We investigate the impact of power control on latency in wireless ad-hoc networks. If transmission power is increased, interference increases, thus reducing network capacity. A node sending/relaying delay-sensitive real-time application traffic can, however, use a higher power level to reduce latency, if it considers information about load and channel contention at its neighboring nodes. Based on this observation, we formulate a new distributed power control protocol, Load-Aware Power Control (LAPC), that heuristically considers low end-to-end latency when selecting power levels. We study the performance of LAPC via simulations, varying the network density, node dispersion patterns, and traffic load. Our simulation results demonstrate that LAPC achieves an average end-to-end latency improvement of 54\% over the case when nodes are transmitting at the highest power possible, and an average end-to-end latency improvement of 33\% over the case when nodes are transmitting using the lowest power possible, for uniformly dispersed nodes in a lightly loaded network.

Although mobile computers are becoming more and more powerful, the intrinsic features of wireless communications: poor quality, limited bandwidth, continuous disconnections, expensive communications, still limit the performance delivered to mobile users. The authors present the Locker Rent Service that allows mobile users to rent a dedicated disk space, located in the fixed network, where they can store and access their data. Besides increasing the storage capacity of mobile devices, the Locker Rent Service offers to mobile users data protection, battery power savings and various communication optimizations. The service is supported by a middleware architecture that incorporates this and other services with the general goal of increasing mobile computer capabilities and performance. The architecture is based on mobile agents and offers flexibility and adaptability with a low overhead as shown by our preliminary performance results.

This paper introduces a new approach to realize video databases. The approach consists of a VideoText data model based on free text annotations associated with logical video segments and a corresponding query language. Traditional database techniques are inadequate for exploiting queries on unstructured data such as video, supporting temporal queries, and ranking query results according to their relevance to the query. In this paper, we propose to use information retrieval techniques to provide such features and to extend the query language to accommodate interval queries that are particularly suited to video data. Algorithms are provided to show how user queries are evaluated. Finally, a generic and modular video database architecture which is based on VideoText data model is described.

This paper reports a tracking-based moving object extraction algorithm, where the object location and tracking is achieved by using a template matching scheme. The structural regions of the moving objects are first detected by using a thresholding-based segmentation technique and represented coarsely on block resolution, then the interest regions of the moving objects are further formed by iterative region merging according to the spatiotemporal similarity measure and the meaningful moving objects are finally located by the temporal tracking procedure. The experimental results have confirmed that this proposed algorithm can provide more meaningful moving objects because both the spatial homogeneity of the grey levels and the temporal coherence of the motion fields are jointly exploited. This algorithm can also detect the appearance of new objects as well as the disappearance of existing objects efficiently because the relationships of the moving objects among frames are also established by the temporal tracking procedure

In this article, several practical algorithms are proposed to support content-based video analysis, modeling, representation, summarization, indexing, and access. First, a multilevel video database model is given. One advantage of this model is that it provides a reasonable approach to bridging the gap between low-level representative features and high-level semantic concepts from a human point of view. Second, several model-based video analysis techniques are proposed. In order to detect the video shots, we present a novel technique, which can adapt the threshold for scene cut detection to the activities of variant videos or even different video shots. A seeded region aggregation and temporal tracking technique is proposed for generating the semantic video objects. The semantic video scenes can then be generated from these extracted video access units (e.g., shots and objects) according to some domain knowledge. Third, in order to categorize video contents into a set of semantic clusters, an integrated video classification technique is developed to support more efficient multilevel video representation, summarization, indexing, and access techniques.

We propose a new automatic image segmentation method. Color edges in an image are first obtained automatically by combining an improved isotropic edge detector and a fast entropic thresholding technique. After the obtained color edges have provided the major geometric structures in an image, the centroids between these adjacent edge regions are taken as the initial seeds for seeded region growing (SRG). These seeds are then replaced by the centroids of the generated homogeneous image regions by incorporating the required additional pixels step by step. Moreover, the results of color-edge extraction and SRG are integrated to provide homogeneous image regions with accurate and closed boundaries. We also discuss the application of our image segmentation method to automatic face detection. Furthermore, semantic human objects are generated by a seeded region aggregation procedure which takes the detected faces as object seeds

This paper introduces a class of join algorithms, termed W-join, for joining multiple infinite data streams. W-join addresses the infinite nature of the data streams by joining stream data items that lie within a sliding window and that match a certain join condition. In addition to its general applicability in stream query processing, W-join can be used to track the motion of a moving object or detect the propagation of clouds of hazardous material or pollution spills over time in a sensor network environment. We describe two new algorithms for W-join and address variations and local/global optimizations related to specifying the nature of the window constraints to fulfill the posed queries. The performance of the proposed algorithms is studied experimentally in a prototype stream database system, using synthetic data streams and real time-series data. Tradeoffs of the proposed algorithms and their advantages and disadvantages are highlighted, given variations in the aggregate arrival rates of the input data streams and the desired response times per query.

In this paper we present a system we have built to disseminate cultural heritage distributed across multiple museums. Our system addresses the requirements of two categories of users: the end users that need to access information according to their interests and interaction preferences, and the domain experts and museum curators that need to develop thematic tours providing end users with a better understanding of the single artefact or collection. In our approach we make use of a semantic representation of the given heritage domain in order to build multiple visual interfaces, called “Virtual Wings” (VWs). Such interfaces allow users to navigate through data available from digital archives and thematic tours and to create their own personalized virtual visits. An interactive application integrating personalized digital guides (using PDAs) and 360 panoramic images is the example of VW presented.

This paper proposes an infrastructure and related algorithms for the controlled and cooperative updates of XML documents. Key components of the proposed system are a set of XML-based languages for specifying access-control policies and the path that the document must follow during its update. Such path can be fully specified before the update process begins or can be dynamically modified by properly authorized subjects while being transmitted. Our approach is fully distributed in that each party involved in the process can verify the correctness of the operations performed until that point on the document without relying on a central authority. More importantly, the recovery procedure also does not need the participation of a central authority. Our approach is based on the use of some special control information that is transmitted together with the document and a suite of protocols. We formally specify the structure of such control information and the protocols. We also analyze security and complexity of the proposed protocols.

In mobile organizations such as enterprises operating on field, healthcare organizations and military and civilian coalitions, individuals, because of the role they have, may need to access common information resources through location-aware applications. To enable a controlled and privacy preserving access to such applications, a comprehensive conceptual framework for an access control system enhanced with location privacy is presented.

Grid systems were initially developed for supporting scientific computations. Today, companies, users and researchers are looking at ways to use the Grid approach to commercial uses and for applications in many different areas. Security in grid systems however has not been much addressed and yet is an important prerequisite to really make grid systems usable in a variety of commercial applications.The goal of this panel is to explore relevant security issues, with special emphasis on access control, for grid-based computing systems. The panel will discuss security requirements that are specific to grid-based systems and set these systems apart from conventional distributed systems, and outline directions for future research. Questions addressed by the panel include the following ones:

  * What needs to be protected in a grid system: hosts, resources, data, computations?
  * Access control languages and policies: do we need ad-hoc languages for specifying access control policies for grid hosts? If so, which would be the most relevant and features of these languages?
  * User requirements: different grid hosts may provide different levels of security. How can a user specify his/her security requirements when running computations? Which assurance has the user that his/her own requirements have been met?
  * Scalability and evolution: grid computing systems may encompass a very large number of nodes (hundreds or even thousands). Moreover, they can be quite dynamic with hosts and clients dynamically joining and leaving. How can we design scalable access systems able to cope with the required dynamicity?

Delegation of authority is an important process that needs to be captured by any access control model. In role-based access control models, delegation of authority involves delegating roles that a user can assume or the set of permissions that he can acquire, to other users. Several role-based delegation models have been proposed in the literature. However, these models consider delegation in presence of the general hierarchy type. Multiple hierarchy types have been proposed in the context of Generalized Temporal Role-based Access Control (GTRBAC) model, where it has been shown that multiple hierarchy semantics is desirable to express fine-grained access control policies. In this paper, we address role-based delegation schemes in the of hybrid hierarchies and elaborate on fine-grained delegation schemes. In particular, we show that upward delegation, which has been considered as having no practical use, is a desirable feature. Furthermore, we show that accountability must be considered as an important factor during the delegation process. The delegation framework proposed subsumes delegations schemes proposed in earlier role-based delegation models and provide much more fine-grained control of delegation semantics.

Privacy has been acknowledged to be a critical requirement for many business (and non-business) environments. Therefore, the definition of an expressive and easy-to-use privacy related access control model, based on which privacy policies can be specified, is crucial. In this work we introduce a family of models (P-RBAC) that extend the well known RBAC model in order to provide full support for expressing highly complex privacy-related policies, taking into account features like purposes and obligations. We also compare our work with access control and privacy policy frameworks such as P3P, EPAL, and XACML.

Identity federation systems enable participating organizations to provide services to qualified individuals and manage their identity attributes at an inter-organizational level. Most importantly, they empower individuals with control over the usage of their attributes within the federation via enforcement of various policies. Among such policies, one of the most important yet immature one is the privacy policy. Existing frameworks proposed for privacy-preserving federations lack the capability to support complex data-usage preferences in the form of obligations, i.e. the privacy related actions that must be performed upon certain actions on a specific piece of information. Moreover, they do not account for the history of events resulting from the interactions among federation entities.

To address these deficiencies we propose an extension to an existing assertion based policy language. More specifically, we provide a new set of assertions to define the privacy related properties of a federation system. We extend the com-mon definition of privacy preference policies with obligation preferences. Finally, we illustrate how the proposed framework is realized among service providers to ensure proper enforcement of privacy policies and obligations.