No Arabic abstract
We are living in an age in which digitization will connect more and more physical assets with IT systems and where IoT endpoints will generate a wealth of valuable data. Companies, individual users, and organizations alike therefore have the need to control their own physical or non-physical assets and data sources. At the same time, they recognize the need for, and opportunity to, share access to such data and digitized physical assets. This paper sets out our technology vision for such sharing ecosystems, reports initial work in that direction, identifies challenges for realizing this vision, and seeks feedback and collaboration from the academic access-control community in that R&D space.
Integrating Internet of Things (IoT) and edge computing for Edge-IoT systems, converged with machine intelligence, has the potentials of enabling a wide range of applications in smart homes, factories and cities. Edge-IoT can connect many diverse devices and the IoT asset owners can run heterogeneous IoT systems supported by various vendors or service providers (SPs), using either cloud or local edge computing (or both) for resource assistance. The existing methods typically manage the systems as separate vertical silos, or in a vendor/SP-centric way, which suffers from significant challenges. In this paper, we present a novel owner-centric management paradigm named ORCA to address the gaps left by the owner-centric paradigm and empower the IoT assets owners to effectively identify and mitigate potential issues in their own network premises, regardless the vendors/SPs situations. ORCA aims to be scalable and extensible in assisting IoT owners to perform intelligent management through a behavior-oriented and data-driven approach. ORCA is an ongoing project and the preliminary results indicate that it can significantly empower the IoT systems owners to better manage their IoT assets.
The recent spades of cyber security attacks have compromised end users data safety and privacy in Medical Cyber-Physical Systems (MCPS). Traditional standard encryption algorithms for data protection are designed based on a viewpoint of system architecture rather than a viewpoint of end users. As such encryption algorithms are transferring the protection on the data to the protection on the keys, data safety and privacy will be compromised once the key is exposed. In this paper, we propose a secure data storage and sharing method consisted by a selective encryption algorithm combined with fragmentation and dispersion to protect the data safety and privacy even when both transmission media (e.g. cloud servers) and keys are compromised. This method is based on a user-centric design that protects the data on a trusted device such as end users smartphone and lets the end user to control the access for data sharing. We also evaluate the performance of the algorithm on a smartphone platform to prove the efficiency.
We provide an overview of PSI (a Private data Sharing Interface), a system we are developing to enable researchers in the social sciences and other fields to share and explore privacy-sensitive datasets with the strong privacy protections of differential privacy.
In this paper, we present a data-driven secondary controller for regulating to some desired values several variables of interest in a power system, namely, electrical frequency, voltage magnitudes at critical buses, and active power flows through critical lines. The power generation system is based on distributed energy resources (DERs) interfaced with either grid-forming (GFM) or grid-following (GFL) inverters. The secondary controller is based on online feedback optimization leveraging the learned sensitivities of the changes in the system frequency, voltage magnitudes at critical buses, and active power flows through critical lines to the changes in inverter active and reactive power setpoints. To learn the sensitivities accurately from data, the feedback optimization has a built-in mechanism for keeping the secondary control inputs persistently exciting without degrading its performance. The feedback optimization also utilizes the learned power-voltage characteristics of photovoltaic (PV) arrays to compute DC-link voltage setpoints so as to allow the PV arrays to track the power setpoints. To learn the power-voltage characteristics, we separately execute a data-driven approach that fits a concave polynomial to the collected power-voltage measurements by solving a sum-of-squares (SoS) optimization. We showcase the secondary controller using the modified IEEE-14 bus test system, in which conventional energy sources are replaced with inverter-interfaced DERs.
Dynaswap project reports on developing a coherently integrated and trustworthy holistic secure workflow protection architecture for cyberinfrastructures which can be used on virtual machines deployed through cyberinfrastructure (CI) services such as JetStream. This service creates a user-friendly cloud environment designed to give researchers access to interactive computing and data analysis resources on demand. The Dynaswap cybersecurity architecture supports roles, role hierarchies, and data hierarchies, as well as dynamic changes of roles and hierarchical relations within the scientific infrastructure. Dynaswap combines existing cutting-edge security frameworks (including an Authentication Authorization-Accounting framework, Multi-Factor Authentication, Secure Digital Provenance, and Blockchain) with advanced security tools (e.g., Biometric-Capsule, Cryptography-based Hierarchical Access Control, and Dual-level Key Management). The CI is being validated in life-science research environments and in the education settings of Health Informatics.