Biblio

Today the mobile devices are more and more present in our lives, and the mobile applications market has experienced a sharp growth. Most of these applications are made to make our daily lives easier, and for this a large part of them consume various web services. Given this transition, from desktop and web applications to mobile applications, many critical services have begun to expose their APIs for use by such application clients. Unfortunately, this transition has paved the way for new vulnerabilities, vulnerabilities used to compress cloud services. In this article we analyzed the main security problems and how they can be solved using the attestation services, the services that indicate that the device running the application and the client application are genuine.

The Representational State Transfer (REST) is a distributed application architecture style which adopted on providing various network services. The identity authentication protocol Kerberos has been used to guarantee the security identity authentication of many service platforms. However, the deployment of Kerberos protocol is limited by the defects such as password guessing attacks, data tampering, and replay attacks. In this paper, an optimized Kerberos protocol is proposed and applied in a REST-style Cloud Storage Architecture. Firstly, we propose a Lately Used Newly (LUN) key replacement method to resist the password guessing attacks in Kerberos protocol. Secondly, we propose a formatted signature algorithm and a combination of signature string and time stamp method to cope with the problems of tampering and replay attacks which in deploying Kerberos. Finally, we build a security protection module using the optimized Kerberos protocol to guarantee a secure identity authentication and the reliable data communication between the client and the server. Analyses show that the module significantly improves the security of Kerberos protocol in REST-style cloud storage services.

ARGOS is a web service we implemented to offer face recognition Authentication Services (AaaS) to mobile and desktop (via the web browser) end users. The Authentication Services may be used by 3rd party service organizations to enhance their service offering to their customers. ARGOS implements a secure face recognition-based authentication service aiming to provide simple and intuitive tools for 3rd party service providers (like PayPal, banks, e-commerce etc) to replace passwords with face biometrics. It supports authentication from any device with 2D or 3D frontal facing camera (mobile phones, laptops, tablets etc.) and almost any operating systems (iOS, Android, Windows and Linux Ubuntu).

Web application technologies are growing rapidly with continuous innovation and improvements. This paper focuses on the popular Spring Boot [1] java-based framework for building web and enterprise applications and how it provides the flexibility for service-oriented architecture (SOA). One challenge with any Spring-based applications is its level of complexity with configurations. Spring Boot makes it easy to create and deploy stand-alone, production-grade Spring applications with very little Spring configuration. Example, if we consider Spring Model-View-Controller (MVC) framework [2], we need to configure dispatcher servlet, web jars, a view resolver, and component scan among other things. To solve this, Spring Boot provides several Auto Configuration options to setup the application with any needed dependencies. Another challenge is to identify the framework dependencies and associated library versions required to develop a web application. Spring Boot offers simpler dependency management by using a comprehensive, but flexible, framework and the associated libraries in one single dependency, which provides all the Spring related technology that you need for starter projects as compared to CRUD web applications. This framework provides a range of additional features that are common across many projects such as embedded server, security, metrics, health checks, and externalized configuration. Web applications are generally packaged as war and deployed to a web server, but Spring Boot application can be packaged either as war or jar file, which allows to run the application without the need to install and/or configure on the application server. In this paper, we discuss how Atmospheric Radiation Measurement (ARM) Data Center (ADC) at Oak Ridge National Laboratory, is using Spring Boot to create a SOA based REST [4] service API, that bridges the gap between frontend user interfaces and backend database. Using this REST service API, ARM scientists are now able to submit reports via a user form or a command line interface, which captures the same data quality or other important information about ARM data.

The Agave Platform first appeared in 2011 as a pilot project for the iPlant Collaborative [11]. In its first two years, Foundation saw over 40% growth per month, supporting 1000+ clients, 600+ applications, 4 HPC systems at 3 centers across the US. It also gained users outside of plant biology. To better serve the needs of the general open science community, we rewrote Foundation as a scalable, cloud native application and named it the Agave Platform. In this paper we present the Agave Platform, a Science-as-a-Service (ScaaS) platform for reproducible science. We provide a brief history and technical overview of the project, and highlight three case studies leveraging the platform to create synergistic value for their users.

Companies want to offer chat bots to their customers and employees which can answer questions, enable self-service, and showcase their products and services. Implementing and maintaining chat bots by hand costs time and money. Companies typically have web APIs for their services, which are often documented with an API specification. This paper presents a compiler that takes a web API specification written in Swagger and automatically generates a chat bot that helps the user make API calls. The generated bot is self-documenting, using descriptions from the API specification to answer help requests. Unfortunately, Swagger specifications are not always good enough to generate high-quality chat bots. This paper addresses this problem via a novel in-dialogue curation approach: the power user can improve the generated chat bot by interacting with it. The result is then saved back as an API specification. This paper reports on the design and implementation of the chat bot compiler, the in-dialogue curation, and working case studies.

Fast Health Interoperability Services (FHIR) is the most recent in the line of standards for healthcare resources. FHIR represents different types of medical artifacts as resources and also provides recommendations for their authorized disclosure using web-based protocols including O-Auth and OpenId Connect and also defines security labels. In most cases, Role Based Access Control (RBAC) is used to secure access to FHIR resources. We provide an alternative approach based on Attribute Based Access Control (ABAC) that allows attributes of subjects and objects to take part in authorization decision. Our system allows various stakeholders to define policies governing the release of healthcare data. It also authenticates the end user requesting access. Our system acts as a middle-layer between the end-user and the FHIR server. Our system provides efficient release of individual and batch resources both during normal operations and also during emergencies. We also provide an implementation that demonstrates the feasibility of our approach.

We demonstrate the infrastructure used in the TREC 2015 Total Recall track to facilitate controlled simulation of "assessor in the loop" high-recall retrieval experimentation. The implementation and corresponding design decisions are presented for this platform. This includes the necessary considerations to ensure that experiments are privacy-preserving when using test collections that cannot be distributed. Furthermore, we describe the use of virtual machines as a means of system submission in order to to promote replicable experiments while also ensuring the security of system developers and data providers.