A Dynamic Context-Aware and Role-Capability Based Access Control Mechanism for Internet of Things
Krishnasrija R., Mandal A.K., Halder R., Cortesi A.
Article, Journal of Network and Systems Management, 2026, DOI Link
View abstract ⏷
The Internet of Things (IoT) presents distinct challenges for access control due to its dynamic, heterogeneous, and evolving nature, which existing mechanisms often struggle to address. To overcome these challenges, this paper proposes a novel context-aware role-capability based access control (CRCBAC) system which effectively handles key issues such as dynamic adaptation, capability delegation, context awareness, scalability, and security. At its core, CRCBAC utilizes a structured role capability tree (RCT) to ensure secure capability propagation and management across roles, resolving conflicts through a priority system. Additionally, we design a set of protocols leveraging RCT-operations to securely evaluate access requests, as well as to create, transfer, and revoke capabilities. These protocols are validated through formal analysis using BAN logic and Scyther-based attack simulation, demonstrating CRCBAC’s robustness in ensuring both confidentiality and integrity. Experimental evaluation confirms CRCBAC’s superior scalability and efficiency, achieving up to lower response times and 4.6 times higher throughput compared to state-of-the-art approaches. The capability delegation mechanism consistently maintains response times below 3 ms, even as user capabilities scale, while also reducing energy consumption by compared to state-of-the-art approach, making CRCBAC particularly well-suited for energy-constrained IoT environments.
Enhancing Deep Learning Model Privacy Against Membership Inference Attacks Using Privacy-Preserving Oversampling
Article, SN Computer Science, 2025, DOI Link
View abstract ⏷
The overfitting of deep learning models trained using moderately imbalanced datasets is the main factor in increasing the success rate of membership inference attacks. While many oversampling methods have been designed to minimize the data imbalance, only a few defend the deep neural network models against membership inference attacks. We introduce the privacy preserving synthetic minority oversampling technique (PP-SMOTE), that applies privacy preservation mechanisms during data preprocessing rather than the model training phase. The PP-SMOTE oversampling method adds Laplace noise to generate the synthetic data points of minority classes by considering the L1 sensitivity of the dataset. The PP-SMOTE oversampling method demonstrates lower vulnerability to membership inference attacks than the DNN model trained on datasets oversampled by GAN and SVMSMOTE. The PP-SMOTE oversampling method helps retain more model accuracy and lower membership inference attack accuracy compared to the differential privacy mechanisms such as DP-SGD, and DP-GAN. Experimental results showcase that PP-SMOTE effectively mitigates membership inference attack accuracy to approximately below 0.60 while preserving high model accuracy in terms of AUC score approximately above 0.90. Additionally, the broader confidence score distribution achieved by the PP-SMOTE significantly enhances both model accuracy and mitigation of membership inference attacks (MIA). This is confirmed by the loss-epoch curve which shows stable convergence and minimal overfitting during training. Also, the higher variance in confidence scores complicates efforts of attackers to distinguish training data thereby reducing the risk of MIA.
Trust based access control in IoT network
Krishnasrija R., Sankati S., Popuri L.S., Chava N., Mandal A.K.
Book chapter, Swarm Intelligence: Theory and Applications in Fog Computing, Beyond 5G Networks, and Information Security, 2025, DOI Link
Leveraging machine learning for proactive detection and mitigation of Android RAT
Ghosh S., Ponduru J., Thatikonda M., Mandal A.K.
Article, Innovations in Systems and Software Engineering, 2025, DOI Link
View abstract ⏷
Remote Access Trojans (RATs) have gathered reasonable attention in the evolving realm of cybersecurity due to their stealthy characteristics and the capacity to cause significant privacy and security infringements. This research explores proactive security methods using machine learning against Android RAT attacks by investigating the network behavior based analysis method to build a reliable RAT detection system. The system can deep inspect network traffic and classify Android RAT traffic using the ensemble learning methods. Eight different types of RAT traffic data are included in the training dataset to train various machine learning models. Experiments in the research show that the ensemble learning models have high accuracy in discriminating the RAT traffic from benign traffic with a AUC score of 0.99. The study contributes novel data pre-processing technique, identification of key features for detecting RAT vulnerability, and an ensemble learning based approach for autonomous RAT detection.
Blockchain-based dynamic MUD profiles for tamper-proof IoT access control
Article, Journal of Information Security and Applications, 2025, DOI Link
View abstract ⏷
The Internet of Things (IoT) has revolutionized various industries by enabling data exchange between different devices across various domains such as smart cities, healthcare, industrial automation etc. However, managing access control with growing number of IoT devices brings major security challenges. Traditional access control mechanisms such as Role-Based Access Control(RBAC) and Attribute-Based Access Control(ABAC) become very complex and computationally expansive for the large scale iot networks. Besides these, Manufacturer Usage Description (MUD) based mechanism empowers networks to restrict IoT devices to communicate only with authorized endpoints, ensuring that each device sends and receives only the intended traffic while preventing unauthorized access or data transmission. However, the static MUD profiles provided by manufacturers are not adaptable to dynamic IoT environments, where devices frequently join, leave, or change behavior. Additionally, manually creating and updating MUD profiles may not be possible and prone to errors for dynamic and large scale IoT network. To address these limitations, this paper proposes an automated framework for generating and enforcing MUD profiles based on network behavior. The framework leverages the MUD specification by analyzing network traffic and extracting the most relevant features using mutual information (MI) scores. These features, which correlate strongly with device behavior, are then used in association rule mining (ARM) to generate refined access control rules. The rules are verified and integrated into the MUD profiles, ensuring automated policy enforcement. Furthermore, the MUD profiles are stored in a tamper-resistant manner using IPFS (InterPlanetary File System), preventing them from unauthorized modifications. The framework also utilizes smart contracts on a blockchain to verify and enforce security policies. The approach improves security by allowing only intended device interactions while denying abnormal traffic, and enhances performance through efficient rule generation and enforcement. The results demonstrate that the use of ARM with MI scores improves rule quality, reduces complexity, and facilitates faster, more reliable network operations in dynamic IoT environments.
Dynamic provisioning of devices in microservices-based IoT applications using context-aware reinforcement learning
Article, Innovations in Systems and Software Engineering, 2025, DOI Link
View abstract ⏷
The increasing number and diversity of connected devices in IoT applications make them dynamic and unpredictable. The presence of new devices and the removal of existing ones may lead to variations in device availability and characteristics. Due to the heterogenity of resources, requirements of users become more dynamic and the provisioning of resources also becomes challenging. Especially in microservice-based IoT applications, systems are highly distributed and heterogeneous, consisting of a wide variety of devices and services with differing capabilities and requirements. Static resource allocation approaches, which allocate resources based on predefined rules or fixed configurations, may not able to adapt to these dynamic changes. Conventional static resource allocation approaches are inadequate for large-scale IoT systems due to lack context awareness. This paper presents an approach that integrates context-awareness for dynamic resource provisioning using reinforcement learning in microservice-based IoT systems. The system optimize resource allocation strategies by considering contextual factors such as device properties, functionalities, environmental conditions, and user requirements. Integrating reinforcement learning allows the framework to constantly learn and adjust its resource provisioning methods, resulting in better performance and resource reuse. The experimental analysis demonstrates the effectiveness of the framework in optimizing resource utilization, improving system efficiency, and enhancing overall performance. The study highlights the potential of machine learning mechanisms to further optimize resource utilization and emphasizes the importance of future research to analyze the scalability, robustness, and overall performance of context-aware resource provisioning.
Applications and formulation of bio-ink in the development of tissue scaffold: A review
Book chapter, Bioimplants Manufacturing: Fundamentals and Advances, 2024, DOI Link
View abstract ⏷
Three-dimensional (3D) bioprinting technology enables the fabrication of porous structures with complicated and variable geometries, allowing for the equitable distribution of cells and the regulated release of signalling components, which distinguishes it from traditional tissue scaffolding approaches. In 3D bioprinting, various cell-laden materials, including organic and synthetic polymers, have been used to create scaffolding systems and extracellular matrix (ECM) for tissue engineering (TE). However, significant technological hurdles remain, including bio-ink composition, printability, customizing mechanical and biological characteristics in hydrogel implants, and cell behaviour guiding in biomaterials. This chapter investigates several methodologies for hydrogel-based bio-inks that can mimic the ECM environment of real bone tissue. The study also looks at the process factors of bio-ink formulations and printing, as well as the structural requirements and production methods of long-lasting hydrogel scaffolds. Finally, contemporary bioprinting techniques are discussed, and the chapter concludes with an overview of the existing obstacles and probable future prospects for smart hydrogel-based bio-inks/scaffolds in tissue regeneration.
Blockchain-Driven Trust Management for Social IoT: A Neural Network Approach
Krishnasrija R., Kumar L., Mandal A.K.
Conference paper, Proceedings - 2024 OITS International Conference on Information Technology, OCIT 2024, 2024, DOI Link
View abstract ⏷
The integration of social dynamics into the Internet of Things (IoT) networks, termed Social IoT (SIoT), presents a challenging task with regards to trust management due to the dynamic and socially influenced nature of the SIoT networks. Classical trust models struggle to adapt to the complex SIoT environments, leaving the possibility of malicious attacks. This paper proposes a framework for the SIoT ecosystem, taking advantage of blockchain technology and Neural Networks to enhance trustworthiness assessment to mitigate risks. The proposed framework leverages blockchain for secure data storage and transaction transparency to ensure the integrity of the information. Neural network algorithms like Recurrent Neural Networks (RNN) and Bidirectional Encoder Representations from Transformers (DistilBERT) are used to assess trust in real-time, taking into account evolving social interactions, leveraging the advantage provided by transfer learning. The simulation-based experiments are conducted to evaluate the efficiency of the proposed framework for detecting and mitigating malicious attacks in SIoT environments. Results demonstrate the robustness of the solution.
A lightweight mutual and transitive authentication mechanism for IoT network
Krishnasrija R., Mandal A.K., Cortesi A.
Article, Ad Hoc Networks, 2023, DOI Link
View abstract ⏷
IoT devices are typically authenticated directly by gateways present in the network. However, in large and complex IoT systems like the smart city or smart industry which consist of thousands of connected devices, it may not be always feasible to be directly connected to the gateway while it may be possible to be connected to another device. Therefore, already authenticated devices should facilitate the new device to get authenticated by the gateway. To address this issue, the existing protocols use multiple authentication protocols based on different cryptography techniques, which are difficult to implement and manage in resource constrained IoT devices. In this paper, we propose a Transitive device authentication protocol based on the Chebyshev polynomial. The transitive authentication protocol utilizes the session key established in the mutual authentication between the intermediate device and gateway. Both the mutual authentication and transitive authentication protocols are relying on the same preregistration and authentication mechanism. To ensure the security of the proposed authentication protocol, detailed security analysis is carried out, and the secure session key establishment is verified using the BAN logic. Moreover, the proposed protocol is tested against crucial attacks in the Scyther tool. These formal analyses and Scyther attack simulation show that the proposed protocol is capable of withstanding critical attacks. Finally, to verify the efficiency, the protocol implementation is experimentally compared with similar approaches studied in the literature. The results show that the proposed protocol offers better performance, providing significantly lower response time, handshake duration, memory utilization, and energy consumption.
A Feature-Weighted Clustering approach for Context Discovery and Selection of Devices in IoT
Conference paper, 2023 4th International Conference on Computing and Communication Systems, I3CS 2023, 2023, DOI Link
View abstract ⏷
Internet of Things (IoT) intended to connect various physical devices in multiple domains to offer high quality ondemand services. In this scope, identification of intended devices is remains a challenge because of heterogeneity and wide distribution. Context plays a significant role to enable provision of adequate services to the users based on their preferences. In addition, the context can help to adapt with the dynamic environment changes. Therefore, the aim of this paper is to address how the context can be discovered from IoT data, and its influence in recommending the IoT devices. For this, a weighted clustering mechanism is applied aiming to discover the informative contexts and recommended the devices to the user based on the context similarity. The proposed model is extensible, independent of domain and taking into account the constraints of the IoT like availability, applicability, etc. Further, this model is validated through a cross validation mechanism which shows accurate prediction of probable contexts.
Data Quality Driven Design Patterns for Internet of Things
Conference paper, Lecture Notes in Networks and Systems, 2023, DOI Link
View abstract ⏷
Many IoT applications are now using microservices design concepts and have developed as an emergent technology by leveraging containerization, modularity, autonomous deployment and loose coupling. The requirement of different software design patterns is essential to aid in the creation of scalable, interoperable and reusable solutions. In IoT systems and software development, several IoT patterns, such as IoT design patterns and IoT architectural patterns, have been studied. But, most of the studied design patterns are domain-specific, and they do not consider the impact of data quality in the design process. Also, in IoT environment data quality plays an important role while processing the data to produce accurate and timely decisions. Therefore, this paper presents a formal approach to incorporate the data quality dimensions in design patterns for the microservice based IoT applications. Here, data quality evaluation parameters are integrated with various microservice design patterns suitable to IoT applications such as event sourcing pattern, chained microservice pattern, API gateway pattern etc. to ensure the effective data communication and high-quality services provided by the IoT applications. Further, the proposed quality driven design patterns are systematically defined using Event-B language and validated through Rodin platform.
Microservice based scalable IoT architecture for device interoperability
Article, Computer Standards and Interfaces, 2023, DOI Link
View abstract ⏷
The Internet of Things (IoT) revolutionizes the technology landscape by enabling a wide spectrum of services and applications, characterized by a large number of devices, communication protocols, and data formats. Seamless integration among various IoT-enabled technologies is the most challenging task as the technical standards are disjoint. This often results in monolithic structures with very poor scalability. Further, data heterogeneity in IoT networks increases the measure of multidimensionality, which poses a critical challenge of sharing data with other business applications. Therefore, IoT-based solution requires an architectural framework supported by a large number of independent and specialized microservices towards providing sufficient scalability and interoperability. In this manuscript, a layered architectural framework is proposed where a novel device template concept is introduced to enable flexible and interoperable integration of microservices with IoT devices. The proposed model is formally validated using Event-B in the Rodin platform with the help of proof obligations. Again, a service aggregation algorithm is proposed to reduce the latency and increase the reuse of microservices. Further, the proposed architectural framework is implemented and compared with other similar frameworks. The experimental result shows that the proposed architectural framework enables enhanced interoperability, scalability, and reusability of IoT devices and microservices.
Secure and Lightweight Data Sharing Mechanism for Medical IoT
Yakkala T.S., Kumar Modekurty S.K., Boggarapu N., Mandal A.K.
Conference paper, Proceedings of the 2022 3rd International Conference on Intelligent Computing, Instrumentation and Control Technologies: Computational Intelligence for Smart Systems, ICICICT 2022, 2022, DOI Link
View abstract ⏷
The healthcare sector has engaged in substantial research in terms of technological advancement to provide patients with efficient and secure services. With the adaption of the internet of things (IoT) in the healthcare domain, remote patients are now able to share their health records with medical experts at distant locations, leading to more efficient and less expensive services. Given that data sharing over the internet entails the patients' privacy, therefore, it is necessary to ensure that data is transmitted securely so that an adversary cannot tamper with it. Again, as IoT devices are resource-constrained, therefore, it is very important to transmit the data in a lighter format. This paper presents a mechanism for the communication of data or images over the network in a secure and lighter format. The proposed mechanism is implemented on Modified Chebyshev Polynomial and suitable data and image compression techniques with minimum distortion.
An Event-B based Device Description Model in IoT with the Support of Multimodal System
Conference paper, Lecture Notes in Networks and Systems, 2022, DOI Link
View abstract ⏷
The Internet of Things (IoT) enables sophisticated smart technologies by analyzing various sensor data. Complexity of IoT devices is increasing rapidly as it getting intertwined in our daily lives with the usage of smart sensors, actuators, and other smart devices. This interconnected of smart devices often produces very complex datasets which enable multimodal services. Multimodality enables applications to combine and analyze the data of multiple literacies within one medium. Enabling an effective multimodal IoT network demands efficient data representation of various sensing and actuating devices. This work is focused on profiling the smart devices, i.e., resource description. It provides the device description, categorization of its properties, capabilities, and functionalities so that a suitable resource can be discovered effectively. A formal model of IoT has been presented to describe the resources with the support of multimodality. The model is described through the Event-B language, and the Rodin platform is used to find the correctness of the model.
Optimization strategies of human mobility during the COVID-19 pandemic: A review
Review, Mathematical Biosciences and Engineering, 2021, DOI Link
View abstract ⏷
The impact of the ongoing COVID-19 pandemic is being felt in all spheres of our lives – cutting across the boundaries of nation, wealth, religions or race. From the time of the first detection of infection among the public, the virus spread though almost all the countries in the world in a short period of time. With humans as the carrier of the virus, the spreading process necessarily depends on the their mobility after being infected. Not only in the primary spreading process, but also in the subsequent spreading of the mutant variants, human mobility plays a central role in the dynamics. Therefore, on one hand travel restrictions of varying degree were imposed and are still being imposed, by various countries both nationally and internationally. On the other hand, these restrictions have severe fall outs in businesses and livelihood in general. Therefore, it is an optimization process, exercised on a global scale, with multiple changing variables. Here we review the techniques and their effects on optimization or proposed optimizations of human mobility in different scales, carried out by data driven, machine learning and model approaches.
Parallel Minority Game and it’s application in movement optimization during an epidemic
Article, Physica A: Statistical Mechanics and its Applications, 2021, DOI Link
View abstract ⏷
We introduce a version of the Minority Game where the total number of available choices is D>2, but the agents only have two available choices to switch. For all agents at an instant in any given choice, therefore, the other choice is distributed between the remaining D−1 options. This brings in the added complexity in reaching a state with the maximum resource utilization, in the sense that the game is essentially a set of MG that are coupled and played in parallel. We show that a stochastic strategy, used in the MG, works well here too. We discuss the limits in which the model reduces to other known models. Finally, we study an application of the model in the context of population movement between various states within a country during an ongoing epidemic. we show that the total infected population in the country could be as low as that achieved with a complete stoppage of inter-region movements for a prolonged period, provided that the agents instead follow the above mentioned stochastic strategy for their movement decisions between their two choices. The objective for an agent is to stay in the lower infected state between their two choices. We further show that it is the agents moving once between any two states, following the stochastic strategy, who are less likely to be infected than those not having (or not opting for) such a movement choice, when the risk of getting infected during the travel is not considered. This shows the incentive for the moving agents to follow the stochastic strategy.
Static analysis for discovering IoT vulnerabilities
Ferrara P., Mandal A.K., Cortesi A., Spoto F.
Article, International Journal on Software Tools for Technology Transfer, 2021, DOI Link
View abstract ⏷
The Open Web Application Security Project (OWASP), released the “OWASP Top 10 Internet of Things 2018” list of the high-priority security vulnerabilities for IoT systems. The diversity of these vulnerabilities poses a great challenge toward development of a robust solution for their detection and mitigation. In this paper, we discuss the relationship between these vulnerabilities and the ones listed by OWASP Top 10 (focused on Web applications rather than IoT systems), how these vulnerabilities can actually be exploited, and in which cases static analysis can help in preventing them. Then, we present an extension of an industrial analyzer (Julia) that already covers five out of the top seven vulnerabilities of OWASP Top 10, and we discuss which IoT Top 10 vulnerabilities might be detected by the existing analyses or their extension. The experimental results present the application of some existing Julia’s analyses and their extension to IoT systems, showing its effectiveness of the analysis of some representative case studies.
Formal design model for service-oriented system: A conceptual perspective
Conference paper, International Journal of Business and Systems Research, 2020, DOI Link
View abstract ⏷
The numerous design specifications in the service-oriented architecture (SOA) standard space reflects knowledge captured from the various perspectives. However, most of these approaches merely exhibit any compliance with service design facets described in reference architectures. Moreover, majority of this approach lacks correspondence between the business process facets to service design facets and its real-world effects. This leads to semantic gap between services representation, its association with the business processes, and invocation of services to its real-world effects. In this paper a formal model of service-oriented system (SOS) is proposed. The SOS is divided into information model, process model and action model. The semantic relationship between these models helps in reducing the gap between the business processes and services, as well as services to its real-world effect. Further, the proposed service model facilitates flexible, reusable and scalable service composition and it follows the open reference standards of SOA.
Cross-program taint analysis for IoT systems
Mandal A., Ferrara P., Khlyebnikov Y., Cortesi A., Spoto F.
Conference paper, Proceedings of the ACM Symposium on Applied Computing, 2020, DOI Link
View abstract ⏷
Cross-program propagation of tainted data (such as sensitive information or user input) in an interactive IoT system is listed among the OWASP IoT top 10 most critical security risks. When programs run on distinct devices, as it occurs in IoT systems, they communicate through different channels in order to implement some functionality. Hence, in order to prove the overall system secure, an analysis must consider how these components interact. Standard taint analyses detect if a value coming from a source (such as methods that retrieve user input or sensitive data) flows into a sink (typically, methods that execute SQL queries or send data into the Internet), unsanitized (that is, not properly escaped). This work devises a cross-program taint analysis that leverages an existing intra-program taint analysis to detect security vulnerabilities in multiple communicating programs. The proposed framework has been implemented above the intra-program taint analysis of the Julia static analyzer. Preliminary experimental results on multi-program IoT systems, publicly available on GitHub, show that the technique is effective and detects inter-program flows of tainted data that could not be discovered by analyzing each program in isolation.
Cross-Programming Language Taint Analysis for the IoT Ecosystem
Ferrara P., Mandal A.K., Cortesi A., Spoto S.
Article, Electronic Communications of the EASST, 2019,
View abstract ⏷
The Internet of Things (IoT) is a key component for the next disruptive technologies. However, IoT merges together several diverse software layers: embedded, enterprise, and cloud programs interact with each other. In addition, security and privacy vulnerabilities of IoT software might be particularly dangerous due to the pervasiveness and physical nature of these systems. During the last decades, static analysis, and in particular taint analysis, has been widely applied to detect software vulnerabilities.Unfortunately, these analyses assume that software is entirely written in a single programming language, and they are not immediately suitable to detect IoT vulnerabilities where many different software components, written in different programming languages, interact. This paper discusses how to leverage existing static taint analyses to a cross-programming language scenario.
A Novel Meta-Information Management System for SaaS
Article, International Journal of Cloud Applications and Computing, 2019, DOI Link
View abstract ⏷
Cloud hosts numerous services with various underlying business logic and data stores. In this multifaceted and distributed environment locating or updating SaaS services is a crucial task. Researchers proposed various mechanism for this purpose, which involves accessing or altering the meta-information of the services, its underlying business logics. Thus, management of meta-information is crucial for SaaS services. It demands efficient categorization and cataloguing mechanism by preserving semantic-relationships among interrelated services, business processes and data sources. This article proposes a flexible and scalable meta-information management system for SaaS, capable of maintaining dependencies among various SaaS resources. It is useful towards identification of interrelated business processes, services and data sources and facilitates incremental update of meta-information. The proposed system is implemented using Hadoop and a series of experiments have been carried out, which shows that it can efficiently scale and effectively categorize and catalogue different SaaS resources.
Static analysis of Android Auto infotainment and on-board diagnostics II apps
Mandal A.K., Panarotto F., Cortesi A., Ferrara P., Spoto F.
Article, Software - Practice and Experience, 2019, DOI Link
View abstract ⏷
Smartphone and automotive technologies are rapidly converging, letting drivers enjoy communication and infotainment facilities and monitor in-vehicle functionalities, via on-board diagnostics (OBD) technology. Among the various automotive apps available in playstores, Android Auto infotainment and OBD-II apps are widely used and are the most popular choice for smartphone to car interaction. Automotive apps have the potential of turning cars into smartphones on wheels but can be also the gateway of attacks. This paper defines a static analysis that identifies potential security risks in Android infotainment and OBD-II apps. It identifies a set of potential security threats and presents an actual static analyzer for such apps. It has been applied to most of the highly rated infotainment apps available in the Google Play store, as well as on the available open-source OBD-II apps, against a set of possible exposure scenarios. Results show that almost 60% of such apps are potentially vulnerable and that 25% pose security threats related to the execution of JavaScript. The analysis of the OBD-II apps shows possibilities of severe controller area network injections and privacy violations, because of leaks of sensitive information.
Things as a service: Service model for IoT
Mandal A.K., Cortesi A., Sarkar A., Chaki N.
Conference paper, IEEE International Conference on Industrial Informatics (INDIN), 2019, DOI Link
View abstract ⏷
Leveraging the benefits of service computing technologies for Internet of Things (IoT) can help in rapid system development, composition and deployment. But due to the massive scale, computational and communication constraints, existing software service models cannot be directly applied for IoT based systems. Service discovery and composition mechanism need to be decentralized unlike majority of other service models. Moreover, IoT services' interfaces require to be light weight and able to expose the device profile for seamless discovery onto the IoT based system infrastructure. In addition to this, the 'things' data should be associated with its present context. To address these issues, this paper proposes a formal model for IoT services. The service model includes the physical property of 'things' and exposes it to the user. It also associates the context with the 'things' output, which in turn helps in extracting relevant information from the 'things' data. To evaluate our IoT service model, a weather monitoring system and its associated services are implemented using node.js [31]. The service data is mapped to SSN ontology for generating context-rich RDF data. This way, the proposed IoT service model can expose the device profile to the user and incorporate relevant context information with the things data.
Static analysis of android apps interaction with automotive CAN
Panarotto F., Cortesi A., Ferrara P., Mandal A.K., Spoto F.
Conference paper, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2018, DOI Link
View abstract ⏷
Modern car infotainment systems allow users to connect an Android device to the vehicle. The device then interacts with the hardware of the car, hence providing new interaction mechanisms to the driver. However, this can be misused and become a major security breach into the car, with subsequent security concerns: the Android device can both read sensitive data (speed, model, airbag status) and send dangerous commands (brake, lock, airbag explosion). Moreover, this scenario is unsettling since Android devices connect to the cloud, opening the door to remote attacks by malicious users or the cyberspace. The OpenXC platform is an open-source API that allows Android apps to interact with the car’s hardware. This article studies this library and shows how it can be used to create injection attacks. Moreover, it introduces a novel static analysis that identifies such attacks before they actually occur. It has been implemented in the Julia static analyzer and finds injection vulnerabilities in actual apps from the Google Play marketplace.
Vulnerability analysis of android auto infotainment apps
Mandal A.K., Cortesi A., Ferrara P., Panarotto F., Spoto F.
Conference paper, 2018 ACM International Conference on Computing Frontiers, CF 2018 - Proceedings, 2018, DOI Link
View abstract ⏷
With over 2 billion active mobile users and a large array of features, Android is the most popular operating system for mobile devices. Android Auto allows such devices to connect with an in-car compatible infotainment system, and it became a popular choice as well. However, as the trend for connecting car dashboard to the Internet or other devices grows, so does the potential for security threats. In this paper, a set of potential security threats are identified, and a static analyzer for the Android Auto infotainment system is presented. All the infotainment apps available in Google Play Store have been checked against that list of possible exposure scenarios. Results show that almost 80% of the apps are potentially vulnerable, out of which 25% poses security threats related to execution of JavaScript.
Modelling of business processes for software as a service
Article, International Journal of Business Process Integration and Management, 2017, DOI Link
View abstract ⏷
The traditional approach to business process modelling frequently results in large models that are difficult to change and maintain. In cloud-based environment, business dynamics are mandating that business processes normally be increasingly responsive to changes. This demands business process should be highly modular, scalable and flexible for cloud-based applications. Further, in cloud-based business environments, besides describing new capabilities, process models should also define how those capabilities can be integrated with the existing systems. In this paper, a hierarchical graph-based specification called business component graph for SaaS (BCGS) has been proposed to address those issues. The proposed BCGS, formally, realises the business components for software as a service (SaaS)-based applications. BCGS represents the complex business logic design as a set of business components and their inter-relationships. Here, business component is defined as methodical integration of business processes and business rules. This proposed integration approach facilitates high scalability and reusability of constituent elements of business components and ensures the consistency between processes and business rules. Moreover, this paper also includes the service orientation of the proposed concepts in SaaS framework. A detailed case study of BCGS also has been illustrated to show the expressiveness of the proposed concepts.
Interface driven service discovery: Colored Petri-Net based approach
Conference paper, IEEE Region 10 Annual International Conference, Proceedings/TENCON, 2017, DOI Link
View abstract ⏷
Service discovery is the process of locating suitable services and retrieve their descriptions in response to the user requirements. The discovery process should include functional, behavioral and executional semantics of the services towards dynamic integration with user's applications. However, most of the discovery approaches exist in the literature primarily relies only on functional aspects and data formats of the services. To address these issues, this paper proposes an interface driven service discovery mechanism. For this purpose, a conceptual model of service interfaces is proposed to express the related functional and behavioral facets based on which services are discovered. Further, a service interface behavioral model called, Colored Petri Net for Service Interface (CPSI), is also proposed to represent the conceptual constructs of service interfaces and behavioral aspects of related services. It also implements a two staged service discovery algorithm to find the target service and to integrate with the interface dynamically. The proposed CPSI and service discovery algorithm is simulated using the CPN tool. Further, the expressiveness of the proposed mechanism is illustrated using a suitable case study.
Interface driven service composition: A highlevel colored PetriNet based approach
Gaur M., Mandal A.K., Sarkar A., Debnath N.C.
Conference paper, Proceedings - 2017 International Conference on Recent Advances in Signal Processing, Telecommunications and Computing, SigTelCom 2016, 2017, DOI Link
View abstract ⏷
Service composition refers to the process of developing the complex services from existing services. In order to add or remove functionalities of the composite services and to reduce the human intervention, the service composition process should be dynamic, scalable, and reusable. For the purpose, this paper proposes a Colored PetriNet based approach for service composition. In the proposed mechanism, firstly, a conceptual model of service interface has been devised. Based on the conceptual model a Colored PetriNet (CPN) based model, called Colored PetriNet for Service Composition (CPSC) has been proposed to represent the behavioral aspects of the conceptual constructs of service interfaces and different composition aspects of the constituent services. It also implements a service composition algorithm to execute the composition sequence of services. Moreover, the proposed CPSC along with the algorithm are illustrated with a suitable case study and simulated using CPN tool. The result shows that the proposed algorithm can successfully compose services based on the user requirements. Beside these, the state space report of the proposed CPSC validates the standard behavioral properties of the concerned system.
Context driven metadata representation for SaaS
Mandal A.K., Sarkar A., Debnath N.C.
Conference paper, IEEE International Conference on Industrial Informatics (INDIN), 2016, DOI Link
View abstract ⏷
Metadata enables organizations or individuals to create and associated data that can help to define richer details about the world and events around it. For the cloud environment, metadata demands identification of associative capacity of information. At the same time, the system should be flexible, scalable and capable of supporting efficient searching mechanism over disparate information generated from varied contextual background. For the purpose, this paper proposes a conceptual model for context driven indexing system which is suitable for metadata representation of Software as a Service (SaaS) layer's information of cloud environment. At the logical level, the proposed model is represented using a multidimensional tree structure and its equivalent XML document. Moreover, a set of operations has been defined on the proposed indexing system to perform the context based metadata refinement and searching operations. The expressive power of the proposed concept is illustrated using a case study of simplified electronic health record (EHR) system.
Service Oriented System design: Domain Specific Model based approach
Conference paper, 2016 3rd International Conference on Computer and Information Sciences, ICCOINS 2016 - Proceedings, 2016, DOI Link
View abstract ⏷
Several design specifications of service oriented architecture (SOA) reflects that traceability is a desired feature among business process model and service based implementation. But most of the literatures have merely drawn any suitable correspondence between business process facets and service concepts for service based system design. This paper proposes a Domain Specific Model based approach for designing and development of Service Oriented System (SOS) to reduce the semantic gap between business process and corresponding service representation. For the purpose, firstly, the domain level concepts of SOS are defined from both business process and service representation perspectives. Moreover, a set of traceability rules are devised to draw the correspondence between the business process and service domain concepts of SOS. Further the proposed modelling concepts have been implemented using Generic Modelling Environment (GME) [13] to generate the instance of SOS model in Web Service Description Language (WSDL) and corresponding process description based on Business Process Modelling Notation (BPMN). The expressiveness of the proposed SOS model has been illustrated using suitable case study.
Flexible cloud architecture for healthcare applications
Conference paper, Advances in Intelligent Systems and Computing, 2015, DOI Link
View abstract ⏷
A healthcare cloud is used by healthcare service providers for storing, maintaining, and backing up personal health information along with structured management of the health data across multiple healthcare providers. On a daily basis, healthcare services deal with different kinds of digital information ranging from structured to unstructured. The widespread adoption of electronic health records have resulted in an improved patient health and safety as well as significant savings in healthcare costs. Moreover, deploying healthcare records over cloud environment will enable access of critical patient's information at any time and from anywhere. But many enterprises are facing a major research challenge due to the unavailability of suitable cloud architecture for design, development, and deployment of healthcare services. In this paper, a flexible architecture for SaaS-based healthcare services has been proposed specifically for healthcare applications, which is capable of semi-structured healthcare data management and storing compatible with Health Level Seven (HL7) standard (Hennessy et al. in A framework and ontology for mobile sensor platforms in home health management, 2013; Liu et al. in iSMART: ontology-based semantic query of CDA documents AMIA annual symposium, pp. 375-379, 2009) [6, 7]. HL7 specifies the structure and semantics of "clinical documents" for the purpose of sharing; therefore, data can be easily shared among the applications. © Springer India 2015.
Architecting software as a service for data centric cloud applications
Mandal A.K., Changder S., Sarkar A., Debnath N.C.
Article, International Journal of Grid and High Performance Computing, 2014, DOI Link
View abstract ⏷
Software as a service (SaaS) is a new software development and deployment paradigm over the cloud. It offers Information Technology services dynamically as "on-demand" basis. The related application data are stored in the data centers managed by the Cloud Service Providers. Many enterprises are facing a major research challenge due to the unavailability of generic cloud architecture for designing, developing and deploying of cloud services. In this paper a flexible architecture for SaaS has been proposed, specifically for data centric cloud applications which may have access to heterogeneous types of databases. The architecture is composed of several layers, which are interacting with each other through the dynamically selected access points of the corresponding layers interfaces. The paper also enlisted the crucial features for SaaS architectural model. Moreover, a detailed comparative study has been done among the proposed SaaS architectural framework and other existing similar proposals based on the listed features.
Implementation of business rules for data centric cloud applications
Mandal A.Kr., Sarkar A., Debnath N.C.
Conference paper, 2014 International Conference on Computing, Management and Telecommunications, ComManTel 2014, 2014, DOI Link
View abstract ⏷
A true cloud adhered to the single instance multiple tenants model for enterprise applications. Most importantly each of these enterprises expanded their business into diversified fields. Thus, a tenant may also use multiple service instances for varying business needs. This demands flexibility of software systems supporting business processes which are governed by business rules. The major challenge of using business rules in multi-tenant cloud environment is that it must be able to support the different lines of business of the individual tenants. To encounter these problems here a graph based business rule representation model called, Generalized Business Rule Dependency Graph (GBRDG) [1] has been considered. GBRDG supports the reuse of the business rules and is capable of accommodating changes in business rules using its rich set of semantic constructs and interrelationship. This paper proposes a rule based transformation mechanism of GBRDG into the equivalent XML schema Definition (XSD) and it is illustrated with a case study. Moreover, the correctness of the model transformation is proved using the structural correspondence approach. © 2014 IEEE.
Formal representation of service interactions for SaaS based applications
Conference paper, 5th International Conference on the Applications of Digital Information and Web Technologies, ICADIWT 2014, 2014, DOI Link
View abstract ⏷
Conceptualization of different aspects of cloud applications and formal representations of interactions among the different components of SaaS are most crucial issues towards the design of an effective cloud architectural framework. In this paper a graph-based specification called Cloud Service Architecture Graph (CSAG) has been proposed to model such interactions among various components of Software as a Service (SaaS). CSAG is capable of addressing several important aspects like extendibility, composability, analyzability etc. for SaaS based applications over cloud environment. Moreover, several properties of CSAG shows that the proposed approach is effective towards the design of a SaaS based applications. The proposed CSAG has been illustrated using the case study of Electronic Health Record (EHR) system over cloud environment. © 2014 IEEE.
A Novel and Flexible Cloud Architecture for Data-Centric Applications
Mandal A.K., Changder S., Sarkar A., Debnath N.C.
Conference paper, Proceedings of the IEEE International Conference on Industrial Technology, 2013, DOI Link
View abstract ⏷
Software as a service or (SaaS) is a new software development and deployment paradigm over the cloud. It offers Information Technology services dynamically as 'on-demand' basis over the internet. The related application data are stored in the large data centers managed by the Cloud Service Providers. Therefore the user need not to bother about the data storage or data management techniques and they can be able to access their applications from anywhere on the globe via a standard web browser. Many enterprises are facing a major research challenge due to the unavailability of generic cloud architecture for designing, developing and deploying of cloud services. In this paper flexible cloud architecture has been proposed, specifically for data centric applications which are suitable for heterogeneous types of applications. This paper also has aimed to establish the future research agendas related to design and management of data centric applications over the cloud infrastructure. © 2013 IEEE.
Selection of services for data-centric cloud applications: A QoS based approach
Mandal A.K., Changder S., Sarkar A.
Conference paper, Proceedings - 2nd International Conference on Advanced Computing, Networking and Security, ADCONS 2013, 2013, DOI Link
View abstract ⏷
In recent days, the numbers of services deployed on the cloud are growing at a dramatic pace. At the same time, a cloud can host very large number of services with the similar functionality, provided by different providers. Moreover, many applications may use the same service to perform a specific type of task. Therefore, it is essential to select appropriate cloud service as per the applications requirements from a large pool of available services. Thus, selection of services for cloud based software applications is a challenging task and demand high level of research attention. From the computational perspective, the service selection mechanism is required to be optimum enough in order to increase the overall performance of the cloud. In this paper, a novel service selection mechanism has been proposed which is based on the "quality of service" (QoS) parameters of the cloud services. Beside the multi-objective optimization, the proposed algorithm is capable to explore multiple cloud services based on user specified QoS values. © 2013 IEEE.
Modeling business rules for cloud applications: A graph semantic based approach
Mandal A.K., Changder S., Sarkar A., Debnath N.C.
Conference paper, 22nd International Conference on Software Engineering and Data Engineering, SEDE 2013, 2013,
View abstract ⏷
Present business rule modeling techniques are not capable enough to capture their semantic details suitable for cloud services. Only having virtualized hardware and enabling service oriented architecture will not make the enterprises completely suitable for cloud. The biggest challenge is how business rules can be incorporated in multi-tenant cloud applications such that the services can be able to support different lines of business of the enterprises. To encounter these problems in this paper a graph based business rule representation model called, Generalized Business Rule Dependency Graph (GBRDG) has been proposed. The GBRDG provides high level representation of business rules, their composition, dependencies and several dynamic properties suitable for cloud based applications using graph based semantics. The proposal also supports the reuse of the low level business rules and capable to accommodate the changes in business rules using rich set of semantic constructs and interrelationship.
Human-like gradual multi-agent Q-learning using the concept of behavior-based robotics for autonomous exploration
Ray D.N., Mandal A., Majumder S., Mukhopadhyay S.
Conference paper, 2011 IEEE International Conference on Robotics and Biomimetics, ROBIO 2011, 2011, DOI Link
View abstract ⏷
In the last few years, the field of mobile robotics has made lots of advancements. These advancements are due to the extensive application of mobile robots for autonomous exploration. Mobile robots are being popularly used for applications in space, underwater explorations, underground coal mines monitoring, inspection in chemical/toxic/ nuclear factories etc. But if these environments are unknown/unpredictable, conventional/ classical robotics may not serve the purpose. In such cases robot learning is the best option. Learning from the past experiences, is one such way for real time application of robots for completely unknown environments. Reinforcement learning is one of the best learning methods for robots using a constant system-environment interaction. Both single and multi-agent concepts are available for implementation of learning. The current research work describes a multi-agent based reinforcement learning using the concept of behaviour-based robotics for autonomous exploration of mobile robots. The concept has also been tested both in indoor and outdoor environments using real-time robots. © 2011 IEEE.
Human-like gradual learning of a Q-learning based light exploring robot
Ray D.N., Mandal A., Majumder S., Mukhopadhyay S.
Conference paper, 2010 IEEE International Conference on Robotics and Biomimetics, ROBIO 2010, 2010, DOI Link
View abstract ⏷
Machine learning is an important issue to researchers for several years. Reinforcement learning is a type of unsupervised learning which uses state-action combinations and rewards to interact with the environment. Q-learning a further, sub-division of reinforcement learning is now-a-days well-accepted algorithm for robots (machine) learning. However human beings learn in different ways. One of such learning is gradual learning which is mostly continuous in nature. This present paper uses gradual learning combined with Q-learning for light exploration. The first Q-table is randomly generated, but the next Q-tables are inter-dependent and gradually refined. Initial learning time may be high, but final learning time is lower and this proves the efficiency of this learning technique. Apart the convergence of the Q-learning is also established. © 2010 IEEE.
Application of single agent Q-learning for light exploration
Ray D.N., Mandal A.K., Mazumder S., Mukhopadhay S.
Conference paper, Proceedings - 2010 IEEE International Conference on Intelligent Computing and Intelligent Systems, ICIS 2010, 2010, DOI Link
View abstract ⏷
Machine learning refers to systematic design and development of algorithms that allows computers to evolve behaviors based on some realistic data (online or offline). Q-learning, a sub-part of the reinforcement learning is being used world wide for easy learning of mobile robots. Light exploration is one of the important issues for developing green robots. This paper describes the work carried out for light exploration by a robot using single-agent based Q-learning. Here a single agent is taking care of all the tasks for learning. ARDID III, an indigenous behaviour-based robot has been used to implement the Q-learning algorithm for light exploration. The system uses one light sensor and two touch (press) sensors for exploration. It has been found that the algorithm has good applicability for robot learning. ©2010 IEEE.
