ARTIFICIAL INTELLIGENCE AND SECURITY IN COMPUTING SYSTEMS

THE KLUWER INTERNATIONAL SERIES IN ENGINEERING AND COMPUTER SCIENCE

Jerzy Soldek, Leszek Drobiazgiewicz (Eds)

ARTIFICIAL INTELLIGENCE AND SECURITY IN COMPUTING SYSTEMS 9th International Conference, ACS '2002 Miedzyzdroje, Poland October 23-25, 2002 Proceedings

KM

W SPRINGER SCIENCE+BUSINESS MEDIA , LL C

Library of Congress Cataloging-in-Publication Data

9 t h International Conference, A C S 2002 (Mi^dzyzdroje, Poland) Artificial Intelligence and Security in Computing Systems I

Edited by Jerzy Soidek, Leszek Drobiazgiewicz. p.cm. (The Kluwer international series in engineering and computer science).

Expansions of selected papers that were presented at the Advanced Computer Systems conference, held October 23-25 2002 Mi^dzyzdroje (Poland) organized by Technical University of Szczecin. Includes bibliographical references. ISBN 978-1-4613-4847-4 ISBN 978-1-4419-9226-0 (eBook) DOI 10.1007/978-1-4419-9226-0 I. Artificial Intelligence. 2. Computer Security. 3. Agents. I. Soldek, Jerzy

II. Drobiazgiewicz, Leszek. III. Title. IV. Series.

Copyright © 2003 by Springer Science+Business Media New York Originally published by Kluwer Academic Publishers in 2003 Softcover reprint of the hardcover 1st edition 2003

A l l rights reserved. No part of this work may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, microfilming, recording, or otherwise, without the written permission from the Publisher, with the exception of any material supplied specifically for the purpose of being entered and executed on a computer system, for exclusive use by the purchaser of the work.

Printed on acid-free paper.

Table of Contents

Preface vii

Chapter 1Artificial Intelligence Methods

and Intelligent Agents

FACCHINETTI GISELLA, FRANCI FRANCESCO,MASTROLEO GIOVANNI, PAGLIARO VITTORIO, RICCI GIANNI

From a logic map to a fuzzy expert system for the descriptionof the Middle East destabilization 3

FRANCESCO FORTE, MlCHELA MANTOVAN/,GISELLA FACCHINEITI, GIOVANNI MASTROLEO

A Fuzzy Expert System for Auction Reserve Prices 13

WALDEMAR UCHACZ, ZBIGNIEW PIETRZYKOWSKIVessel traffic optimization using a linear model with fuzzy coefficients 23

ALICJA MlESZKOWICZ-ROLKA, LESZEK ROLKAVariable Precision Rough Sets 33

JACEK CZERNIAK, HUBERT ZARZYCKIApplication of rough sets in the presumptive diagnosisof urinary system diseases 41

JANUSZ MORAJDANeural Networks and Their Economic Applications 53

MARCIN PLUCINSKIApplication of data with missing attributes in the probability RBFneural network learning and classification 63

IZABELA REJER, ANDRZEJ PIEGATA method of investigating a significance of input variablesin non-linear high-dimensional systems 73

ROMAN SMIERZCHALSKIEvolutionary Algorithm in Problem ofAvoidance Collision at Sea 81

YUGO ITO, SHIN-ICHI MIYAZAKI,YOSHINOBU HIGAM/, SHIN-YA KOBAYASHI

Improvement and Evaluation ofAutonomous Load Distribution Method ........ 91

PRZEMYSLA W ROZEWSKI, ANTONI WILINSKI,OLEG ZAIKINE, KRZYSZTOF GIZYCKI

Idea of the National System of Education and Verification Traffic'sKnowledge as a Tool of Traffic Safety Increasing 101

EDWARD NA WARECKI, GRZEGORZ DOBROWOLSKI,MAREK KISIEL-DOROHINICKI

Distribution of Resources by Means of Multi-Agent Simulation Based onIncomplete Information III

vi

PABLO GRUER, VINCENT HILAIRE,JAROSLA W KOZLAK, ABDER KOUKAM

A multi-agent approach to modeling and simulationof transport on demand problem 119

OREST POPOv, ANNA BARCZ, PIOTR PIELA, TOMASZ SOBCZAKPractical realization of modelling an airplanefor an intelligent tutoring system '" 127

PIOTR PECHMANN, JERZY SOLDEKModel of Natural Language Communication Systemfor Virtual Market of Services 137

BOZENA SMIALKOWSKAModels ofIntegration in Decision Support Systems 153

KHALID SAEEDObject Classification and Recognition using Toeplitz Matrices 163

Chapter 2

Computer Security and Safety

MIROSLA W KURKOWSKI, JERZY PEJASA Propositional Logic for Access Control Policy in Distributed Systems ...... 175

JERZYPEJASCertificate-Based Access Control Policies Description Language 191

MARIAN SREBRNY, PIOTR SUCHEncryption using two-dimensional cellular automata with applications 203

MARCIN GOGOLEWSKI, MIROSLAW KUTYLOWSKISecure data storing in a pool of vulnerable servers 217

KAMIL KULESZA, ZBIGNIEW KOTULSKIOn automatic secret generation and sharingfor Karin-Greene-Hellman scheme 227

TADEUSZ GAJEWSKI, IZABELA JANICKA-LIPSKA , JANUSZ STOKLOSAThe FSR-255family ofhash functions with a variable length of hash result........ 239

MIROSLA W KURKOWSKI, WITOLD MACKOWUsing Backward Strategy to the Needham-SchroederPublic Key Protocol Verification 249

TADEUSZ CICHOCKI, JANUSZ GORSKIOF-FMEA: an approach to safety analysisof object-oriented software intensive systems 261

JANUSZ GORSKI, JAKUB MILERProviding for continuous risk management in distributed software projects .... .... 271

IMEDELFRAYAbout Some Application of Risk Analysis and Evaluation 283

KRZYSZTOF CHMIELLinear Approximation of Arithmetic Sum Function 293

Preface

The book contains the selected papers from Conference of AdvancedComputer Systems (ACS)'2002 in the fields of Artificial Intelligence and ComputerSecurity &Safety.

The Conference, organized for the ninth time, acts as international forum forresearches and practicioners from academia and industry with a forum to report onthe latest developments in advanced computer systems and their application withinmethods of artificial intelligence, intelligent agents, computer security & safety,image processing & biometric systems, computer graphics & visualization andsoftware engineering. The main directions of the conference were problems ofartificial intelligence and computer security. There were chosen 27 the best papersbetween all 85 articles of conference. These 27 papers are organized in two chapters .

Chapter I "Artificial Intelligence Methods and Intelligent Agents" contains17 papers, including 10 dedicated for the applications of artificial intelligencemethods and 7 concerned intelligent agent applications.

G. Facchinetti et al. in the paper "From a logic map to a fuzzy expert system forthe description of the Middle East destabilization" describe the actual politicalsituation of Midd le East by using the fuzzy expert system.

In another paper F. Forty, G. Facchinetti et al. use "A fuzzy expert system forauction reserve prices" focusing on the issue of a rieliable reserve price: importantboth for the sellers as for the purchasers. The paper is a preliminary effort to applythe fuzzy sets theory to the multiattributes valuation of art goods.

W. Uchacz and Z. Pietrzykowski present the use of fuzzy linear programmingfor vessel traffic optimisation on the Swinoujscie - Szczecin fairway. The L-Rrepresentation of fuzzy number was used for the model description .

A. Mieszkowicz - Rolka and Leszek Rolka in their paper consider theevaluation of human decision model basing on measures of the variable precisionrough sets theory . Decision tables were generated and investigated in case of controlof dynamic plant (aircraft) .

J. Czerniak and H. Zarzycki describe the model of the expert systems which willperform the presumptive diagnosis of two diseases of urinary system . This is anexample of the rough sets theory application to generate the set of decision rules inorder to solve a medical problem.

J. Morajda in the article "Neural networks and their economic applications"outlines basic types of neural networks and presents their selected application inmarketing , finance and other areas ofbusiness and economy .

M. Plucinski in his paper presents an application of the probability RBF neuralnetwork to class ification of samples with missing attributes and tuning of thenetwork with incomplete data.

I. Rejer and A. Piegat in their article introduce a new method of investigating asignificance of input variables in non-linear multi-dimentional systems. The methodwas used to build a ranking of significance for I9-dimentional system of anunemployment rate in Poland in years 1992 -1999.

R. Smierzchalski in his paper presents the evolutionary algorithm for computingthe near optimum trajectory of a ship in given sea environment. By taking into

viii

account certain boundaries of the manoeuvring region, along with navigationobstacles and other moving ship, the problem of avoiding collisions at sea wasreduced to a dynamic optimisation task with static and dynamic constrains. Result ofalgorithm parameter, having the form obtained using the program for navigationsituation , are given.

In the article "Improvement and evaluation of autonomous load distributionmethod" authors proposed a new load distribution algorithm for multi-computersystems and applied it on a workstation cluster to compare it with some methodsproposed in the past.

In the paper "Idea of the national system of education and verification trafficknowledge as a tool of traffic safety increasing" authors present the educationsystem based on knowledge management. The system is developed for the sake ofthe European drivers' education standards.

B. Smialkowska in her paper presents an overall charakteristics of methodsaiming at integration of enterprise's management information systems and decisionsupport systems. The method is based on virtual data warehouse concept witha database of decision modelling methods and database of models.

In the paper "Object classification and recognition using Toeplitz Matrices" thederived Toeplitz forms are applied to verify the projected view of the given imagesfor recognition. The results of experiments good and encouraging for algorithmextension to apply on other applications like handwritten script, spoken-letter imageand varieties of geometrical patterns including views of three dimensional objectsfor the sake of classification and recognition.

The last set offour papers concern the problemsofmulti-agentsystemsapplications.E. Nawarecki et al. consider a problem in which distribution and transportation

of resources depend on incomplete and uncertain information about availability ordemand. Agent-based simulation is proposed as a convenient and efficient tool. Thechosen experiments with the model are reported together with interpretation andsome general remarks.

In the paper "A multi-agent approach to modelling and simulation of transporton demand problem" authors focus on a model of multi-agent system for simulationof transport on demand. The system performs efficient allocation of vehicles todynamically incoming transport orders.

O. Popov et al. in their paper describe the general design and an example ofpractical realisation of the simulation system for a light airplane, created as a part ofan intelligent multi-agent tutoring system for civil aviation. Structure of thesimulation system is based on two modules: the simulation kernel and the userinterface. Both modules communicate with each other as well as with the other partsof an intelligent tutoring system through the network, which makes the simulationsystem a suitable tool for use in distance learning.

P. Pechman and J.Soldek present a model of communication system withcomputers by using natural language. Model was built based on results of theirresearch of semantic analysis and sentence generation in Polish language used inhuman - computer dialogue. Multi-agent system structures and specified agentfunctions related to communication based on natural language, are described.Achievability of the proposed system of the virtual market of services and functionsintended for agents are also discussed.

ix

Chapter II "Computer Security and Safety" contains 10 papers related to theproblems of security, cryptography, safety and risk management.

M. Kurkowski and 1. Pejas in their article propose the logic-based model forinterpreting the basic events and properties of the distributed access control systems .They provide a convenient formal language, an axiomatic inference system, a modelof computation, and semantics . They prove some important properties of this logicand show how our logical language can express some access control policiesproposed so far.

1. Pejas in the paper "Certificate - based access control policies descriptionlanguage" describes the language to support security and management of distributedsystems . This policy language is based on a declarative, object-orientedPonder languagepresented in Damianou. The language is flexible, expressive and extensible to cover thewide range of requirements implied by the current distributedsystems paradigms.

M. Srebrny and P. Such in their papers present a new symmetric cryptosystem,based on two-dimensional cellular automata. Enciphering uses both left- and right­toggle rules. Enhanced cryptographic power is obtained by designing some simplegeometric transformations on squares of bits of information . As an application , asoftware system "IPI Protect" is presented which integrates with MS Word forprotecting the documents against unauthorized modifications while allowing freeviewing and printing.

M. Gogolewski and M. Kutylowski consider the problem of secure data storingin a pool of vulnerable servers. In order to elude the threat described one may storemultiple copies of data in a pool of data servers . However , in order to limit the costs,the number of copies must be limited . Again, this provides a chance for an adversaryto attack only the few servers actually storing the copies of data relevant for him.

In this paper they design a simple and elegant method for secure storing ofencrypted data based on Rackoff-Simon onion protocol used previously againsttraffic analysis .

M. Kulesza and Z. Kotulski examine the problem of automatic secret generation andsharing for Karin-Greene-Hellman scheme. They show how to simultaneously generateand share random secret. Next, they propose a method of automatic sharing of a knownsecret. They discuss how to use extended capabilities in the proposedmethod.

In the paper "The FSR-255 family of hash functions with a variable length ofhash result" a family of cryptographic hash functions with a variable length of hashresult, is presented. The hash functions are defined by some processing structuresbased on seventeen 15-stage stage non-linear feedback shift registers. The feedbackfunctions can be modified by the user to customize the hash function. Hardware isdesigned for implementing as a full custom ASIC , and is optimized to increase theprocessing rate.

M. Kurkowski and W. Mackow present in the paper the application of new fastmethod of verification of cryptographic authentication protocols to verification ofthe Needham-Schroeder Public Key Authentication Protocol. They present averification algorithm, its implementation and some experimental results . For theverification of correctness property they apply a backward induction method .

T . Cichocki and 1. Gorski present in their paper an extension to the commonFMEA method in such a way that it can be appl ied to safety analysis of systems thatare developed using a recently popular object oriented approach. The method makes use

x

of the object and collaboration models ofUML. The method supports systematic way offailure mode identification and validation. The verification process provides hints forpossible redesign of components. Experiences of using the method for a railwaysignalling case study are also reported.

J. GOrski and J. Miler present a concept of continuous risk management indistributed software development projects. The concept is particularly relevant forcritical software applications where risk management is among main projectmanagement activities. The approach recognises that effective and opencommunication is the prerequisite for successful risk management. Therefore , itconcentrates on providing to the project stakeholders a broad and highly availablecommunication channel through which they can communicate risk-relatedinformation The description of a tool that embodies those concepts and reports fromsome validation experiments are also included.

I. EI Fray in his paper consider some application problems of risk analysis andevaluation . At present every company which want to exist on the market shouldintroduce consistent security policy and risk management mechanisms within thecompany to guarantee information accessibility, confidentiality and integrity. Thepaper is focused on risk evaluation based on some model enterprise and inaccordance with known and accepted risk management methods.

Szczecin, March 2003 Professor Jerzy Soidek

Chairman of InternationalProgram Comittee Committee

INTERNATIONAL PROGRAM COMMITTEEJ. SoldekS. AblameykoR. DrechslerMAdamskiA . BartkowiakW. BieleckiCh. ChuZ. CzechA . DolguiN. EnlundV. EvdokimovG. Facchinett iR. FrenchJ. GorskiA. JavorS. KabayashiG. KuchariewW. KulbaE. KuriataC. MoragaK. MyszkowskiA. NaeveW. PedryczJ. PejasA . PiegatJ. Pieprzyk0. PopovD. PuzankovW. RucinskiR. SadykhovB. SovetovM SrebrnyR. StankovicJ. StoklosaW. SwinarskiA. VerlanJ. Weglarz0. Zaikin

PolandBelarusGermanyPolandPolandPolandFrancePolandFran ceSwedenUkraineItalyUSAPolandHungaryJapanPolandRussiaPolandGermanyGermanySwedenCanadaPolandPolandAustraliaPolandRussiaPolandBelarusRussiaPolandYugoslaviaPolandUSAUkrain ePolandPoland

Advanced Computer Systems '2002 was organized by: Technical Univers ity ofSzczecin(Poland) , A1bert-Ludwigs-University (Germany), University ofTechnology of Troyes (France)and was held in cooperation with:Belarussian Academy of Sciences (Belarus), ElectrotechnicalUniversity of Sank! Petersburg (Russia), Polish Academy of Sciences (Poland), UniversityofGoettingen (Germany), Ukrainian Academy ofSciences (Ukraine), Warsaw UniversityofTechnology (Poland).