Abstract Along with the rapid development of ICT technologies, new areas like Industry 4.0, IoT and 5G have emerged and brought out the need for protecting shared resources and services under time-critical and energy-constrained scenarios with real-time policy-based access control. The process of policy evaluation under these circumstances must be executed within an unobservable delay and strictly comply with security objectives. To achieve this,... Along with the rapid development of ICT technologies, new areas like Industry 4.0, IoT and 5G have emerged and brought out the need for protecting shared resources and services under time-critical and energy-constrained scenarios with real-time policy-based access control. The process of policy evaluation under these circumstances must be executed within an unobservable delay and strictly comply with security objectives. To achieve this, the policy language needs to be very expressive but lightweight and efficient. Many existing implementations are using XML (Extensible Markup Language) to encode policies, which is verbose, inefficient to parse, and not readable by humans. On the contrary, JSON (JavaScript Object Notation) is a lightweight, text-based and language-independent data interchange format that is simple for humans to read and write and easy for machines to parse and generate. Several attempts have emerged to convert existing XML policies and requests into JSON, however, there are very few policy specification proposals that are based on JSON with welldefined syntax and semantics. This paper investigates these challenges, and identifies a set of key requirements for a policy language to optimize the policy evaluation performance. According to these performance requirements, we introduce JACPoL, a descriptive, scalable and expressive policy language in JSON. JACPoL by design provides a flexible and fine-grained ABAC (Attribute-based Access Control), and meanwhile it can be easily tailored to express a broad range of other access control models. This paper systematically illustrates the design and implementation of JACPoL and evaluates it in comparison with other existing policy languages. The result shows that JACPoL can be as expressive as existing ones but more simple, scalable and efficient. Read More Read Less

Abstract Steganography is the art of hiding the reality that communication is carried out, by concealing data in other data. The Steganographic techniques increse the security by exploring the possibility of data analytics to hide data efficiently and securely. The proposed active steganographic method examines each pixel in an image and categories the pixel into primary and secondary pixels and based on that it... Steganography is the art of hiding the reality that communication is carried out, by concealing data in other data. The Steganographic techniques increse the security by exploring the possibility of data analytics to hide data efficiently and securely. The proposed active steganographic method examines each pixel in an image and categories the pixel into primary and secondary pixels and based on that it creates a mask image that helps to increase the payload and embedding rate with secure encoding function. Then inpainting technique is employed over the mask image to increase data hiding. Hiding data in individual colour segments through selected significant bit (SSB) provides secure data storage and efficient data retrieval and the use of Huffman compression techniques will increase the embedding ratio. During the recovery mechanism the cover image and the secluded data can be retrieved from the stego image without any loss of data and distortion to the cover image. Thus, the proposed scheme renders secure communication along with a greater embedding ratio and improved visual tone. Read More Read Less

Abstract Large-scale deployment & use of cloud computing in the industry is accompanied & in same time hampered by concerns regarding protection of data handled by cloud computing providers. One of the consequences of moving data processing & storage of company premises is that organizations have less control over their infrastructure. As a result, cloud service (CS) clients must trust that CS provider... Large-scale deployment & use of cloud computing in the industry is accompanied & in same time hampered by concerns regarding protection of data handled by cloud computing providers. One of the consequences of moving data processing & storage of company premises is that organizations have less control over their infrastructure. As a result, cloud service (CS) clients must trust that CS provider is able to protect their data & infrastructure from both external & internal attacks. Currently, however, such trust may only rely on organizational processes declared by CS provider & cannot be remotely verified & validated by an external party. Having tools to perform such verifications prior to launch as a VM instance, allows CS clients to decide at runtime whether certain data should be stored to calculations should be made at the VM instance offered by CS provider, This paper combines two components trusted computing, & cloud computing platforms to address issues of trust & security in public cloud computing environments. Read More Read Less