenary session as directed by Warren Jones.Welcome to the 17th Symposium on Applied Computing (SAC 2002). During the past 16 years, the Symposium provided an opportunity for researchers and practitioners to present their findings and research results in the areas of computer applications and technology. This year, the 3-day technical program offers a wide range of tracks covering major areas of computer applications. Highly qualified referees with strong expertise and special interest in their respective research areas carefully reviewed submitted papers. In addition, the technical program includes a tutorial program offering 3 full-day and 4 half-day and tutorials. The tutorials are described later in this program and are posted on SAC 2002 Website (http ://www.acm.org/conferences/sac/sac2002/TutorialCall.htm).This year, SAC embarked on a radical modification of its established procedure for compiling the list of tracks to which authors would subsequently submit their papers. More to the point, an open call for track proposals was introduced, inviting all parties interested in holding a track to respond to this call by submitting to the Program Chairs a short description of the proposed track, along with a preliminary dissemination plan of the proposed track's call for papers and a short CV of the potential track chairs. In response to this call, 34 track proposals were submitted which were evaluated thoroughly by SAC 2002's Organizing Committee. Some proposals were rejected on thegrounds of either not being appropriate for the areas that SAC covers traditionally or being of rather narrow and specialized nature. Some others were merged to form a single track, on the grounds of having substantial overlap with each other. Eventually, 21 tracks were established, which then went on to produce their own call for papers. In response to these calls, 457 papers were submitted, from which 194 papers were strongly recommended by the referrers for acceptance and inclusion in the Conference Proceedings. This gives SAC 2002 an acceptance rate of 42% across all submissions and an average acceptance rate of 40% over all tracks. It also makes SAC 2002 the most successful conference in the history of SAC so far, but also one of the most popular and competitive conferences in the international field of applied computing.
ACM Symposium on Applied Computing, Mar 9, 2003
Welcome to the 18th Annual ACM Symposium on Applied Computing (SAC'2003) as hosted by Florida... more Welcome to the 18th Annual ACM Symposium on Applied Computing (SAC'2003) as hosted by Florida Institute of Technology in Melbourne, Florida! Thanks for attending this international forum for computer scientists, engineers and practitioners that includes many innovative computational ideas and a wide spectrum of applications.SAC is a conference devoted to the study of real-world problem applications using many varieties of computation algorithms. As such, it provides an avenue for discussion and exchange of new ideas, associated computation algorithms, and interesting complex applications. The symposium is rightly sponsored by the ACM Special Interest Group on Applications (SIGAPP) whose mission is to further the interests of the computing professional engaged in the development of new computing applications, interdisciplinary applications areas, and applied research. Thus, the spectrum of applications and tutorials covers data mining, mobile computing, and computational finance to evolutionary algorithms, software engineering, and parallel and distributed computing plus others designed to provide a wide range of topics as reflected in the SAC'2003 program. Note that 8iomedical Computing continues to be a special element of the symposium with an innovative bioinformatics track and associated tutorials and plenary session as directed by Warren Jones.Again welcome to SAC'2003 and Melbourne, Florida. We hope that you will leave enriched with new friends and new ideas having enjoyed the distinctive ambiance of Florida. Next year, we encourage you and your colleagues to submit papers and attend SAC'2004.Welcome to the 18th Annual ACM Symposium on Applied Computing (SAC 2003). Over the past 17 years, SAC has been an international forum for researchers and practitioners to present their findings and research results in the areas of computer applications and technology. The SAC 2003 Technical Program offers a wide range of tracks covering major ar3eas of computer applications. Highly qualified referees with strong expertise and special inter4est in their respective research areas carefully reviewed the submitted papers. As part of the Technical Program, this yeard the Tutorial Program offers 4 half-day tutorials that were carefully selected form 18 proposals. The Tutorial Program and abstracts are available at http://www.acm.org/conferences/sac/sac2003/Tutorials.htm.SAC's open call for Track Proposals resulted in teh submission of 30 track proposals. These proposals were carefully evaluated by the conference Executive Committee. Some proposals were rejected on the grounds of either not being appropriate for the areas that SAC covers traditionally or being of rather narrow and specialized nature. Some others were merged to form a single track, on the grounds of having substantial overlap with each other. Eventually, 21 tracks were established, which then went on to produce their own call for papers. Int response to these calls, 525 were submitted, from which 200 papers were strongly recommended by the referees for acceptance and inclusion in the Conference Proceedings. This gives SAC an acceptance rate of 38% across all tracks. Furthermore, it makes SAC 2003 the most successful conference in the history of SAC so far, but also one of the most popular and comppetitive conferences in the international field of applied computing.We hope you will enjoy the metting and have the opportunity to exchange your ideas and make new friends. We also hope you will enjoy your stay in Melbourne and take pleasure from the many entertainments and activites that the city (and neighboring cities such as Orlando) has to offer. We look forward to your active participation in SAC 2003, and encourage you and your colleagues to submit your research findings to next years technical program. Thank you for being part of SAC 2003!
2022 IEEE/ACM 15th International Conference on Utility and Cloud Computing (UCC)
Proceedings of the 2006 ACM symposium on Applied computing
2020 International Conference on Computational Science and Computational Intelligence (CSCI)
During the last decades, not only the number of cyberattacks have increased significantly, they h... more During the last decades, not only the number of cyberattacks have increased significantly, they have also become more sophisticated. Hence designing a cyber-resilient approach is of paramount importance. Traditional security methods are not adequate to prevent data breaches in case of cyberattacks. Cybercriminals have learned how to use new techniques and robust tools to hack, attack, and breach data. Fortunately, Artificial Intelligence (AI) technologies have been introduced into cyberspace to construct smart models for defending systems from attacks. Since AI technologies can rapidly evolve to address complex situations, they can be used as fundamental tools in the field of cybersecurity. Al-based techniques can provide efficient and powerful cyber defense tools to recognize malware attacks, network intrusions, phishing and spam emails, and data breaches, to name a few, and to alert security incidents when they occur. In this paper, we review the impact of AI in cybersecurity and summarize existing research in terms of benefits of AI in cybersecurity.
International Conference on Emerging Security Information, Systems and Technologies, Nov 14, 2021
Recently, critical infrastructure systems have become increasingly vulnerable to attacks on their... more Recently, critical infrastructure systems have become increasingly vulnerable to attacks on their data systems. If an attacker is successful in breaching a system's defenses, it is imperative that operations are restored to the system as quickly as possible. This research focuses on damage assessment and recovery following an attack. We review work done in both database protection and critical infrastructure protection. Then, we propose a model using a graph construction to show the cascading affects within a system after an attack. We also present an algorithm that uses our graph to compute an optimal recovery plan that prioritizes the most important damaged components first so that the vital modules of the system become functional as soon as possible. This allows for the most critical operations of a system to resume while recovery for less important components is still being performed.
The advancement of information technology in coming years will bring significant changes to the w... more The advancement of information technology in coming years will bring significant changes to the way healthcare data is processed. Technologies such as cloud computing, fog computing, and the Internet of things (IoT) will offer healthcare providers and consumers opportunities to obtain effective and efficient services via real-time data exchange. However, as with any computer system, these services are not without risks. There is the possibility that systems might be infiltrated by malicious users and, as a result, data could be corrupted, which is a cause for concern. Once an attacker damages a set of data items, the damage can spread through the database. When valid transactions read corrupted data, they can update other data items based on the value read. Given the sensitive nature of healthcare data and the critical need to provide real-time access for decision-making, it is vital that any damage done by a malicious transaction and spread by valid transactions must be corrected i...
2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing, 2015
Cloud computing has brought many advantages to organizations and computer users. It allows differ... more Cloud computing has brought many advantages to organizations and computer users. It allows different service providers to distribute many applications as services in an economical way. Therefore, many users and companies have begun using cloud computing. However, they are concerned about their data when they store it on a third party server, the cloud. The private data of individual users and companies is stored and managed by the service providers on the cloud, which offers services on the other side of the Internet in terms of its users, and consequently results in privacy concerns [1]. In this paper, a technique has been explored to encrypt the data on the cloud and to execute and run SQL queries on the cloud over encrypted data. The strategy is to process the query at the service providers' site without having to decrypt the data. Also, to achieve efficiency, no more than the exact set of requested data is returned to the client. Data decryption is performed at the client site to prevent any leakage at the cloud or during transmission. Two techniques have been provided to effectively store the encrypted data. Also, an experiment evaluation has been provided to compare between the two techniques.
Information sharing is crucial for various organizations operating in a global environment. Varie... more Information sharing is crucial for various organizations operating in a global environment. Varieties of existing virtual organizations support some forms of information sharing. Since the scope of a virtual organization can span over multiple administrative domains, information assurance is challenging. While trust plays key roles in eliminating the scalability restriction of traditional security mechanisms and provides more than merely security, existing trust models focus on subject trust management. But studying a subject's trustworthiness alone offers part of the solution to ensure the quality and security of the information the subject produced. Furthermore, most current research on information assurance and security for a virtual organization focuses on information confidentiality and information protection from unauthorized modifications. Very little work has been done in ensuring the quality and security features of external information. Taking these issues into conside...
2017 International Conference on Computational Science and Computational Intelligence (CSCI), 2017
While the user-base of cloud computing is growing rapidly, data owners worry about security of th... more While the user-base of cloud computing is growing rapidly, data owners worry about security of the data they store on clouds. Lack of appropriate control over the data might cause security violations. Therefore, all sensitive data stored in cloud databases must be protected at all times. This research paper outlines how data owners can keep their data secure and trustworthy, and how they can verify integrity of data in a cloud computing environment. The proposed model uses data partitioning to reach this goal. We have carried out performance analyses of the model through simulation and the results demonstrate the effectiveness of the model.
Web of trust is the foundation of the reputation system, recommendation system and semantic Web. ... more Web of trust is the foundation of the reputation system, recommendation system and semantic Web. Most of existing research on web of trust concentrates on aggregating the trust ratings on subjects and objects in the Web of trust. The problem with this approach is that an adversary subject can accumulate reputation gradually and can be highly trusted by many other subjects. If this subject later deliberately releases a deceptive data, the effect caused by this deceptive data may be disastrous. Not only can this deceptive data greatly affect people who directly trust this individual, but also, its consequence may have an effect on many other subjects in the network. Our model illustrates how the structural analysis of Web can help evaluate the deleterious result of the deceptive data.
For the past few years, research in multilevel secure database systems has received a great deal ... more For the past few years, research in multilevel secure database systems has received a great deal of attention. Such systems are quite essential in military as well as many commercial applications where data are classified according to their sensitivity and where each user has a clearance level. Users access the data as per the system's security policy. A system is most secure if it guards against an unauthorized flow of information either directly or indirectly. In this research, the issue of query processing that takes place among the various base relations in a kernelized multilevel secure database system was analyzed. Specifically, the SeaView model, a research prototype developed as a joint effort by SRI International and Gemini Computer, was followed since it is the only model that uses element level (i.e., the finest granularity level) classification of data. Although the SeaView model aims at achieving class A1 system classification, it has two major drawbacks. First, the...
Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies, 2009
In this paper, we present an insider attack detection model that is designed to profile traceabil... more In this paper, we present an insider attack detection model that is designed to profile traceability links based on document dependencies and calendar-based file usage patterns for detecting insider threats. This model is utilized to detect insiders' malicious activities targeted at tampering the contents of files for various purposes. We apply the concept of traceability links in the software engineering field to this research. Our approach mainly employs document dependency traceability links for constructing insider attack detection model.
Electronics
The world has experienced a huge advancement in computing technology. People prefer outsourcing t... more The world has experienced a huge advancement in computing technology. People prefer outsourcing their confidential data for storage and processing in cloud computing because of the auspicious services provided by cloud service providers. As promising as this paradigm is, it creates issues, including everything from data security to time latency with data computation and delivery to end-users. In response to these challenges, the fog computing paradigm was proposed as an extension of cloud computing to overcome the time latency and communication overhead and to bring computing and storage resources close to both the ground and the end-users. However, fog computing inherits the same security and privacy challenges encountered by traditional cloud computing. This paper proposed a fine-grained data access control approach by integrating the ciphertext policy attribute-based encryption (CP-ABE) algorithm and blockchain technology to secure end-users’ data security against rogue fog nodes...
Funy dependency in a database delineates a loose dependency relationship between two sets of attr... more Funy dependency in a database delineates a loose dependency relationship between two sets of attributes. It describes logical relationships among attributes in a database relation and those relationships can't be fully specified by functional dependencies, which focus on database schema and data organization. This characteristic of the databa se schema can be used to perform damage assessment and also to build fUz:.y recovery modeL In this paper, we formally define the concept offuz:.y dependency and introduce several inference rules. Then we focus on recovery from information attacks. An architecture for fuUJ' value generation during recovery, based on fuw dependency relationships, is also presented. FuUJ' dependency can accelerate the post attack recovery process because it can geflerate acceptable values for damaged data quicker compared to that in traditional recovery schemes. Although the generated fuzzy values may not offer the absolute accuracy, they are acceptabl...
Uploads
Papers by Brajendra Panda