Vladimir Oleshchuk

• Oleshchuk, Vladimir (2023). Enforcement of Web3 Security by Use Blockchain and LLMs, 2023 IEEE 12th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS). IEEE conference proceedings. ISSN 979-8-3503-5805-6. s. 391–394. doi: 10.1109/IDAACS58523.2023.10348890.
• Sajid Ullah, Syed; Oleshchuk, Vladimir & Gardiyawasam Pussewalage, Harsha (2023). A Lightweight Access Control Scheme with Attribute Policy for Blockchain-Enabled Internet of Things. I De Capitani di Vimercati, Sabrina & Samarati, Pierangela (Red.), Proceedings of the 20th International Conference on Security and Cryptography. SciTePress. ISSN 978-989-758-666-8. s. 528–539. doi: 10.5220/0012138900003555.
• Sajid Ullah, Syed; Oleshchuk, Vladimir & Gardiyawasam Pussewalage, Harsha (2023). A survey on blockchain envisioned attribute based access control for internet of things: Overview, comparative analysis, and open research challenges. Computer Networks. ISSN 1389-1286. 235, s. 1–16. doi: 10.1016/j.comnet.2023.109994. Fulltekst i vitenarkiv
• Gardiyawasam Pussewalage, Harsha & Oleshchuk, Vladimir (2022). A Delegatable Attribute Based Encryption Scheme for a Collaborative E-health Cloud. IEEE Transactions on Services Computing. ISSN 1939-1374. 16(2), s. 787–801. doi: 10.1109/TSC.2022.3174909.
• Abeyrathna, Kuruge Darshana; Gardiyawasam Pussewalage, Harsha; Ranasinghe, Sasanka Niromi; Oleshchuk, Vladimir & Granmo, Ole-Christoffer (2020). Intrusion Detection with Interpretable Rules Generated Using the Tsetlin Machine, 2020 IEEE Symposium Series on Computational Intelligence (SSCI). IEEE (Institute of Electrical and Electronics Engineers). ISSN 978-1-7281-2547-3. s. 1121–1130. doi: 10.1109/SSCI47803.2020.9308206.
• Oleshchuk, Vladimir (2019). Secure and Privacy Preserving Pattern Matching in Distributed Cloud-based Data Storage, IEEE International Workshop on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications, 2009, IDAACS 2009. IEEE conference proceedings. ISSN 9781424449019. s. 820–823. doi: 10.1109/IDAACS.2019.8924356. Vis sammendrag

  The paper describes an architecture for privacy-enhanced intrusion detection systems, that separates privacy-invasive and privacy-preserving operations. This can be useful in cases where less sensitive network monitoring is outsourced to a third party and more sensitive network monitoring operations and data forensics are performed in-house or by law enforcement agencies.

• Zhang, Danchen; Zadorozhny, Vladimir I. & Oleshchuk, Vladimir (2019). SLFTD: A Subjective Logic Based Framework for Truth Discovery. I Welzer, Tatjana; Eder, Johann; Podgorelec, Vili; Wrembel, Robert; Ivanović, Mirjana; Gamper, Johann; Morzy, Mikoƚaj; Tzouramanis, Theodoros; Darmont, Jerome & Kamišalić Latifić, Aida (Red.), New Trends in Databases and Information Systems. ADBIS 2019 Short Papers, Workshops BBIGAP, QAUCA, SemBDM, SIMPDA, M2P, MADEISD, and Doctoral Consortium, Bled, Slovenia, September 8–11, 2019, Proceedings. Springer. ISSN 978-3-030-30277-1. s. 102–110. doi: 10.1007/978-3-030-30278-8_13.
• Gardiyawasam Pussewalage, Harsha & Oleshchuk, Vladimir (2019). An Anonymous Delegatable Attribute-based Credential Scheme for a Collaborative E-health Environment. ACM Transactions on Internet Technology. ISSN 1533-5399. 19(3). doi: 10.1145/3338854.
• Gardiyawasam Pussewalage, Harsha & Oleshchuk, Vladimir (2018). Blockchain Based Delegatable Access Control Scheme for a Collaborative E-health Environment, 2018 IEEE Confs on Internet of Things, Green Computing and Communications, Cyber, Physical and Social Computing, Smart Data, Blockchain, Computer and Information Technology, Congress on Cybermatics. IEEE conference proceedings. ISSN 978-1-5386-7975-3. s. 1204–1211. doi: 10.1109/Cybermatics_2018.2018.00214. Vis sammendrag

  Abstract—Modern electronic healthcare (e-health) settings constitute collaborative environments requiring sophisticated finegrained access control mechanisms to cater their access demands. Access delegatability is quite crucial to realize fine-grained, flexible access control schemes compatible with such environments. In this paper, we addressed this issue through proposing an attribute based access control scheme integrated with controlled access delegation capabilities suitable for a multi-domain e-health environment. We have utilized the blockchain technology to manage attribute assignments, delegations as well as revocations. The scheme enables delegations in a controlled manner without jeopardizing the security of the system. The control is achieved via granting each delegating user the capability of controlling the subsequent delegations made by the delegatee as well as limiting the length of a chain of delegations. Furthermore, it is equipped with a superior attribute revocation mechanism and induces substantially lower key management overhead to the endusers in comparison to the existing access control schemes with delegatability

• Abomhara, Mohamed Ali Saleh; Køien, Geir Myrdahl; Oleshchuk, Vladimir & Hamid, Mohamed (2018). Towards Risk-aware Access Control Framework for Healthcare Information Sharing, Proceedings of the 4th International Conference on Information Systems Security and Privacy. SciTePress. ISSN 978-989-758-282-0. s. 312–321. doi: 10.5220/0006608103120321.
• Gardiyawasam Pussewalage, Harsha & Oleshchuk, Vladimir (2017). Attribute based access control scheme with controlled access delegation for collaborative E-health environments. Journal of Information Security and Applications. ISSN 2214-2134. 37, s. 50–64. doi: 10.1016/j.jisa.2017.10.004.
• Oleshchuk, Vladimir (2017). A trust-based security enforcement in disruption-tolerant networks, Proceedings of 2017 IEEE 9th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS).. IEEE conference proceedings. ISSN 978-1-5386-0697-1. doi: 10.1109/IDAACS.2017.8095134.
• Gardiyawasam Pussewalage, Harsha & Oleshchuk, Vladimir (2017). A Distributed Multi-Authority Attribute Based Encryption Scheme for Secure Sharing of Personal Health Records. I NN, N (Red.), Proceedings of the 22nd ACM Symposium on Access Control Models and Technologies (ACM SACMAT). Association for Computing Machinery (ACM). ISSN 978-1-4503-4702-0. s. 255–262. doi: 10.1145/3078861.3078880.
• Gardiyawasam Pussewalage, Harsha & Oleshchuk, Vladimir (2017). An Efficient Multi-Show Unlinkable Attribute Based Credential Scheme for a Collaborative E-Health Environment. I NN, N (Red.), 2017 IEEE 3rd International Conference on Collaboration and Internet Computing (CIC). IEEE (Institute of Electrical and Electronics Engineers). ISSN 978-1-5386-2565-1. s. 421–428. doi: 10.1109/CIC.2017.00060.
• Oleshchuk, Vladimir (2016). A Novel Framework for Security Enforcement in Networks for Disaster and Crisis Management. Proceedings of the International ISCRAM Conference. ISSN 2411-3387. Vis sammendrag

  The paper proposes a framework that provides security in networks deployed in disaster areas. Traditional networks are not well suitable to use in such setting due to many unusual constraints such as long delays, high packet drop rates, unavailability of central trusted entity etc. Under such constraints existing security protocols do not work. Proposed here approach provides solutions for some of these problems often listed as challenges in the literature. We consider delay-tolerant wireless networks as a most suitable for such setting, and propose a trust based approach that provides flexible and efficient solutions that can be used in disaster areas.

• Gardiyawasam Pussewalage, Harsha & Oleshchuk, Vladimir (2016). A Patient-Centric Attribute Based Access Control Scheme for Secure Sharing of Personal Health Records Using Cloud Computing. I Bilof, Randall (Red.), 2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC). IEEE (Institute of Electrical and Electronics Engineers). ISSN 978-1-5090-4607-2. s. 46–53. doi: 10.1109/CIC.2016.020.
• Gardiyawasam Pussewalage, Harsha & Oleshchuk, Vladimir (2016). An attribute based access control scheme for secure sharing of electronic health records, 2016 IEEE 18th International Conference on e-Health Networking, Applications and Services (Healthcom),. IEEE conference proceedings. ISSN 978-1-5090-3370-6. doi: 10.1109/HealthCom.2016.7749516.
• Yang, Huihui; Oleshchuk, Vladimir & Prinz, Andreas (2016). Verifying group authentication protocols by Scyther. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications. ISSN 2093-5374. 7(2), s. 3–19. doi: 10.1109/pdp.2016.27.
• Gardiyawasam Pussewalage, Harsha & Oleshchuk, Vladimir (2016). Privacy preserving mechanisms for enforcing security and privacy requirements in E-health solutions. International Journal of Information Management. ISSN 0268-4012. 36(6), s. 1161–1173. doi: 10.1016/j.ijinfomgt.2016.07.006.
• Yang, Huihui; Prinz, Andreas & Oleshchuk, Vladimir (2016). Formal Analysis and Model Checking of a Group Authentication Protocol by Scyther. I Cotronis, Yiannis; Daneshtalab, Masoud & Papadopoulos, George Angelos (Red.), Proceedings of the 24th Euromicro International Conference on Parallel, Distributed, and Network-Based Processing (PDP2016). IEEE (Institute of Electrical and Electronics Engineers). ISSN 978-1-4673-8775-0. s. 553–557. doi: 10.1109/PDP.2016.27.
• Venkatesan, Sibi Prasanna; Oleshchuk, Vladimir; Chellappan, C. & Prakash, Sourabh (2016). Analysis of key management protocols for social networks. Social Network Analysis and Mining. ISSN 1869-5450. 6(1), s. 1–16. doi: 10.1007/s13278-015-0310-0.
• Gardiyawasam Pussewalage, Harsha; Ranaweera, Pasika; Oleshchuk, Vladimir & Balapuwaduge, Indika A.M. (2016). Secure Multi-party based Cloud Computing Framework for Statistical Data Analysis of Encrypted Data. I NN, N (Red.), 19th International Conference on Innovations in Clouds, Internet and Networks. IFIP International Federation for Information Processing. ISSN 978-3-901882-81-4. s. 22–28. Vis sammendrag

  Secure multi-party computation (SMC) is a paradigm used to accomplish a common computation among multiple users while keeping the data of each party secret from others. Cloud computing is a next generation computing solution which allows its users to use high speed infrastructure and services provided by cloud service providers (CSP) in a cost effective manner. Therefore, deployment of cloud based architecture for SMCs would aid in improving its performance and efficiency. However, cloud based solutions raises concerns over security of users’ private data, since data is under the control of an external entity when outsourced to cloud platforms. In this paper we have proposed a Secure Multi-party based Cloud Computing Framework which can ensure security, privacy and anonymity of users’ private data. This framework is modeled by considering a scenario which requires outsourcing statistical parameter computation of private sales data of an organization’s sales personnel. The results that we have obtained, provides significant evidence of feasibility of multi-party based cloud computing solutions.

• Ulltveit-Moe, Nils & Oleshchuk, Vladimir (2016). Enforcing mobile security with location-aware role-based access control. Security and Communication Networks. ISSN 1939-0114. 9(5), s. 429–439. doi: 10.1002/sec.879. Vis sammendrag

  This paper describes how location-aware role-based access control (RBAC) can be implemented on top of the Geospatial eXtensible Access Control Markup Language (GeoXACML). It furthermore sketches how spatial separation of duty constraints (both static and dynamic) can be implemented using GeoXACML on top of the XACML RBAC profile. The solution uses physical addressing of geographical locations, which facilitates easy deployment of authorisation profiles to the mobile device. Location-aware RBAC can be used to implement location-dependent access control and also other security enhancing solutions on mobile devices, such as location-dependent device locking, firewall, intrusion prevention or payment anti-fraud systems. The system has been implemented and tested, both to verify the server capacity and also the client capacity running on a mobile device

• Oleshchuk, Vladimir (2015). Constraints validation in privacy-preserving attribute-based access control, Proceedings of the 2015 IEEE 8th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS). IEEE conference proceedings. ISSN 978-1-4673-8359-2. s. 429–431. doi: 10.1109/IDAACS.2015.7340772.
• Yang, Huihui & Oleshchuk, Vladimir (2015). Traceable hierarchical attribute-based authentication for the cloud. I Samarati, Pierangela & Noubir, Guevara (Red.), 2015 IEEE Conference on Communications and Network Security (CNS), Florence, 28-30 September, 2015. IEEE conference proceedings. ISSN 978-1-4673-7876-5. s. 685–689. doi: 10.1109/CNS.2015.7346888.
• Yang, Huihui & Oleshchuk, Vladimir (2015). ATTRIBUTE-BASED AUTHENTICATION SCHEMES: A SURVEY. International Scientific Journal of Computing. ISSN 1727-6209. 14(2), s. 86–96.
• Yang, Huihui & Oleshchuk, Vladimir (2015). An efficient traceable attribute-based authentication scheme with one-time attribute trees. Lecture Notes in Computer Science (LNCS). ISSN 0302-9743. 9417, s. 123–135. doi: 10.1007/978-3-319-26502-5_9.
• Yang, Huihui & Oleshchuk, Vladimir (2015). A dynamic attribute-based authentication scheme. Lecture Notes in Computer Science (LNCS). ISSN 0302-9743. 9084, s. 106–118. doi: 10.1007/978-3-319-18681-8_9.
• Ulltveit-Moe, Nils & Oleshchuk, Vladimir (2015). A novel policy-driven reversible anonymisation scheme for XML-based services. Information Systems. ISSN 0306-4379. 48, s. 164–178. doi: 10.1016/j.is.2014.05.007. Vis sammendrag

  This paper proposes a reversible anonymisation scheme for XML messages that supports fine-grained enforcement of XACML-based privacy policies. Reversible anonymisation means that information in XML messages is anonymised, however the information required to reverse the anonymisation is cryptographically protected in the messages. The policy can control access down to octet ranges of individual elements or attributes in XML messages. The reversible anonymisation protocol effectively implements a multi-level privacy and security based approach, so that only authorised stakeholders can disclose confidential information up to the privacy or security level they are authorised for. The approach furthermore supports a shared secret based scheme, where stakeholders need to agree to disclose confidential information. Last, it supports time limited access to private or confidential information. This opens up for improved control of access to private or confidential information in XML messages used by a service oriented architecture. The solution provides horizontally scalable confidentiality protection for certain types of big data applications, like XML databases, secure logging and data retention repositories.

• Yang, Huihui & Oleshchuk, Vladimir (2014). An improvement of the batch-authentication and key agreement framework for P2P-based online social networks. I Schmidt, Andreas U. (Red.), International Conference on Privacy and Security in Mobile Systems (PRISMS), 2014. Curran Associates, Inc.. ISSN 978-1-4799-4630-3. doi: 10.1109/PRISMS.2014.6970596. Vis sammendrag

  Batch authentication is the way to authenticate multiple users simultaneously to provide better efficiency. In [1], three batch authentication protocols are proposed based on different primitives, to provide simultaneous authentication of multiple users in online social networks (OSNs). In this paper, we briefly introduce the original protocols, describe their security vulnerabilities and related attacks, and propose modifications to make them secure again.

• Yi, Ren; Zadorozhny, Vladimir I.; Oleshchuk, Vladimir & Li, Frank Young (2014). A Novel Approach to Trust Management in Unattended Wireless Sensor Networks. IEEE Transactions on Mobile Computing. ISSN 1536-1233. 13(7), s. 1409–1423. doi: 10.1109/TMC.2013.22. Vis sammendrag

  Unattended Wireless Sensor Networks (UWSNs) are characterized by long periods of disconnected operation and fixed or irregular intervals between sink visits. The absence of an online trusted third party implies that existing WSN trust management schemes are not applicable to UWSNs. In this paper, we propose a trust management scheme for UWSNs to provide efficient and robust trust data storage and trust generation. For trust data storage, we employ a geographic hash table to identify storage nodes and to significantly decrease storage cost. We use subjective logic based consensus techniques to mitigate trust fluctuations caused by environmental factors. We exploit a set of trust similarity functions to detect trust outliers and to sustain trust pollution attacks. We demonstrate, through extensive analyses and simulations, that the proposed scheme is efficient, robust and scalable.

• Yang, Huihui; Lei, Jiao & Oleshchuk, Vladimir (2014). A General Framework for Group Authentication and Key Exchange Protocols, 6th International Symposium, FPS 2013, La Rochelle, France, October 21-22, 2013, Revised Selected Papers. Springer. ISSN 978-3-319-05301-1. s. 31–45. doi: 10.1007/978-3-319-05302-8_3.
• Yi, Ren; Oleshchuk, Vladimir & Li, Frank Yong (2013). Optimized Secure and Reliable Distributed Data Storage Scheme and Performance Evaluation in Unattended WSNs. Computer Communications. ISSN 0140-3664. 36(9), s. 1067–1077. doi: 10.1016/j.comcom.2012.08.001. Vis sammendrag

  Unattended Wireless Sensor Networks (UWSNs), characterized by the absence of real-time communication between sensors and sinks, impose sensors to retain data till the next visit of a mobile sink to off-load their data. In such networks, if a sensor is compromised, data accumulated in the sensor are exposed to attackers. In addition, by holding the secret key of the compromised sensor, attackers can also learn post-compromise data accumulated by the sensor. Furthermore, once sensors stop working due to, for instance, node crash or battery depletion, all the accumulated data will be lost. In this paper, we propose a secure and reliable data distribution scheme that addresses these challenges. Detailed analysis shows that our scheme can provide forward secrecy, probabilistic backward secrecy and data reliability. To further improve probabilistic backward secrecy and data reliability, a constrained optimization data distribution scheme is also proposed. Detailed analysis and simulation results show the superiority of the proposed scheme in comparison with several existing schemes developed for UWSNs.

• Pelechrinis, Konstantinos; Zadorozhny, Vladimir I.; Kounev, Velin; Oleshchuk, Vladimir; Anwar, Mohd & Lin, Yiling (2013). Automatic evaluation of information provider reliability and expertise. World wide web (Bussum). ISSN 1386-145X. 18(1), s. 33–72. doi: 10.1007/s11280-013-0249-x. Vis sammendrag

  Q&A social media have gained a lot of attention during the recent years. People rely on these sites to obtain information due to a number of advantages they offer as compared to conventional sources of knowledge (e.g., asynchronous and convenient access). However, for the same question one may find highly contradicting answers, causing an ambiguity with respect to the correct information. This can be attributed to the presence of unreliable and/or non-expert users. These two attributes (reliability and expertise) significantly affect the quality of the answer/information provided. We present a novel approach for estimating these user’s characteristics relying on human cognitive traits. In brief, we propose each user to monitor the activity of his peers (on the basis of responses to questions asked by him) and observe their compliance with predefined cognitive models. These observations lead to local assessments that can be further fused to obtain a reliability and expertise consensus

• Gardiyawasam Pussewalage, H. Sandaruwan; Ranaweera, P. Sashmal & Oleshchuk, Vladimir (2013). PLC security and critical infrastructure protection. I Herath, H.M.V.R. (Red.), 8th IEEE International Conference on Industrial and Information Systems (ICIIS), 2013. IEEE conference proceedings. ISSN 978-1-4799-0910-0. s. 81–85. doi: 10.1109/ICIInfS.2013.6731959. Vis sammendrag

  Programmable Logic Controllers (PLCs) are the most important components embedded in Industrial Control Systems (ICSs). ICSs have achieved highest standards in terms of efficiency and performance. As a result of that, higher portion of infrastructure in industries has been automated for the comfort of human beings. Therefore, protection of such systems is crucial. It is important to investigate the vulnerabilities of ICSs in order to solve the threats and attacks against critical infrastructure to protect human lives and assets. PLC is the basic building block of an ICS. If PLCs are exploited, overall system will be exposed to the threat. Many believed that PLCs are secured devices due to its isolation from the external networks of the system. The attacks such as Stuxnet have proven the incorrectness of such thoughts. In this paper we have revealed the vulnerabilities of PLCs through a variety of attack vectors which could affect the related critical infrastructure. Furthermore, we have proposed solutions for such weaknesses in PLC based systems.

• Oleshchuk, Vladimir (2013). A novel scheme for privacy preserving in RBAC, Proceedings of the 2013 IEEE 7th International Conference on Intelligent Data Acquisition and Advanced Computing Systems (IDAACS). IEEE conference proceedings. ISSN 978-1-4799-1426-5. s. 620–623. doi: 10.1109/IDAACS.2013.6662999. Vis sammendrag

  Role Based Access Control (RBAC) Model has been proved to be quite useful and has drawn a lot of research interest over the last fifteen years. In this paper we discuss general context-aware RBAC model. We analyze potential privacy threats associated with use of contextaware RBAC and propose a novel scheme that provides privacy-preserving for access models based on RBAC.

• Køien, Geir Myrdahl & Oleshchuk, Vladimir (2013). Addressing the Terms-of-Service Threat - Client-side Security and Policy Control for Free File Storage Services. I Desprez,, Frédéric; Ferguson, Donald; Hadar, Ethan; Leymann, Frank & Jarke, Matthias (Red.), CLOSER 2013 : Proceedings of the 3rd International Conference on Cloud Computing and Services Science, Aachen, Germany, 8-10 May, 2013. SciTePress. ISSN 978-989-8565-52-5. s. 562–569.
• Ulltveit-Moe, Nils; Gjøsæter, Terje; Assev, Sigurd M.; Køien, Geir Myrdahl & Oleshchuk, Vladimir (2013). Privacy handling for critical information infrastructures. I Gomes, Luís & Hübner, Michael (Red.), Industrial Informatics (INDIN), 2013 11th IEEE International Conference on. IEEE conference proceedings. ISSN 978-1-4799-0752-6. s. 688–694. doi: 10.1109/indin.2013.6622967. Vis sammendrag

  This paper proposes an architecture and a methodology for privacy handling in Critical Information Infrastructures. Privacy is in this respect considered as both the risk of revealing person-sensitive information, for example from critical infrastructures in health institutions, but also to identify and avoid leakage of confidential information from the critical information infrastructures themselves. The architecture integrates privacy enhancing technologies into an enterprise service bus, which allows for policy-controlled authorisation, anonymisation and encryption of information in XML elements or attributes in messages on the service bus. The proposed methodology can be used to identify, quantify and reduce leakages of private or confidential information. It also suggests privacy enforcement mechanisms to increase the resilience against sensitive information leakages caused by cyber attacks.

• Oleshchuk, Vladimir (2012). Context-aware RBAC. I Sonntag, Michael & Normanseder, Rudolf (Red.), Informatik: Von Anfang an. TRAUNER Verlag. ISSN 978-3-99033-058-6. s. 139–146.
• Yi, Ren; Zadorozhny, Vladimir; Oleshchuk, Vladimir & Li, Frank Yong (2012). An Efficient, Robust, and Scalable Trust Management Scheme for Unattended Wireless Sensor Networks. I Chakraborty, Dipanjan; Lu, Hua & Venkatasubramanian, Nalini (Red.), IEEE 13th International Conference on Mobile Data Management (MDM). IEEE (Institute of Electrical and Electronics Engineers). ISSN 978-0-7695-4713-8. s. 147–156. doi: 10.1109/mdm.2012.13. Vis sammendrag

  Unattended Wireless Sensor Networks (UWSNs) are characterized by long periods of disconnected operation and fixed or irregular intervals between visits by the sink. The absence of an online trusted third party, i.e., an on-site sink, makes existing trust management schemes used in legacy wireless sensor networks not applicable to UWSNs directly. In this paper, we propose a trust management scheme for UWSNs to provide efficient, robust and scalable trust data storage. For trust data storage, we employ geographic hash table to efficiently identify data storage nodes and to significantly reduce storage cost. We demonstrate, through detailed analyses and extensive simulations, that the proposed scheme is efficient, robust, and scalable.

• Yi, Ren; Oleshchuk, Vladimir; Li, Frank Yong & Sulistyo, Selo (2012). FoSBaS: A bi-directional secrecy and collusion resilience key management scheme for BANs. I Sibille, Alain (Red.), 2012 IEEE Wireless Communications and Networking Conference. IEEE conference proceedings. ISSN 9781467304375. s. 2841–2846. doi: 10.1109/wcnc.2012.6214286. Vis sammendrag

  Body Area Network (BAN) consists of various types of small physiological sensors, transmission modules and low computational components and can thus form an E-health solution for continuous all-day and any-place health monitoring. To protect confidentiality of collected data, a shared group key is usually deployed in a BAN, and consequently a secure communication group is generated. In this paper, we propose a bi-directional security and collusion resilience key management scheme for BAN, referred to as FoSBaS. Detailed analysis shows that the scheme can provide both forward security and backward security and resist against collusion attacks. Furthermore, the FoSBaS is implemented on a Sun SPOT based sensor network testbed to evaluate its performance. Experimental results show that a group key can be updated within 102.13 ms with 60.22 mJ energy consumption on a 12 node BAN with 28 bits pairwise key.

• Oleshchuk, Vladimir (2012). Trust-enhanced intelligent security model. I R.R, Yager; Sgurev, V. & Hadjiski, M. (Red.), Proceedings of 2012 IEEE 6th International Conference Intelligent Systems. IEEE conference proceedings. ISSN 978-1-4673-2782-4. s. 476–480. doi: 10.1109/is.2012.6335179. Vis sammendrag

  In this paper we propose a trust-enhancement of access control to protect both integrity and confidentiality based on trustworthiness of users performing operations and documents’ content analysis. We propose to utilize trustworthiness opinions from subjective logic and express levels of integrity as levels of trustworthiness. We assign confidentiality levels based on contents of documents and use opinions to express trustworthiness of such assignments.

• Oleshchuk, Vladimir (2012). Trust-enhanced data integrity model. I Sikora, Axel (Red.), Wireless Systems (IDAACS-SWS), 2012 IEEE 1st International Symposium on. IEEE conference proceedings. ISSN 978-1-4673-4677-1. s. 109–112. doi: 10.1109/idaacs-sws.2012.6377645. Vis sammendrag

  In this paper we propose an enhancement of data integrity model. The proposed model is based on the idea of Biba integrity model but uses more elaborated integrity measurements. Since integrity can be seen as “trustworthiness of data and resources”, we propose to utilize trustworthiness opinions from subjective logic and express levels of integrity as levels of trustworthiness.

• Oleshchuk, Vladimir (2012). Trust-aware RBAC. I Kotenko, Igor & Skormin, Victor (Red.), Computer Network Security: Proceedings of 6th International Conference on Mathematical Methods, Models and Architectures for Comüuter Network Security, MMM-ACNS 2012, St. Petersburg, Russia, October 17-19, 2012,. Springer. ISSN 978-3-642-33703-1. s. 97–107. doi: 10.1007/978-3-642-33704-8_9. Vis sammendrag

  In this paper we propose a trust-aware enhancement of RBAC (TA-RBAC) that takes trustworthiness of users into consideration explicitly before granting access. We assume that each role in the framework is associated with an expression that describe trustworthiness of subjects required to be able to activate the role, and each subject (user) has assigned trustworthiness level in the system. By adding trustworthiness constraints to roles we enhance system, for example, with more flexible ability to delegate roles, to control reading/updating of objects by denying such operations to those subjects that violate trustworthiness requirements.

• Zheng, Xianghan & Oleshchuk, Vladimir (2012). Security Enhancement of Peer-to-Peer Session Initiation. I Gupta, Manisch; Walp, John & Sharman, Raj (Red.), Threats, Countermeasures, and Advances in Applied Information Security. IGI Global. ISSN 9781466609785. s. 281–308. doi: 10.4018/978-1-4666-0978-5.ch015.
• Oleshchuk, Vladimir (2012). Spatially-Aware Access Control Model: A Step towards Secure and Energy-Efficient Mobile Applications. Journal of green engineering. ISSN 1904-4720. 2(2), s. 125–138. Vis sammendrag

  Role Based Access Control (RBAC)Model has been found to be quite useful and has drawn a lot of research interest over the last fifteen years. It was recently defined as NIST/ANSI Standard. Traditional RBAC considers user to role as well as role to permission assignments to be static in nature with respect to space and time. However it was observed that in the context of mobile applications, spatial context plays an increasingly important role both in defining and enforcing more elaborated security policies since in many applications locations of participants should directly influence access control decisions. Recent years many extensions of RBAC to deal with spatial context have being proposed. However another benefit of location awareness (not considered yet in existing extensions of RBAC) is an ability to provide more energy-efficient (more “green”) solutions. In this paper we consider extensions of RBAC and propose to use location both as a security and an energy-related parameter. We discuss some applications and directions of future research.

• Ulltveit-Moe, Nils & Oleshchuk, Vladimir (2012). Mobile Security with Location-Aware Role-Based Access Control. I Prasad, Ramjee; Farkas, Károly; Schmidt, Andreas U.; Lioy, Antonio; Russel, Giovanni; Luccio, Flaminia L.; Akan, Ozgur; Bellavista, Paolo; Cao, Jiannong; Dressler, Falko; Ferrari, Domenico; Gerla, Mario; Kobayashi, Hisashi; Palazzo, Sergio; Sahni, Sartaj; Shen, Xuemin; Stan, Mircea; Xiaohua, Jia; Zomaya, Albert & Coulson, Geoffry (Red.), Security and Privacy in Mobile Information and Communication Systems. Third International ICST Conference, MobiSec 2011, Aalborg, Denmark, May 17-19, 2011, Revised Selected Papers. Springer. ISSN 978-3-642-30244-2. s. 172–183. Vis sammendrag

  This paper describes how location-aware Role-Based Access Control (RBAC) can be implemented on top of the Geographically eXtensible Access Control Markup Language (GeoXACML). It furthermore sketches how spatial separation of duty constraints (both static and dynamic) can be implemented using GeoXACML on top of the XACML RBAC profile. The solution uses physical addressing of geographical locations which facilitates easy deployment of authorisation profiles to the mobile device. Location-aware RBAC can be used to implement location dependent access control and also other security enhancing solutions on mobile devices, like location dependent device locking, firewall, intrusion prevention or payment anti-fraud systems.

• Ulltveit-Moe, Nils & Oleshchuk, Vladimir (2012). Decision-cache based XACML authorisation and anonymisation for XML documents. Computer Standards & Interfaces. ISSN 0920-5489. 34(6), s. 527–534. doi: 10.1016/j.csi.2011.10.007. Vis sammendrag

  This paper describes a decision cache for the eXtensible Access Control Markup Language (XACML) that supports fine-grained authorisation and anonymisation of XML based messages and documents down to XML attribute and element level. The decision cache is implemented as an XACML obligations service, where a specification of the XML elements to be authorised and anonymised is sent to the Policy Enforcement Point (PEP) during initial authorisation. Further authorisation of individual XML elements according to the authorisation specification is then performed on all matching XML resources, and decisions are stored in the decision cache. This makes it possible to cache fine-grained XACML authorisation and anonymisation decisions, which reduces the authorisation load on the Policy Decision Point (PDP). The theoretical solution is related to a practical case study consisting of a privacy-enhanced intrusion detection system that needs to perform anonymisation of Intrusion Detection Message Exchange Format (IDMEF) XML messages before they are sent to a security operations centre that operates in privacy-preserving mode. The solution increases the scalability of XACML based authorisation significantly, and may be instrumental in implementing federated authorisation and anonymisation based on XACML in several areas, including intrusion detection systems, web services, content management systems and GRID based authentication and authorisation.

• Yi, Ren; Oleshchuk, Vladimir; Li, Frank Yong & Sulistyo, Selo (2011). SCARKER: A Sensor Capture Resistance and Key Refreshing Scheme for Mobile WSNs. Conference on Local Computer Networks. ISSN 0742-1303. s. 271–274. doi: 10.1109/lcn.2011.6115207. Vis sammendrag

  Source: 2011 IEEE 36TH CONFERENCE ON LOCAL COMPUTER NETWORKS (LCN) ISBN: 978-1-61284-928-7

• Oleshchuk, Vladimir (2011). Trust-enhanced Biba integrity model. I Gavish, Bezalel (Red.), Proceedings of the 2011 Networking and Electronic Commerce Research Conference (NAEC2011). IFIP Working Group 7.3. ISSN 978-0-9820958-5-0. s. 256–258.
• Pelechrinis, Konstantinos; Zadorozhny, Vladimir & Oleshchuk, Vladimir (2011). Collaborative assessment of information provider's reliability and expertise using subjective logic. I Georgakopoulos, Dimitrios & Joshi, James (Red.), CollaborateCom Proceedings of the 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing. IEEE Press. ISSN 978-1-936968-36-7. s. 352–361. doi: 10.4108/icst.collaboratecom.2011.247102. Vis sammendrag

  Q&A social media have gained a lot of attention during the recent years. People rely on these sites to obtain information due to a number of advantages they offer as compared to conventional sources of knowledge (e.g., asynchronous and convenient access). However, for the same question one may find highly contradicting answers, causing an ambiguity with respect to the correct information. This can be attributed to the presence of unreliable and/or non-expert users. These two attributes (reliability and expertise) significantly affect the quality of the answer/information provided. We present a novel approach for estimating these user's characteristics relying on human cognitive traits. In brief, we propose each user to monitor the activity of her peers (on the basis of responses to questions asked by her) and observe their compliance with predefined cognitive models. These observations lead to local assessments that can be further fused to obtain a reliability and expertise consensus for every other user in the social network (SN). For the aggregation part we use subjective logic. To the best of our knowledge this is the first study of this kind in the context of Q&A SN. Our proposed approach is highly distributed; each user can individually estimate the expertise and the reliability of her peers using her direct interactions with them and our framework. The online SN (OSN), which can be considered as a distributed database, performs continuous data aggregation for users expertise and reliability assessment in order to reach a consensus. We emulate a Q&A SN to examine various performance aspects of our algorithm (e.g., convergence time, responsiveness etc.). Our evaluations indicate that it can accurately assess the reliability and the expertise of a user with a small number of samples and can successfully react to the latter's behavior change, provided that the cognitive traits hold in practice.

• Oleshchuk, Vladimir (2011). Ontology-based service matching and discovery. I Petcu, Dana & Sikora, Axel (Red.), 2011 IEEE 6th International Conference on Intelligent Data Acquisition and Advanced Computing Systems (IDAACS). IEEE Press. ISSN 978-1-4577-1423-8. s. 609–612. doi: 10.1109/idaacs.2011.6072840. Vis sammendrag

  In this paper we consider ontologies as knowledge structures that specify attributes of services, their properties and relations among them to enable finding semantic similarity between service descriptions and service requests. Ontologies reflect semantic relationship between concepts represented by attributes in service descriptions and service requests. We use knowledge from ontologies to enhance the both user service requests and service descriptions by adding concepts that are not presented in the original descriptions, and use them in comparison process. It results in more precise matching since we consider also implicit concepts. Thus services and requests that do not contain exact matching attributes can be anyway found semantically matching on some abstraction level.

• Pelechrinis, Konstantinos; Zadorozhny, Vladimir & Oleshchuk, Vladimir (2011). A Cognitive-based Scheme for User Reliability and Expertise Assessment in Q&A Social Networks. I Alhajj, Reda; Joshi, James & Shyu, Mei-Ling (Red.), Proceeding of the 2011 IEEE International Conference on Information Reuse and Integration. IEEE Press. ISSN 978-1-4577-0966-1. s. 545–550. doi: 10.1109/iri.2011.6009614. Vis sammendrag

  Q&A social media has gained a great deal of attention during recent years. People rely on these sites to obtain information due to the number of advantages they offer as compared to conventional sources of knowledge (e.g., asynchronous and convenient access). However, for the same question one may find highly contradictory answers, causing ambiguity with respect to the correct information. This can be attributed to the presence of unreliable and/or non-expert users. In this work, we propose a novel approach for estimating the reliability and expertise of a user based on human cognitive traits. Every user can individually estimate these values based on local pairwise interactions. We examine the convergence performance of our algorithm and we find that it can accurately assess the reliability and the expertise of a user and can successfully react to the latter’s behavior change.

• Michalas, Antonis; Oleshchuk, Vladimir; Komninos, Nikos & Prasad, Neeli R. (2011). Privacy-Preserving Scheme for Mobile Ad Hoc Networks, 2011 IEEE Symposium on Computers and Communications (ISCC) June 28 2011-July 1 2011. IEEE Sarnoff Symposium. ISSN 978-1-4577-0680-6. s. 752–757. doi: 10.1109/iscc.2011.5983930. Vis sammendrag

  In this paper we propose a decentralized privacy-preserving scheme for mobile ad hoc networks (MANETs), where nodes establish security associations. In order to achieve privacy and security, we use homomorphic encryption and polynomial intersection so as to find the common friends of two nodes. Through our experimental results we verify the correctness of our scheme given the limitations of MANETs.

• Oleshchuk, Vladimir & Køien, Geir Myrdahl (2011). Security and privacy in the cloud a long-term view, Wireless Communication, Vehicular Technology, Information Theory and Aerospace & Electronic Systems Technology (Wireless VITAE), 2011 2nd International Conference on. IEEE Press. ISSN 978-1-4577-0786-5. s. 1–5. doi: 10.1109/wirelessvitae.2011.5940876. Vis sammendrag

  In this paper we analyze security and privacy aspects of the cloud. We take a long-term view since the scope of privacy is potentially the lifetime of the privacy subject. We investigate trust issues and privacy aspects for cloud service users, using subjective logic as a primary tool. We also present promising solution for credible privacy in a cloud environment.

• Zheng, Xianghan & Oleshchuk, Vladimir (2011). Trust enhancement of P2PSIP communication systems. International Journal of Internet Technology and Secured Transactions. ISSN 1748-569X. 3(2), s. 121–133. doi: 10.1504/IJITST.2011.039773. Vis sammendrag

  Today, peer-to-peer (P2P) session initiation protocol (SIP)-based communication systems have attracted much attention from both academia and industry. The decentralised nature of P2P might provide the distributed P2P communication system without help of the traditional SIP server. However, it comes to the cost of reduced trustworthiness and may cause security problems, e.g., privacy leaks, unpredictable availability, etc. In this paper, we investigate P2PSIP security issues and propose a subjective logic-based trust model that offers trust-based security services during P2PSIP session establishment. The main issues considered in this model include opinion calculation, opinion maintenance, data confidentiality and integrity, message routing, and NAT traversal. After that we implement a typical use scenario to show how our model is utilised to offer the trusted session initiation service and protection from malicious or faulty intermediate peers. In the example presented in the paper we use chord as the P2PSIP overlay. However, the system is independent of the chord overlay and is extendable to the other distributed hash table (DHT) technologies.

• Klyuev, Vitaly & Oleshchuk, Vladimir (2011). Semantic retrieval: an approach to representing, searching and summarising text documents. International Journal of Information Technology, Communications and Convergence. ISSN 2042-3217. 1(2), s. 221–234. doi: 10.1504/IJITCC.2011.039287. Vis sammendrag

  Nowadays, the internet is the major source of information for millions of people. There are many search tools available on the net but finding appropriate text information is still difficult. The retrieval efficiency of the presently used systems cannot be significantly improved: 'bag of words' interpretation causes losing semantics of texts. We applied the functional approach to represent English text documents. It allows taking into account semantic relations between words when indexing documents and use ordinary English sentences as queries to a search engine. The proposed retrieval mechanisms return only highly relevant documents. They make it possible to generate content-aware summaries on-the-fly. The presented examples illustrate the advantage of the discussed approach compared to the traditional key word search.

• Fensli, Rune Werner; Oleshchuk, Vladimir; O’Donoghue, John & O’Reilly, Philip (2011). Design Requirements for a Patient Administered Personal Electronic Health Record. I Laskovski, Anthony N. (Red.), Biomedical Engineering Trends in electronics, communications and software. IntechOpen. ISSN 978-953-307-475-7. s. 565–588. doi: 10.5772/12948.
• Yi, Ren; Oleshchuk, Vladimir; Li, Frank Yong & Sulistyo, Selo (2011). SCARKER: A sensor capture resistance and key refreshing scheme for mobile WSNs. I Pfeifer, Tom; Jayasumana, Anura & Aschenbruck, Nils (Red.), Proceedings of the 36th Annual IEEE Conference on Local Computer Networks (LCN 2011). IEEE conference proceedings. ISSN 978-1-61284-928-7. s. 271–274. Vis sammendrag

  How to discover a captured node and to resist node capture attack is a challenging task in Wireless Sensor Networks (WSNs). In this paper, we propose a node capture resistance and key refreshing scheme for mobile WSNs which is based on the Chinese remainder theorem. The scheme is able of providing forward secrecy, backward secrecy and collusion resistance for diminishing the effects of capture attacks. By implementing our scheme on a Sun SPOT based sensor network testbed, we demonstrate that the time for updating a new group key varies from 56 ms to 546 ms and the energy consumption is limited to 16.5 - 225 mJ, depending on the length of secret keys and the number of sensors in a group.

• Yi, Ren; Oleshchuk, Vladimir; Li, Frank Yong & Ge, Xiaohu (2011). Security in Mobile Wireless Sensor Networks - A Survey. Journal of Communications. ISSN 1796-2021. 6(2), s. 128–142. doi: 10.4304/jcm.6.2.128-142.
• Ulltveit-Moe, Nils & Oleshchuk, Vladimir (2011). A Composite Privacy Leakage Indicator. Wireless Personal Communications. ISSN 0929-6212. 61(3), s. 511–526. doi: 10.1007/s11277-011-0383-7. Vis sammendrag

  This paper proposes a Subjective Logic based composite privacy leakage metric that both takes into account the amount of information leakage and also that information with high entropy in some cases may be considered encrypted. It is furthermore shown both analytically and experimentally that Min-entropy is considered better than Shannon, Rényi or Max entropy for identifying encrypted content for the composite metric. This is in particular useful for implementing privacy-enhanced Intrusion Detection Systems (IDS), where sampled encrypted traffic can be considered to have low risk of revealing sensitive information. The combined metric can be used in a Policy Enforcement Point that acts as a proxy/anonymiser in order to to reduce the leakage of private or sensitive information from the IDS sensors to an outsourced Managed Security Service provider. Although the composite privacy indicator is IDS specific, the authorisation architecture is general, and may also be useful for anonymising or pseusonymising sensitive information from or to other types of sensors that need to be exposed to the Internet. The solution is based on the eXtensible Access Control Markup Language policy language extended with support for Subjective Logic, in order to provide a method for expressing fine-grained access control policies that are based on uncertain evidences.

• Oleshchuk, Vladimir & Fensli, Rune (2011). Remote Patient Monitoring Within a Future 5G Infrastructure. Wireless Personal Communications. ISSN 0929-6212. 57(3), s. 431–439. doi: 10.1007/s11277-010-0078-5. Vis sammendrag

  Systems of wearable or implantable medical devices (IMD), sensor systems for monitoring and transmitting physiological recorded signals, will in future health care services be used for purposes of remote monitoring. Today, there exist several constraints, probably preventing the adoption of such services in clinical routinework.Within a future 5G infrastructure, new possibilities will be available due to improved addressing solutions and extended security services in addition to higher bandwidth in the wireless communication link. Thus 5G solutions can represent a paradigm shift regarding remote patient?s monitoring and tracking possibilities, with enhancement in transmitting information between patients and health care services. Some aspects of new possibilities are highlighted in describing a realistic scenario within a future 5G framework.

• Oleshchuk, Vladimir & Køien, Geir M. (2011). Access Security and Personal Privacy in Public Cellular Communication Systems: The Past, the Present and Beyond 2020. I Kruys, Jan & Qian, Luke (Red.), Globalisation of Mobile and Wireless Communications. Springer Science+Business Media B.V.. ISSN 9789400701069. s. 71–89. doi: 10.1007/978-94-007-0107-6_6. Vis sammendrag

  In order to predict the future one needs to understand the past and then interpolate as best as possible. We expect this to work reasonably well for a ?2020 Scenario?, but we do not expect this approach to be valid for a ?Beyond 2020? scenario

• Ulltveit-Moe, Nils; Oleshchuk, Vladimir A & Køien, Geir M. (2011). Location-Aware Mobile Intrusion Detection with Enhanced Privacy in a 5G Context. Wireless Personal Communications. ISSN 0929-6212. 57(3), s. 317–338. doi: 10.1007/s11277-010-0069-6. Vis sammendrag

  The paper proposes a location-aware mobile Intrusion Prevention System (mIPS) architecture with enhanced privacy that is integrated in Managed Security Service (MSS). The solution is envisaged in a future fifth generation telecommunications (5G) context with increased but varying bandwidth, a virtualised execution environment and infrastructure that allows threads, processes, virtual machines and storage to be migrated to cloud computing services on demand, to dynamically scale performance and save power. 5G mobile devices will be attractive targets for malicious software, and this threat will in some cases change with location. Mobile devices will store more sensitive information and will also be used to a larger extent for sensitive transactions than they typically do today. In addition, a distributed execution environment in itself gives raise to some new security challenges. In order to handle these security challenges, we have proposed the location-aware mIPS architecture, which benefits from a distributed execution environment where processor intensive services can be outsourced to Cloud hosting providers. The mIPS supports querying location threat profiles in a privacy-preserving way, and ensures that mIPS alerts sent to the the first-line MSS are anonymised. We finally perform an analysis of potential strengths and weaknesses of the proposed approach.

• Ulltveit-Moe, Nils & Oleshchuk, Vladimir (2010). PRIvacy LEakage Methodology (PRILE) for IDS Rules. IFIP Advances in Information and Communication Technology. ISSN 1868-4238. 320, s. 213–225. doi: 10.1007/978-3-642-14282-6_17.
• Ren, Y.; Oleshchuk, Vladimir & Li, Frank Yong (2010). A Scheme for Secure and Reliable Distributed Data Storage in Unattended WSNs. GLOBECOM - conference record / IEEE Global Telecommunications Conference. ISSN 0895-1195.
• Yi, Ren; Oleshchuk, Vladimir & Li, Frank Yong (2010). An efficient Chinese remainder theorem based node capture resilience scheme for Mobile WSNs. I Zhou, Mengqi (Red.), 2010 IEEE International Conference on Information Theory and Information Security (ICITIS). IEEE conference proceedings. ISSN 978-1-4244-6942-0. s. 689–-. Vis sammendrag

  Node capture attack is a critical issue in Mobile WSNs where attacker-controlled replicas may act maliciously. In this paper, we present a novel Chinese remainder theorem based node capture resilience scheme that can be utilized to discover and revoke captured nodes. Moreover, our scheme can limit the ability of captured nodes to further compromise forward security, backward security, and launch collusion attacks. Detailed analysis shows that our scheme indeed achieves the expected design goals.

• Michalas, Antonis; Komninos, Nikos; Prasad, Neeli R. & Oleshchuk, Vladimir (2010). New client puzzle approach for DoS resistance in ad hoc Networks. I Zhou, Mengqi (Red.), 2010 IEEE International Conference on Information Theory and Information Security (ICITIS). IEEE conference proceedings. ISSN 978-1-4244-6942-0. s. 568 –-. Vis sammendrag

  In this paper we propose a new client puzzle approach to prevent Denial of Service (DoS) attacks in ad hoc networks. Each node in the network first solves a computational problem and with the solution has to create and solve a client puzzle. By combining computational problems with puzzles, we improve the efficiency and latency of the communicating nodes and resistance in DoS attacks. Experimental results show the effectiveness of our approach

• Yi, Ren; Oleshchuk, Vladimir & Li, Frank Yong (2010). A Scheme for Secure and Reliable Distributed Data Storage in Unattended WSNs. I IEEE, GLOBECOM (Red.), GLOBECOM 2010, 2010 IEEE Global Telecommunications Conference. IEEE conference proceedings. ISSN 978-1-4244-5636-9. Vis sammendrag

  Unattended Wireless Sensor Networks (UWSNs) operated in hostile environments face a risk on data security due to the absence of real-time communication between sensors and sinks, which imposes sensors to accumulate data till the next visit of a mobile sink to off-load the data. Thus, how to ensure forward secrecy, backward secrecy and reliability of the accumulated data is a great challenge. For example, if a sensor is compromised, pre-compromise data accumulated in the sensor is exposed to access. In addition, by holding key secrecy of the compromised sensor, attackers also can learn post-compromise data in the sensor. Furthermore, in practical UWSNs, once sensors stop working for accidents due to node crash or battery depletion, all the data accumulated will be lost. To address the challenges, we propose a secure and reliable data distribution scheme in this paper. Detailed analysis shows that our scheme can provide forward secrecy, probabilistic backward secrecy and data reliability. To further improve probabilistic backward secrecy and data reliability, a constrained optimization data distribution scheme is proposed. Detailed analysis and simulation results show the superiority of the proposed scheme in comparison with several previous approaches developed for UWSNs.

• Ulltveit-Moe, Nils & Oleshchuk, Vladimir (2010). Privacy Violation Classification of Snort Ruleset, Parallel, Distributed and Network-Based Processing (PDP), 2010 18th Euromicro International Conference on. IEEE conference proceedings. ISSN 978-1-4244-5672-7. s. 654–658. Vis sammendrag

  It is important to analyse the privacy impact of Intrusion Detection System (IDS) rules, in order to understand and quantify the privacy-invasiveness of network monitoring services. The objective in this paper is to classify Snort rules according to the risk of privacy violations in the form of leaking sensitive or confidential material. The classification is based on a ruleset that formerly has been manually categorised according to our PRIvacy LEakage (PRILE) methodology. Such information can be useful both for privacy impact assessments and automated tests for detecting privacy violations. Information about potentially privacy violating rules can subsequently be used to tune the IDS rule sets, with the objective to minimise the expected amount of data privacy violations during normal operation. The paper suggests some classification tasks that can be useful both to improve the PRILE methodology and for privacy violation evaluation tools. Finally, two selected classification tasks are analysed by using a Nai¿ve Bayes classifier

• Klyuev, Vitaly & Oleshchuk, Vladimir (2010). A Novel Approach to Improve the Accuracy of Web Retrieval, Future Information Technology (FutureTech), 2010 5th International Conference on. IEEE conference proceedings. ISSN 978-1-4244-6948-2. Vis sammendrag

  General purpose search engines utilize a very simple view on text documents: They consider them as bags of words. It results that after indexing, the semantics of documents is lost. In this paper, we introduce a novel approach to improve the accuracy of Web retrieval. We utilize the WordNet and WordNet SenseRelate All Words Software as main tools to preserve the semantics of the sentences of documents and user queries. Nouns and verbs in the WordNet are organized in the tree hierarchies. The word meanings are presented by numbers that reference to the nodes on the semantic tree. The meaning of each word in the sentence is calculated when the sentence is analyzed. The goal is to put each noun and verb of the sentence on the right place on the tree. Taking this information into account, it is possible to solve the ambiguity problem for the query keywords and create the indicative summaries taking into account query words, and semantically related hypernyms and synonyms.

• Oleshchuk, Vladimir & Eskeland, Sigurd (2010). Secure group communication using fractional public keys. I IEEE, Org. (Red.), Proceedings of the Fifth International Conference on Availability, Reliability, and Security (ARES 2010). IEEE conference proceedings. ISSN 978-1-4244-5879-0. s. 254–257. Vis sammendrag

  In this paper, we present the novel concept of fractional public keys and an efficient zero-round multi-party Diffie-Hellman key agreement scheme that is based on fractional public keys. Shared group keys are computed highly efficiently by using the fractional public keys of multiple participants as exponents. The scheme provides therefore an efficient and elegant way of multi-party key agreement without key establishment data transmissions. The presented cryptographic scheme is collusion resistant to any number of users.

Se alle arbeider i Cristin

• Eikebrokk, Tom Roar; Moe, Carl Erik & Oleshchuk, Vladimir (2023). Proceedings of the 34th Norwegian ICT conference for research and education – NIKT 2022. OpenProceedings. ISBN 978-3-16-148410-0. 12 s.
• Køien, Geir Myrdahl & Oleshchuk, Vladimir (2013). Aspects of Personal Privacy in Communications: Problems, Technology and Solutions. River Publishers. ISBN 9788792982087. 265 s. Vis sammendrag

  The modern society is rapidly becoming a fully digital society. This has many benefits, but unfortunately it also means that personal privacy is threatened. The threat does not so much come from a 1984 style Big Brother, but rather from a set of smaller big brothers. The small big brothers are companies that we interact with; they are public services and institutions. Many of these little big brothers are indeed also being invited to our private data by ourselves. Privacy as a subject can be problematic. At the extreme it is personal freedom against safety and security. We shall not take a political stand on personal privacy and what level of personal freedom and privacy is the correct one. Aspects of Personal Privacy in Communications is mostly about understanding what privacy is and some of the technologies may help us to regain a bit of privacy. We discuss what privacy is about, what the different aspects of privacy may be and why privacy needs to be there by default. There are boundaries between personal privacy and societal requirements, and inevitably society will set limits to our privacy (Lawful Interception, etc.). There are technologies that are specifically designed to help us regain some digital privacy. These are commonly known as Privacy Enhancing Technologies (PETs). We investigate some these PETs including MIX networks, Onion Routing and various privacy-preserving methods. Other aspects include identity and location privacy in cellular systems, privacy in RFID, Internet-of-Things (IoT) and sensor networks amongst others. Some aspects of cloud systems are also covered.

• Rong, Chunming & Oleshchuk, Vladimir (2013). Proceeding of Norwegian Information Security Conference / Norsk informasjonssikkerhetskonferanse - NISK 2013 - Stavanger, 18th-20th November 2013. Akademika forlag. ISBN 978-82-321-0366-9. 133 s.
• Oleshchuk, Vladimir (2012). Norwegian Information Security Conference Norsk Informasjonssikkerhetskonferanse, NISK 2012; University of Nordland, Bodø; 19-21 November 2012. Akademika forlag. ISBN 978-82-321-0012-5.

Se alle arbeider i Cristin

• Oleshchuk, Vladimir (2017). Access Control for Cyber-Physical Systems.
• Oleshchuk, Vladimir (2017). Trust-Aware Security for Disruption-Tolerant Networks.
• Oleshchuk, Vladimir (2017). Security, privacy and trust in e-health systems: challenges and solutions}.
• Trajcevski, Goce & Oleshchuk, Vladimir (2015). Message from the Advanced Seminar Co-chairs MDM 2015. I Jensen, Christian S.; Xing, Xie & Zadorozhny, Vladimir I. (Red.), 16th IEEE International Conference on Mobile Data Management (MDM), 2015. IEEE conference proceedings. ISSN 978-1-4799-9972-9. doi: 10.1109/MDM.2015.99.
• Oleshchuk, Vladimir (2015). Attribute-based access control: security and privacy.
• Oleshchuk, Vladimir (2015). Attribute-based access control.
• Oleshchuk, Vladimir (2015). HBC: Security , Privacy and Trust.
• Oleshchuk, Vladimir (2015). Preface. Norsk Informasjonssikkerhetskonferanse (NISK). ISSN 1893-6563. 8(1), s. 1–1.
• Oleshchuk, Vladimir (2014). Security and Privacy in Wireless Sensor Networks.
• Twayigira, Joseph & Oleshchuk, Vladimir (2014). User authentication in mobile cloud-based crisis and emergency management.
• Oleshchuk, Vladimir (2012). Cyber Security and Privacy.
• Oleshchuk, Vladimir (2012). Privacy-preserving technologies.
• Oleshchuk, Vladimir (2011). Security in 4G.
• Oleshchuk, Vladimir (2011). Security protocols.
• Oleshchuk, Vladimir (2011). RBAC and its applications.
• Oleshchuk, Vladimir (2011). RBAC and mobility.
• Oleshchuk, Vladimir (2011). Trust and Security in Wireless Sensor Networks.
• Oleshchuk, Vladimir (2011). LTE security.
• Oleshchuk, Vladimir (2011). Secure and privacy preserving pattern matching in distributed cloud-based data storage.
• Oleshchuk, Vladimir (2011). RBAC in mobile context.
• Smaradottir, Berglind; Fensli, Rune Werner & Oleshchuk, Vladimir (2016). User-centred Design and Evaluation of Health Information Technology : Doctoral Dissertation for the Degree Philosophiae Doctor (PhD) in Information and Communication Technology. Universitetet i Agder, Fakultet for teknologi og realfag. ISSN 978-82-7117-830-7. Fulltekst i vitenarkiv Vis sammendrag

  Health information technologies play an important role in exchange of information and coordination of continuity of care in health care services. This thesis explores the approach of user-centred design and evaluation in the development of health information technology, with the main research focus on end-user involvement. A study on user-centred design and evaluation in the externally funded research projects United4Health and eHealth- extended Care Coordination was conducted. In addition, the internal project Visually impaired users touching the screen - A user evaluation evaluated visually impaired users using mobile technology. In the EU project United4Health, a collaborative telemedicine system for remote monitoring of chronic obstructive pulmonary disease patients was developed. The regional project eHealth- extended Care Coordination addressed the information flow within inter-municipal health care teams to build a collaborative information system that facilitated coordination between municipalities. In both projects, end-users were involved in workshops in an early design phase and participated in usability evaluations during the iterative development. A mixed methods research approach including observations, semi-structured interviews and a questionnaire was used for data collection in the user-centred design process. The data analysis was based on a qualitative content analysis from a human-computer interaction perspective. This thesis also addresses the topic of the usability evaluation of health information technology from the perspective of the technical infrastructure necessary for optimisation of data collection and retrospective analysis of data. In this regard, a usability evaluation of a mobile touchscreen together with visually impaired users was made. The results from the user-centred design and evaluation research are presented in this dissertation through a collection of 9 scientific published papers in international peer-reviewed journals and conference proceedings. This study contributes to the knowledge of user-centred design in several ways. Firstly, this thesis provides an understanding on how to actively and efficiently involve users in design and development of health information technology by conducting empirical research. Secondly, it contributes to the knowledge on how to run usability evaluations of health information technology in high fidelity laboratory settings, health care environment and patients’ homes. Thirdly, it provides recommendations for a technical infrastructure in order to optimise the outcome of usability evaluations. The Norwegian Social Science Data Services approved the studies presented here.

• Robbersmyr, Kjell G.; Våge, Magne Mikal & Oleshchuk, Vladimir (2013). Patenter som innovasjonsindikatorer: Komparativ analyse av 3 ulike bransjer i 4 nordiske land i perioden 1996 til 2005. Universitetet i Agder. ISSN 978-82-7117-745-4. Vis sammendrag

  Ved bruk av patentdatabasen USPTO (US Patent & Trademark Office) som inneholder samtlige amerikanske patenter og mønsterbeskyttelser, er det utført en analyse med formål å sammenligne patenteringsaktivitet i Norge, Danmark, Sverige og Finland for følgende tre bransjer: Kuldeteknikk, Offshoreteknikk, og Telekommunikasjon. Målet med denne undersøkelsen er en studie av: • Indikatorer for teknologisk utvikling og innovasjon. • Patenter benyttet som innovasjonsindikatorer. • Patenteringsaktivitet i tre ulike bransjer/patentklasser i fire forskjellige land. Fra analysen kan følgende oppsummeres: • Bruk av Patentstatistikk, ved å telle antall patenter, benyttes for å vurdere omfanget av patenteringen. Metoden gir imidlertid ikke det rette bildet av nyskapningsaktiviteten, da noen patenter aldri realiseres og andre benyttes kun for å blokkere for nye patenter. • Ved å normalisere antall registrerte patenter årlig med hensyn til de respektive lands innbyggere, viser resultatene at i land med større befolkningsgrunnlag patenteres mer. • Ved å se på dynamikken av denne prosessen globalt over tid, vil det gi et reelt bilde av de mekanismer som kan påvirke patenteringen (oppgang eller nedgang i bransjen). • Bruk av Patentstatistikk ved å telle antall siteringer: Både alder og antall patenter påvirker resultatene kraftig, og eldre patenter har normalt flere siteringer enn yngre patenter. • Ved å telle antall siteringer pr. patent fjernes koplingen (til en viss grad), men fortsatt er eldre patenter sitert oftere enn nyere patenter. • Ved å ”normalisere” antall siteringer pr. år antydes hvor viktige snittet av patentene er. Antallet siteringer avtar med tiden (som forventet). • Når antall nyere patenter øker vil det kompensere for redusert antall siteringer for disse patentene. Hvis WPC indikatoren synker, kan dette forklares med at antall nye patenter ikke øker så veldig. • RTCA – indikatoren benyttes for å få økt forståelse for landets spesialisering, og dette var meget fremtredende i denne analysen.• Lineær regresjonsanalyse benyttes for å vise snittet av antall siteringer av alle patenter, og kan gi svar på i hvilken grad det ene landets patenter siteres oftere enn patenter fra de øvrige land. Metoden gir også svar på om det ene landets patenter er ”bedre” enn det andre landets patenter. Videre trekkes følgende konklusjon: • Ved å knytte de analyserte bransjene mot de analyserte land ble følgende klart: I Norge er det olje- og gassbransjen med offshore utstyrsproduksjon som er størst, i Sverige og i Finland – telekommunikasjon og i Danmark - kuldeautomatikk.

• Ulltveit-Moe, Nils & Oleshchuk, Vladimir (2013). Measuring privacy leakage for IDS rules. eprint arXiv:1308.5421. Vis sammendrag

  This paper proposes a measurement approach for estimating the privacy leakage from Intrusion Detection System (IDS) alarms. Quantitative information flow analysis is used to build a theoretical model of privacy leakage from IDS rules, based on information entropy. This theoretical model is subsequently verified empirically both based on simulations and in an experimental study. The analysis shows that the metric is able to distinguish between IDS rules that have no or low expected privacy leakage and IDS rules with a significant risk of leaking sensitive information, for example on user behaviour. The analysis is based on measurements of number of IDS alarms, data length and data entropy for relevant parts of IDS rules (for example payload). This is a promising approach that opens up for privacy benchmarking of Managed Security Service providers.

• Pelechrinis, Konstantinos; Zadorozhny, Vladimir & Oleshchuk, Vladimir (2011). Automatic Evaluation of Information Provider Reliability and Expertise. SIS-2011-04-TELE-001-Technical report. School of Information Sciences, University of Pittsburgh. Vis sammendrag

  Q&A social media have gained a lot of attention during the recent years. People rely on these sites to obtain information due to a number of advantages they offer as compared to conventional sources of knowledge (e.g., asynchronous and convenient access). However, for the same question one may find highly contradicting answers, causing an ambiguity with respect to the correct information. This can be attributed to the presence of unreliable and/or non-expert users, since these two attributes (reliability and expertise) are two significantly affect the quality of the answer/information provided. We propose a novel approach for estimating these user’s characteristics relying on human cognitive traits. In brief, we propose monitoring the activity of the participants and observe their compliance with predefined cognitive models. To the best of our knowledge this is the first study of this kind in the context of Q&A social networks (SN). We utilize a view of OSN as a distributed database that performs continuous data aggregation for users expertise and reliability assesment. We examine the convergence performance of our algorithm and we find that it can accurately assess the reliability and the expertise of a user and can successfully react to the latter’s behavior change. Using subjective logic these local assessments can be fused to obtain a reliability and expertise consensus for every other user of the SN. Our proposed approach is highly distributed; each user can individually estimate the expertise and the reliability of its peers using its direct interactions with them and our framework.

Se alle arbeider i Cristin