International Journal of Innovative Research in Science, Engineering and Technology

International Journal of Innovative Research in Science, Engineering and Technology

Menu

ISSN ONLINE(2319-8753)PRINT(2347-6710)

All submissions of the EM system will be redirected to Online Manuscript Submission System. Authors are requested to submit articles directly to Online Manuscript Submission System of respective journal.

Certain Investigations on Evolution of Approaches for Securing Computational Grids

R.S.Venkatesh1, P.K.Reejeesh1, Prof.S.Balamurugan1, S.Charanyaa2
  1. Department of IT, Kalaignar Karunanidhi Institute of Technology, Coimbatore, TamilNadu, India
  2. Senior Software Engineer Mainframe Technologies Former, Larsen & Tubro (L&T) Infotech, Chennai, TamilNadu, India
Related article at Pubmed, Scholar Google

Visit for more related articles at International Journal of Innovative Research in Science, Engineering and Technology

International Journal of Innovative Research in Science, Engineering and Technology

Abstract

This paper reviews methods developed for anonymizing data from 1998 to 2000 . Publishing microdata such as census or patient data for extensive research and other purposes is an important problem area being focused by government agencies and other social associations. The traditional approach identified through literature survey reveals that the approach of eliminating uniquely identifying fields such as social security number from microdata, still results in disclosure of sensitive data, k-anonymization optimization algorithm ,seems to be promising and powerful in certain cases ,still carrying the restrictions that optimized k-anonymity are NP-hard, thereby leading to severe computational challenges. k-anonimity faces the problem of homogeneity attack and background knowledge attack . The notion of ldiversity proposed in the literature to address this issue also poses a number of constraints , as it proved to be inefficient to prevent attribute disclosure (skewness attack and similarity attack), l-diversity is difficult to achieve and may not provide sufficient privacy protection against sensitive attribute across equivalence class can substantially improve the privacy as against information disclosure limitation techniques such as sampling cell suppression rounding and data swapping and pertubertation. This paper aims to discuss efficient anonymization approach that requires partitioning of microdata equivalence classes and by minimizing closeness by kernel smoothing and determining ether move distances by controlling the distribution pattern of sensitive attribute in a microdata and also maintaining diversity.

Keywords
Data Anonymization, Microdata, k-anonymity, Identity Disclosure, Attribute Disclosure, Diversity

INTRODUCTION
Need for publishing sensitive data to public has grown extravagantly during recent years. Though publishing demands its need there is a restriction that published social network data should not disclose private information of individuals. Hence protecting privacy of individuals and ensuring utility of social networ data as well becomes a challenging and interesting research topic. Considering a graphical model [35] where the vertex indicates a sensitive label algorithms could be developed to publish the non-tabular data without compromising privacy of individuals. Though the data is represented in graphical model after KDLD sequence generation [35] the data is susceptible to several attacks such as homogeneity attack, background knowledge attack, similarity attacks and many more. In this paper we have made an investigation on the attacks and possible solutions proposed in literature and efficiency of the same.

A SECURITY ARCHITECTURE FOR COMPUTATIONAL GRIDS
A security architecture and its associated security policy’s along with different security requirements are revealed in this paper. Distributed supercomputing, teleimmersion, computer-enhanced instruments, distributed data mining are the functions related to computational grids or distributed computing.
Any distributed system has some special features like scalability, performance and heterogeneity. But an added credit to computational grids is that it solves all the security issues found in prior an existing security mechanisms.
The distributed security system offers
1.In-detail observation of security issues.
2. Brief explanation of security policy.
3. Provides suitable solutions to some particular security threats.
4. Offers a security architecture to execute security policy.
Some computing grids posses unique characteristics like
1. Usage of dynamic resource pool.
2. Every computational process requires an initial and termination step to be included.
3. Processes communications through unicast and multicast.
4. Different techniques of authentication and authorization are needed for resources.
5. A single user may have different accounts in different locations.
The major pitfall that we see in all computations is that we have to identify an appropriate solution to improve security.
Any grid system needs the following requirements to be satisfied:
1. A proper authentication process should be used to verify each and every user who tries to compute.
2. Access control mechanisms should be implemented without modification.
These security requirements should be properly satisfied by building a security architecture. This architecture should satisfy certain conditions such as:
1. Single-sign on
2. Protection of credentials
3. Interpretability of local security solution
4. Exportability.
5. Uniform credentials infrastructure
6. Support for secure group communication
7. Support for multiple implementations.
Security policy derives a set of rules that defines the relationship between a subject and an object. A subject generally refers to users. Passwords and certificates are some credentials used for verifying a subject. A resource that is protected using security policy is called as object. A trust domain consists of both subject and objects. The security policies used in computing grids are listed below.
1. Computing grids must hold multiple trust domains.
2. Single trust domain makes use of only local security policies.
3. A trust domain is plotted to local subjects from global subjects.
4. Mutual authentication is needed for performing operations among entities in a trust domain.
5. Access control decisions are based on local subjects.
6. A user can execute a program by providing his rights.
The communication between a subject and an object is established using protocols in the security architecture. Computers, data repositories, network and display devices are resources present in object. Grid computers make use of “user proxy” to access the resource needed for computation without user’s involvement. The life span of each proxy is in the hand of user. The drawbacks found in a user proxy are that it discovers complexity of credentials and restricts the user to limit the time duration. A “resource proxy” is employed for distributing access to resources.
To access a resource, a user proxy should request to resource proxy. A resource can be accessed only if the request is achieved. A request may fail, if there is no resource available.
An “exact” mapping should be available between a global and local subject. This is successful when we translate a global into local name with the help of a mapping table. But it produces some complexities. Hence this can be achieved using local authentication process. Then an accurate mapping is done finally.
Globus Security Infrastructure is a platform for implementing grid security architecture. It includes an infrastructure for wide range of computations. The Globus Security Infrastructure refers secure socket library for deriving authentication protocol. The implementation of this security architecture will be flexible to access resources based on access control security policy.

METHOD AND SYSTEM FOR CONTROLLING USER ACCESS TO A RESOURCE IN A NERWORKED COMPUTING ENVIRONMENT
A networked computing environment uses a different approach to control files and other additional resources. This technique is executed in a multi user computer network. Computers exchange their resources through a communication pathway. In any network, a client system requests for a resource from the server system. A “peer server” is a computer that services both client and server.
Usually, a client can’t access all the resources that the server provides. Authentication of passwords is a mechanism that a client should possess a password to login. The access to resources is restricted by using other mechanisms such as access control lists, simple share/no-share switch, etc, Some Operating Systems includes complex and hard security models for new users.
A multi-user computer network consists of a client computer and a server computer in order to manage sharing of resources between users. The resources are arranged in a tree structure. The top of the tree has main element and the extra elements are arranged under the root node. Access permission is decided from the request. The first element of the tree contains the access control lists of the second element, because a copy of the access control lists is produced and it is inherited with the first element. When a request is found, it is sent to the first element in the tree. So, that the access control lists can be updated. The next request can be updated. The next request will be sent to the second element and the process continues.
Resources in a computer include files, folders or directories. This type of method modifies the access control mechanisms providing access to use resources. This method also employs both implicit access control and explicit access control techniques.
A security provider has direct access to a database. It includes specific hardware and software peripherals. It has to possess an authentication process in order to verify whether a user accessing a resource is a valid or an invalid user.
GUI are used among users and peer servers to communicate with one another. It also gives a way to modify the access permissions of a user. Modifying the access permissions doesn’t affect the local users. In a peer server, the resources allocated with the help of Operating System. The Operating System inherits the server components with the client components. It provides manipulation, propagation of resource protection and inheritance. Low – level protocol is used to access resource across the network. A request to modify the access permission is obtained form a user interface present in a peer server, while access the resource, if a user contains permission to use the resource, then the access is granted. The recent security models and its associated protocols can be employed in various networking systems.

NIMROD/G: AN ARCHITECTURE FOR A RESOURCE MANAGEMENT AND SCHEDULING SYSTEM IN A GLOBAL COMPUTATIONAL GRID
The computational grids focus on providing access to high-end resources independent of their physical location and access pints. Some of the applications of computational grids enables a simple computational economy that includes a layer in which a user should select a “deadline”. Before the deadline the user should finish his task. This layer also collects the “price” amount for using the resource from that particular user.
In order to bring out the issues in parametric computing, a simple system known as “Mimrod” was formed. Mimrod implements bio-informatics and simulation of business processes.
Mimrod system becomes unsuccessful in dynamic computational grids. Hence a new system called called Nimrod/G was modeled with the help of globus middleware services. The architecture of Nimrod/G includes 5 components:
1. Client/ user station - it serves as an user interface and monitoring console. A client can execute multiple instances of a single client from different locations.
2. Parametric Engine- It serves as a persistent job control agent. It is responsible for managing and maintaining the whole process. It is used while jobs are created, to maintain job status, communicating with clients, schedule advisor and dispatcher.
3. Scheduler- the scheduler duty is job assignment, resource creation and resource selection.
4. Dispatcher - According to the schedulers instruction, the dispatcher will perform the execution of a task.
5. Job wrapper- it acts as an intermediate between the parametric engine and the system where the task is performed.
Computational resources can be identified using scheduling system in two ways:
1.A user instructs the Nimrod/G to finish the task before the deadline.
2. A user can go into the system and tells an appropriate price for the resource as a request.
A benefit of this system is that whether an exact result is produced or not is known before itself. The scheduling policy is derived by including the set of parameters in scheduling system. These parameters are listed below:
1. Architecture and configuration of resource
2. Resource capability.
3. Resource state, requirements and available nodes
4. Access speed, priority and queue type
5. Network bandwidth, load and latency
6. Reliability of resource and connection
7. User preference and capacity
8. Application deadline and resource cost.
The scheduler collects all the information with the help of resource discoverer and obtains a single resource from that, which can satisfy all the resource requirement for better price. Nimrod/G components communicate with each other using TCP/IP sockets. Nimrod/G can be implemented using the Globs components such as GRAM(Globus Resource Allocation Manager), MDS(Metacomputing Directory Service), GSI(Global Security Infrastructure), GASS(Global Access to Secondary Storage), and GDIS(Grid Directory Information Services). The Nimrod/G mainly concentrates on resource management and scheduling in a computational grid. Nimred/G produces a best scheduling decisions using ser of parameters.

CONCLUSION AND FUTURE WORK
Various methods developed for anonymizing data from 1998 to 2000 is discussed. Publishing microdata such as census or patient data for extensive research and other purposes is an important problem area being focused by government agencies and other social associations. The traditional approach identified through literature survey reveals that the approach of eliminating uniquely identifying fields such as social security number from microdata, still results in disclosure of sensitive data, k-anonymization optimization algorithm ,seems to be promising and powerful in certain cases ,still carrying the restrictions that optimized k-anonymity are NP-hard, thereby leading to severe computational challenges. k-anonimity faces the problem of homogeneity attack and background knowledge attack . The notion of ldiversity proposed in the literature to address this issue also poses a number of constraints , as it proved to be inefficient to prevent attribute disclosure (skewness attack and similarity attack), l-diversity is difficult to achieve and may not provide sufficient privacy protection against sensitive attribute across equivalence class can substantially improve the privacy as against information disclosure limitation techniques such as sampling cell suppression rounding and data swapping and pertubertation. Evolution of Data Anonymization Techniques and Data Disclosure Prevention Techniques are discussed in detail. The application of Data Anonymization Techniques for several spectrum of data such as trajectory data are depicted. This survey would promote a lot of research directions in the area of database anonymization.

APPENDIX
image
image
image

References
  1. Pieter Van Gorp and Marco Comuzzi “Lifelong Personal Health Data and Application Software via Virtual Machines in the Cloud” IEEE Journal of Biomedical and Healthcare Informatics, Vol. 18, No. 1, Jan 2014
  2. Sape J. Mullender, Andrew S.Tanenbaum, "Protection and Resource Control in Distributed Operating Systems", 1984.
  3. Paul J.Levine, "Computer security system for a time shared computer accessed over telephone lines US 4531023 A, 1985
  4. John G.Campbell,Carl F.Schoeneberger,"Remote hub television and security systems", US 4574305 A, 1986.
  5. A Pfitzmann, "Networks without user observability", Computers & Security 6/2 (1987) 158-166, 1987
  6. TF Lunt, " Automated audit trail analysis and intrusion detection: A survey" In Proceedings of 11th National Conference on Security, 1988
  7. Lichtenstein Eric Stefan 1984 a, Computer control medical care system US4464172.
  8. ARalph R.Frerichs, Dr. PH.Robert A. Miller 1985, Introduction of a Microcomputer for Health Research in a Developing Country.
  9. Steven P.Brown 1986, Combinational Medical Data, Identification and health Insurance card.
  10. Peter P. Gombrich, Richard J. Beard, Richard A. Griffee, Thomas R. Wilson, Ronald E. Zook, Max S. Hendrickson 1989,A Patient care system,US4835372 A. Paavo T. Kousa, " VOICE NETWORK SECURITY SYSTEM" US 4797672 A, 1989
  11. D Graft, " Methodology for network security design", IEEE Transactions on Computers, 1990
  12. Heberlein, "Network Security MONITOR, 1991
  13. John R. Corbin, " Apparatus and method for licensing software on a network of computers US 5138712 A", 1992
  14. S Gordon, "Computer Network Abuse", 1993.
  15. Neil Bodick, Andre L. Marquis1990, Interactive system and method for creating and editing a knowledge base for use as a computerized aid to the cognitive process of diagnosis,US4945476 A.
  16. Angela M. Garcia, Dr.,Boca Raton 1991 a, System and Method for scheduling and Reporting Patient related services including prioritizing services,US5974389 A.
  17. Clark Melanie Ann, John Finley, Huska; Michael Edward, Kabel; Geoffrey Harold, Graham, Marc Merrill 1991 b,System and Method for scheduling and Reporting Patient Related services.
  18. Robert W. Kukla1992,Patient care communication system, US5101476 A
  19. Mark C. Sorensen 1993, Computer aided medical diagnostic method and apparatus, US5255187 A.
  20. Edward J. Whalen, San Ramon, Olive Ave Piedmont 1994,Computerized file maintenance System for managing medical records including narrative patent documents reports.
  21. Desmond D. Cummings 1994b,All care health management system, US5301105 A.
  22. Woodrow B. Kesler Rex K Kesslerin 1994 c,Medical data draft for tracking and evaluating medical treatment.
  23. Joseph P. Tallman, Elizabeth M. Snowden, Barry W. Wolcott 1995, Medical network management system and process, US5471382 A.
  24. Peter S. Stutman, J. Mark Miller 1996,Medical alert distribution system with selective filtering of medical information
  25. Edwin C. Iliff1997,computerized medical diagnostic system including re-enter function and sensitivity factors, US5594638 A.
  26. Timothy Joseph Graettinger, Paul Alton DuBose 1998, Computer-based neural network system and method for medical diagnosis and interpretation. US5839438 A.
  27. Melanie Ann Clark, John Finley Gold, Michael Edward Huska, Geoffrey Harold Kabel, Marc Merrill Graham1999,Medical record management system and process with improved workflow features, US5974389 A.
  28. Richard S. Surwit, Lyle M. Allen, III, Sandra E. Cummings 2000 a, Systems, methods and computer program products for monitoring, diagnosing and treating medical conditions of remotely located patients, US6024699 A.
  29. Jeffrey J. Clawson 2000 b, Method and system for giving remote emergency medical counsel to choking patients, US6010451 A.
  30. Marc Edward Chicorel 2001, Computer keyboard-generated medical progress notes via a coded diagnosis-based language, US6192345 B1.
  31. Charlyn Jordan2002, Health analysis and forecast of abnormal conditions.
  32. Jeffrey J. Clawson2003, Method and system for an improved entry process of an emergency medical dispatch system
  33. PekkaRuotsalainen 2004, A cross-platform model for secure Electronic Health Record communication.
  34. Roger J. Quy2005, Method and apparatus for health and disease management combining patient data monitoring with wireless internet connectivity, US6936007 B2.
  35. Avner Amir, Avner Man2006 a, System and method for administration of on-line healthcare, WO2006006176 A2.
  36. Paul C.Tang, Joan S. Ash, David W. Bates, J. Marc overhage and Daniel Z.Sands 2006 b, Personal Health Records: Definitions, Benefits, and Strategies for Overcoming Barriers to Adoption.
  37. Christopher Alban, KhiangSeow2007, Clinical documentation system for use by multiple caregivers.
  38. Brian A. Rosenfeld, Michael Breslow2008, System and method for accounting and billing patients in a hospital environment.
  39. Jacquelyn Suzanne Hunt, Joseph Siemienczuk 2009, Process and system for enhancing medical patient care.
  40. Richard J. Schuman2010, Health care computer system, US7831447 B2.
  41. Kanagaraj, G.Sumathi, A.C.2011,Proposal of an open-source Cloud computing system for exchanging medical images of a Hospital Information System
  42. AvulaTejaswi, NelaManoj Kumar, GudapatiRadhika, SreenivasVelagapudi 2012 a, Efficient Use of Cloud Computing in Medical Science.
  43. J. Vidhyalakshmi, J. Prassanna 2012 b, Providing a trustable healthcare cloud using an enhanced accountability framework.
  44. Carmelo Pino and Roberto Di Salvo 2013, A Survey of Cloud Computing Architecture and Applications in Health.
  45. K.S. Aswathy, G. Venifa Mini 2014 a, Secure Alternate Viable Technique of Securely Sharing the Personal Health Records in Cloud.
  46. Abhishek Kumar Gupta, Kulvinder Singh Mann 2014 sharing of Medical Information on Cloud Platform.
  47. D. C. Kaelber, A. K. Jha, D. Johnston, B. Middleton, and D. W. Bates, "Viewpoint paper: research agenda for personal health records (PHRs),”J. Amer. Med. Inform. Assoc., vol. 15, no. 6, pp. 729–736, 2008.
  48. J. Ahima, “Defining the personal health record,” vol. 76, no. 6, pp. 24–25, Jun. 2005.
  49. W. Currie and M. Guah. "Conflicting institutional logics: a national programme for it in the organizational field of healthcare:, Journal of Information Technology, 22:235–247,2007.
  50. M. Gysels, A. Richardson, and J. I. Higginson "Does the patient-held record improve continuity and related outcomes in cancer care: a systematic review", Health Expectations,10(1):75–91, Mar. 2007.
  51. International Organization for Standardization. ISO TR20514:2005 Health Informatics - Electronic Health Record Definition, Scope and Context Standard. International Organization for Standardization (ISO). Geneva, Switzerland,2005.
  52. B.Powmeya , Nikita Mary Ablett ,V.Mohanapriya,S.Balamurugan,”An Object Oriented approach to Model the secure Health care Database systems,”In proceedings of International conference on computer , communication & signal processing(IC3SP)in association with IETE students forum and the society of digital information and wireless communication,SDIWC,2011,pp.2-3
  53. Balamurugan Shanmugam, Visalakshi Palaniswami, “Modified Partitioning Algorithm for Privacy Preservation in Microdata Publishing with Full Functional Dependencies”, Australian Journal of Basic and Applied Sciences, 7(8): pp.316-323, July 2013
  54. Balamurugan Shanmugam, Visalakshi Palaniswami, R.Santhya, R.S.Venkatesh “Strategies for Privacy Preserving Publishing of Functionally Dependent Sensitive Data: A State-of-the-Art-Survey”, Australian Journal of Basic and Applied Sciences, 8(15) September 2014.
  55. S.Balamurugan, P.Visalakshi, V.M.Prabhakaran, S.Chranyaa, S.Sankaranarayanan, "Strategies for Solving the NP-Hard Workflow Scheduling Problems in Cloud Computing Environments", Australian Journal of Basic and Applied Sciences, 8(15) October 2014.
  56. Charanyaa, S., et. al., , A Survey on Attack Prevention and Handling Strategies in Graph Based Data Anonymization. International Journal of Advanced Research in Computer and Communication Engineering, 2(10): 5722-5728, 2013.
  57. Charanyaa, S., et. al., Certain Investigations on Approaches forProtecting Graph Privacy in Data Anonymization. International Journal of Advanced Research in Computer and Communication Engineering, 1(8): 5722-5728, 2013.
  58. Charanyaa, S., et. al., Proposing a Novel Synergized K-Degree L-Diversity T-Closeness Model for Graph Based Data Anonymization. International Journal of Innovative Research in Computer and Communication Engineering, 2(3): 3554-3561, 2014.
  59. Charanyaa, S., et. al., , Strategies for Knowledge Based Attack Detection in Graphical Data Anonymization. International Journal of Advanced Research in Computer and Communication Engineering, 3(2): 5722-5728, 2014.
  60. Charanyaa, S., et. al., Term Frequency Based Sequence Generation Algorithm for Graph Based Data Anonymization International Journal of Innovative Research in Computer and Communication Engineering, 2(2): 3033-3040, 2014.
  61. V.M.Prabhakaran, Prof.S.Balamurugan, S.Charanyaa," Certain Investigations on Strategies for Protecting Medical Data in Cloud", International Journal of Innovative Research in Computer and Communication Engineering Vol 2, Issue 10, October 2014
  62. V.M.Prabhakaran, Prof.S.Balamurugan, S.Charanyaa," Investigations on Remote Virtual Machine to Secure Lifetime PHR in Cloud ", International Journal of Innovative Research in Computer and Communication Engineering Vol 2, Issue 10, October 2014
  63. V.M.Prabhakaran, Prof.S.Balamurugan, S.Charanyaa," Privacy Preserving Personal Health Care Data in Cloud" , International Advanced Research Journal in Science, Engineering and Technology Vol 1, Issue 2, October 2014
  64. P.Andrew, J.Anish Kumar, R.Santhya, Prof.S.Balamurugan, S.Charanyaa, "Investigations on Evolution of Strategies to Preserve Privacy of Moving Data Objects" International Journal of Innovative Research in Computer and Communication Engineering, 2(2): 3033-3040, 2014.
  65. P.Andrew, J.Anish Kumar, R.Santhya, Prof.S.Balamurugan, S.Charanyaa, " Certain Investigations on Securing Moving Data Objects" International Journal of Innovative Research in Computer and Communication Engineering, 2(2): 3033-3040, 2014.
  66. P.Andrew, J.Anish Kumar, R.Santhya, Prof.S.Balamurugan, S.Charanyaa, " Survey on Approaches Developed for Preserving Privacy of Data Objects" International Advanced Research Journal in Science, Engineering and Technology Vol 1, Issue 2, October 2014
  67. S.Jeevitha, R.Santhya, Prof.S.Balamurugan, S.Charanyaa, " Privacy Preserving Personal Health Care Data in Cloud" International Advanced Research Journal in Science, Engineering and Technology Vol 1, Issue 2, October 2014.
  68. K.Deepika, P.Andrew, R.Santhya, S.Balamurugan, S.Charanyaa, "Investigations on Methods Evolved for Protecting Sensitive Data", International Advanced Research Journal in Science, Engineering and Technology Vol 1, Issue 4, Decermber 2014.
  69. K.Deepika, P.Andrew, R.Santhya, S.Balamurugan, S.Charanyaa, "A Survey on Approaches Developed for Data Anonymization", International Advanced Research Journal in Science, Engineering and Technology Vol 1, Issue 4, Decermber 2014.
  70. S.Balamurugan, S.Charanyaa, "Principles of Social Network Data Security" LAP Verlag, Germany, ISBN: 978-3-659-61207-7, 2014
  71. S.Balamurugan, S.Charanyaa, "Principles of Scheduling in Cloud Computing" Scholars' Press, Germany,, ISBN: 978-3-639-66950-3, 2014
  72. S.Balamurugan, S.Charanyaa, "Principles of Database Security" Scholars' Press, Germany, ISBN: 978-3-639-76030-9, 2014