ARTIFICIAL INTELLIGENCE AND SECURITY IN COMPUTING SYSTEMS THE KLUWER INTERNATIONLA SERIES IN ENGINEERGIN AND COMPUTRE SCIENCE Jerzy Soldek, Leszek Drobiazgiewicz (Eds) ARTIFICIAL INTELLIGENEC AND SECURIYT IN COMPUTIGN SYSTEMS 9th International Conference ,ACS '2002 Miedzyzdroje , Poland October 23-25, 2002 Proceedings KM W SPRINGER SCIENCE+BUSINESS MEDIA , LLC Library of Congress Cataloging-in-Publication Data 9th International Conference, ACS 2002 (Mi^dzyzdroje, Poland) Artificial Intelligence and Security in Computing Systems I Edited by Jerzy Soidek, Leszek Drobiazgiewicz. p.cm. (The Kluwer international series in engineering and computer science). Expansions of selected papers that were presented at the Advanced Computer Systems conference, held October 23-25 2002 Mi^dzyzdroje (Poland) organized by Technical University of Szczecin. Includes bibliographical references. ISBN 978-1-4613-4847-4 ISBN 978-1-4419-9226-0 (eBook) DOI 10.1007/978-1-4419-9226-0 I. Artificial Intelligence. 2. Computer Security. 3. Agents. I. Soldek, Jerzy II. Drobiazgiewicz, Leszek. III. Title. IV. Series. Copyright © 2003 by Springer Science+Business Media New York Originally published by Kluwer Academic Publishers in 2003 Softcover reprint of the hardcover 1st edition 2003 All rights reserved. No part of this work may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, microfilming, recording, or otherwise, without the written permission from the Publisher, with the exception of any material supplied specifically for the purpose of being entered and executed on a computer system, for exclusive use by the purchaser of the work. Printed on acid-free paper. Table of Contents Preface vii Chapter 1 Artificial Intelligence Methods and Intelligent Agents FACCHINETTIGISELLA, FRANCIFRANCESCO, MASTROLEO GIOVANNI, PAGLIARO VITTORIO,RICCIGIANNI From alogic maptoafuzzy expert system forthedescription ofthe Middle East destabilization 3 FRANCESCOFORTE,MlCHELA MANTOVAN/, GISELLA FACCHINEITI, GIOVANNIMASTROLEO AFuzzyExpertSystem forAuction Reserve Prices 13 WALDEMAR UCHACZ, ZBIGNIEWPIETRZYKOWSKI Vessel trafficoptimizationusing alinearmodel with fuzzycoefficients 23 ALICJA MlESZKOWICZ-ROLKA, LESZEKROLKA Variable Precision Rough Sets 33 JACEKCZERNIAK,HUBERTZARZYCKI Applicationofrough setsinthepresumptivediagnosis ofurinarysystem diseases 41 JANUSZMORAJDA Neural Networks andTheirEconomicApplications 53 MARCINPLUCINSKI Applicationofdata withmissingattributes intheprobabilityRBF neural network learningandclassification 63 IZABELA REJER, ANDRZEJPIEGAT Amethod ofinvestigatingasignificanceofinput variables innon-linearhigh-dimensionalsystems 73 ROMANSMIERZCHALSKI EvolutionaryAlgorithminProblem ofAvoidanceCollision atSea 81 YUGOITO, SHIN-ICHIMIYAZAKI, YOSHINOBUHIGAM/, SHIN-YAKOBAYASHI Improvementand EvaluationofAutonomousLoad DistributionMethod........91 PRZEMYSLAWROZEWSKI,ANTONIWILINSKI, OLEG ZAIKINE,KRZYSZTOFGIZYCKI Idea ofthe National System ofEducationandVerification Traffic's KnowledgeasaTool ofTrafficSafety Increasing 101 EDWARDNAWARECKI, GRZEGORZDOBROWOLSKI, MAREKKISIEL-DOROHINICKI DistributionofResources by Means ofMulti-AgentSimulation Based on Incomplete Information III vi PABLOGRUER, VINCENTHILAIRE, JAROSLAWKOZLAK, ABDERKOUKAM Amulti-agentapproach tomodelingand simulation oftransportondemandproblem 119 ORESTPOPOv, ANNA BARCZ, PIOTRPIELA, TOMASZSOBCZAK Practicalrealizationofmodellingan airplane foran intelligenttutoringsystem '" 127 PIOTRPECHMANN,JERZYSOLDEK Model ofNatural LanguageCommunicationSystem for Virtual MarketofServices 137 BOZENA SMIALKOWSKA Models ofIntegrationinDecisionSupportSystems 153 KHALIDSAEED Object Classificationand Recognitionusing ToeplitzMatrices 163 Chapter2 Computer Security and Safety MIROSLAWKURKOWSKI, JERZYPEJAS APropositionalLogic forAccess Control Policyin DistributedSystems......175 JERZYPEJAS Certificate-BasedAccess ControlPolicies DescriptionLanguage 191 MARIANSREBRNY, PIOTR SUCH Encryption using two-dimensionalcellularautomatawith applications 203 MARCINGOGOLEWSKI,MIROSLAWKUTYLOWSKI Secure data storing inapool ofvulnerableservers 217 KAMILKULESZA, ZBIGNIEWKOTULSKI On automaticsecret generationand sharing for Karin-Greene-Hellmanscheme 227 TADEUSZGAJEWSKI,IZABELA JANICKA-LIPSKA,JANUSZSTOKLOSA The FSR-255familyofhashfunctionswithavariablelengthofhashresult........239 MIROSLAWKURKOWSKI, WITOLDMACKOW Using BackwardStrategytothe Needham-Schroeder Public Key Protocol Verification 249 TADEUSZCICHOCKI,JANUSZGORSKI OF-FMEA:anapproach tosafetyanalysis ofobject-orientedsoftwareintensivesystems 261 JANUSZGORSKI, JAKUB MILER Providingforcontinuousriskmanagementindistributedsoftwareprojects........271 IMEDELFRAY About Some ApplicationofRiskAnalysisand Evaluation 283 KRZYSZTOFCHMIEL LinearApproximationofArithmeticSumFunction 293 Preface The book contains the selected papers from Conference of Advanced ComputerSystems (ACS)'2002 inthe fields ofArtificial Intelligence and Computer Security &Safety. The Conference, organized for the ninth time, acts as international forum for researches and practicioners from academia and industry with a forum toreport on the latest developments in advanced computer systems and their application within methods of artificial intelligence, intelligent agents, computer security & safety, image processing & biometric systems, computer graphics & visualization and software engineering. The main directions of the conference were problems of artificial intelligence and computer security. There were chosen 27 the best papers between all85articles ofconference.These 27papersareorganizedintwochapters. Chapter I "Artificial Intelligence Methods and Intelligent Agents" contains 17papers, including 10 dedicated for the applications of artificial intelligence methods and 7concernedintelligentagentapplications. G.Facchinetti etal. inthepaper "Fromalogic map toafuzzyexpert systemfor the description of the Middle East destabilization" describe the actual political situation ofMiddleEastbyusingthefuzzyexpert system. In another paper F. Forty, G. Facchinetti et al. use "A fuzzy expert system for auction reserve prices" focusing on the issue ofa rieliable reserve price: important both forthe sellers as for the purchasers. The paper is a preliminaryeffort toapply thefuzzysetstheory tothemultiattributes valuation ofartgoods. W. Uchacz and Z. Pietrzykowski present the use offuzzy linear programming for vessel traffic optimisation on the Swinoujscie - Szczecin fairway. The L-R representation offuzzy number wasusedforthemodel description. A. Mieszkowicz - Rolka and Leszek Rolka in their paper consider the evaluation ofhuman decision model basing on measures ofthe variable precision rough setstheory.Decision tables weregeneratedand investigated incaseofcontrol ofdynamic plant (aircraft). J.Czerniak andH. Zarzycki describe themodel oftheexpertsystemswhich will perform the presumptive diagnosis of two diseases ofurinary system. This is an example ofthe rough sets theory application togenerate the set ofdecision rules in ordertosolveamedical problem. J. Morajda in the article "Neural networks and their economic applications" outlines basic types of neural networks and presents their selected application in marketing,financeand otherareasofbusiness and economy. M. Plucinski inhis paper presents an application ofthe probabilityRBF neural network to classification of samples with missing attributes and tuning of the network withincompletedata. I. Rejer and A. Piegat intheirarticle introduce anew method ofinvestigatinga significanceofinput variables innon-linear multi-dimentional systems. The method was used to build a ranking of significance for I9-dimentional system of an unemploymentrateinPoland inyears 1992-1999. R.Smierzchalski inhispaper presents theevolutionaryalgorithm forcomputing the near optimum trajectory of a ship in given sea environment. By taking into viii account certain boundaries of the manoeuvring region, along with navigation obstacles and other moving ship, the problem of avoiding collisions at sea was reduced toadynamicoptimisationtaskwithstaticanddynamicconstrains.Resultof algorithm parameter, having the form obtained using the program for navigation situation,aregiven. In the article "Improvement and evaluation of autonomous load distribution method" authors proposed a new load distribution algorithm for multi-computer systems and applied it on a workstation cluster to compare it with some methods proposed inthepast. In the paper "Idea of the national system ofeducation and verification traffic knowledge as a tool of traffic safety increasing" authors present the education system based on knowledge management. The system is developed for the sake of theEuropeandrivers'educationstandards. B. Smialkowska in her paper presents an overall charakteristics of methods aiming at integration ofenterprise's management information systems and decision support systems. The method is based on virtual data warehouse concept with adatabaseofdecision modellingmethodsanddatabaseofmodels. In thepaper "Objectclassification and recognition usingToeplitz Matrices" the derived Toeplitz formsareapplied to verifythe projected view ofthe given images for recognition. The results of experiments good and encouraging for algorithm extension toapply onotherapplications likehandwritten script,spoken-letter image and varieties ofgeometrical patterns including views ofthree dimensional objects forthesakeofclassificationandrecognition. Thelastsetoffourpapersconcerntheproblemsofmulti-agentsystemsapplications. E.Nawareckiet al.consideraproblem in which distributionand transportation ofresources depend on incomplete and uncertain information about availability or demand. Agent-based simulation isproposedasaconvenient andefficienttool.The chosen experiments with the model are reported together with interpretation and somegeneralremarks. In thepaper "Amulti-agent approach to modelling and simulation oftransport on demandproblem"authors focuson amodelofmulti-agent systemforsimulation of transport on demand. The system performs efficient allocation of vehicles to dynamicallyincomingtransportorders. O. Popov et al. in their paper describe the general design and an example of practical realisationofthesimulationsystemforalightairplane,createdasapartof an intelligent multi-agent tutoring system for civil aviation. Structure of the simulation system is based on two modules: the simulation kernel and the user interface.Bothmodulescommunicatewitheachotheraswellaswiththeotherparts ofan intelligent tutoring systemthrough the network, which makes the simulation systemasuitabletoolforuseindistance learning. P. Pechman and J.Soldek present a model of communication system with computers by using natural language. Model was built based on results of their research ofsemantic analysis and sentence generation in Polish language used in human - computer dialogue. Multi-agent system structures and specified agent functions related to communication based on natural language, are described. Achievabilityoftheproposedsystemofthe virtualmarket ofservicesand functions intended foragentsarealsodiscussed. ix Chapter II "Computer Security and Safety" contains 10 papers related to the problemsofsecurity, cryptography,safety and riskmanagement. M. Kurkowski and 1. Pejas in their article propose the logic-based model for interpretingthebasicevents andpropertiesofthe distributedaccess control systems. They provideaconvenientformal language, anaxiomatic inference system, amodel ofcomputation, and semantics. They prove some importantproperties ofthis logic and show how our logical language can express some access control policies proposedsofar. 1. Pejas in the paper "Certificate - based access control policies description language"describes the language tosupport security and managementofdistributed systems.Thispolicylanguageisbasedonadeclarative,object-orientedPonderlanguage presentedinDamianou.Thelanguageisflexible,expressiveandextensibletocoverthe widerangeofrequirementsimpliedbythecurrentdistributedsystemsparadigms. M.Srebrnyand P. Such intheir papers present anew symmetric cryptosystem, based on two-dimensional cellular automata. Enciphering uses both left- and right toggle rules. Enhanced cryptographic power is obtained by designing some simple geometric transformations on squares ofbits ofinformation. As an application, a software system "IPI Protect" is presented which integrates with MS Word for protecting the documents against unauthorized modifications while allowing free viewing andprinting. M. Gogolewski and M.Kutylowski consider the problem ofsecure data storing in apool ofvulnerable servers. Inorder to elude the threat described one may store multiplecopiesofdata inapoolofdata servers.However,inordertolimitthecosts, thenumberofcopiesmust belimited.Again,thisprovides achance foranadversary toattack onlythe fewservers actuallystoring thecopiesofdatarelevant forhim. In this paper they design a simple and elegant method for secure storing of encrypted data based on Rackoff-Simon onion protocol used previously against trafficanalysis. M.KuleszaandZ.Kotulskiexaminetheproblemofautomaticsecretgenerationand sharingforKarin-Greene-Hellmanscheme.Theyshowhowtosimultaneouslygenerate andsharerandomsecret.Next,theyproposeamethodofautomaticsharingofaknown secret.Theydiscusshowtouseextendedcapabilitiesintheproposedmethod. In the paper "The FSR-255 family ofhash functions with a variable length of hash result" a family ofcryptographic hash functions withavariable length ofhash result, is presented. The hash functions are defined by some processing structures based on seventeen 15-stage stagenon-linear feedback shift registers. The feedback functions can be modified by the user to customize the hash function. Hardware is designed for implementing as a full custom ASIC, and is optimized to increase the processingrate. M.KurkowskiandW.Mackowpresent in the paper the application ofnew fast method of verification of cryptographic authentication protocols to verification of the Needham-Schroeder Public Key Authentication Protocol. They present a verification algorithm, its implementation and some experimental results. For the verificationofcorrectness propertytheyapplyabackward induction method. T. Cichocki and 1. Gorski present in their paper an extension to the common FMEA method insuchawaythat itcanbeappliedtosafety analysis ofsystems that aredevelopedusingarecentlypopularobjectorientedapproach.Themethodmakesuse x oftheobjectandcollaborationmodelsofUML.Themethodsupportssystematicwayof failure mode identification and validation.The verification processprovideshints for possible redesign of components. Experiences of using the method for a railway signallingcasestudyarealsoreported. J. GOrski and J. Miler present a concept of continuous risk management in distributed software development projects. The concept is particularly relevant for critical software applications where risk management is among main project management activities. The approach recognises that effective and open communication is the prerequisite for successful risk management. Therefore, it concentrates on providing to the project stakeholders a broad and highly available communication channel through which they can communicate risk-related information The description ofatoolthat embodies thoseconcepts andreports from somevalidation experiments arealso included. I. EIFrayin his paper consider someapplication problems ofrisk analysis and evaluation. At present every company which want to exist on the market should introduce consistent security policy and risk management mechanisms within the company to guarantee information accessibility, confidentiality and integrity. The paper is focused on risk evaluation based on some model enterprise and in accordance withknownandaccepted riskmanagementmethods. Szczecin, March2003 Professor JerzySoidek Chairman ofInternational ProgramComitteeCommittee