Probability theory has been the only well-founded theory of uncertainty for a long time. It was viewed either as a powerful tool for modelling random phenomena, or as a rational approach to the notion of degree of belief. During the last thirty years, in areas centered around decision theory, artificial intelligence and information processing, numerous approaches extending or orthogonal to the existing theory of probability and mathematical statistics have come to the front. The common feature of those attempts is to allow for softer or wider frameworks for taking into account the incompleteness or imprecision of information. Many of these approaches come down to blending interval or fuzzy interval analysis with probabilistic methods.

This book gathers contributions to the 4th International Conference on Soft methods in Probability and Statistics. Its aim is to present recent results illustrating such new trends that enlarge the statistical and uncertainty modeling traditions, towards the handling of incomplete or subjective information. It covers a broad scope ranging from philosophical and mathematical underpinnings of new uncertainty theories, with a stress on their impact in the area of statistics and data analysis, to numerical methods and applications to environmental risk analysis and mechanical engineering. A unique feature of this collection is to establish a dialogue between fuzzy random variables and imprecise probability theories.

In the last few years, power dissipation has become an important design constraint, on par with performance, in the design of new computer systems. Whereas in the past, the primary job of the computer architect was to translate improvements in operating frequency and transistor count into performance, now power efficiency must be taken into account at every step of the design process.

While for some time, architects have been successful in delivering 40% to 50% annual improvement in processor performance, costs that were previously brushed aside eventually caught up. The most critical of these costs is the inexorable increase in power dissipation and power density in processors. Power dissipation issues have catalyzed new topic areas in computer architecture, resulting in a substantial body of work on more power-efficient architectures.

Power dissipation coupled with diminishing performance gains, was also the main cause for the switch from single-core to multi-core architectures and a slowdown in frequency increase. This book aims to document some of the most important architectural techniques that were invented, proposed, and applied to reduce both dynamic power and static power dissipation in processors and memory hierarchies. A significant number of techniques have been proposed for a wide range of situations and this book synthesizes those techniques by focusing on their common characteristics.

Role-based access control (RBAC) promises to provide several benefits to organizations. These benefits include simplified security provisioning and administration, ease of reporting on privileges and to whom they are available, and finer grained security authorization. By being policy-neutral, RBAC can be used to enforce the variety of access control policies that various organizations already have in place or may develop in preparation for the adoption of RBAC. RBAC also provides specific features to facilitate implementation of access control policies. These features include capabilities to impose constraints on relationships among roles and among the components of roles, and the inheritance of permissions from one role by another that can simplify role design.

To employ RBAC it is first necessary to identify a set of roles for the organization. These roles must accurately reflect the activities, functions, and responsibilities within the organization. Roles have two major components: the names of the job functions performed by IT users, and the permissions that enforce an access control policy. The definition of roles is a process of discovering and then engineering requirements for access control. A methodology for establishing a valid set of role names with assigned permissions is needed. This book is designed to assist organizations in establishing such a role engineering methodology before starting a role engineering effort. Previous practical experience is applied to provide practical guidance in defining roles and in structuring the roles for use in controlling access to IT resources.

Are you an information security professional looking for a way to conduct network evaluations in a comprehensive and customized manner? Did you know that the National Security Agency has a methodology that they use and recommend? Security Evaluation was written by professionals who not only use this methodology themselves, but who helped develop and teach the course for the NSA.

Security Evaluation guides the experienced INFOSEC professional through a step-by-step process to ensure their customers receive the most accurate and comprehensive evaluation of their network security posture as possible. Security Evaluation is unique as it starts with the customer's information, not the technical tools to be used. In this way, the INFOSEC professional is able to ensure the results are relevant to the customer as opposed to delivering a standardized report, which may or may not directly affect or improve security posture. In addition, this framework will not only give the customer a sense of where they are, but also a way for both the service provider and customer to monitor and track progress over time using this repeatable methodology. Don't be misled by other books that focus only on technical tools. As an INFOSEC professional, you owe it to yourself and your customers to also have an understanding of how legislation, industry regulation, and legal issues affect you both. Network Security Evaluation Using the NSA IEM helps you put this all together and deliver a final product that the customer will actually understand and use.

About the Author

Russ is a co-founder, CEO, CTO and Principal Security Consultant for Security Horizon, Inc. Russ is a United States Air Force Veteran and has served in military and contract support for the National Security Agency and the Defense Information Systems Agency. Russ is also the editor-in-chief of "The Security Journal." He also serves as the Professor of Network Security at the University of Advancing Technology (uat.edu) in Tempe, AZ. Russ is the author of Hacking a Terror Network: The Silent Threat of Covert Channels (Syngress, ISBN 1-928994-98-9). He has contributed to many books including Stealing the Network: How to Own a Continent (Syngress, ISBN: 1-931836-05-1), Security Assessment: Case Studies for Implementing the NSA IAM (Syngress, ISBN 1-932266-96-8), WarDriving, Drive, Detect, Defend: A Guide to Wireless Security (Syngress, ISBN: 1-931836-03-5) and SSCP Study Guide and DVD Training System (Syngress, ISBN: 1-931846-80-9). He is also a co-founder of the Security Tribe information security research web site at www.securitytribe.com.

Greg Miles,(Ph.D., CISSP#24431, CISM#0300338, IAM, IEM)is the President, and Chief Financial Officer of Security Horizon, Inc. Security Horizon is a Global, Veteran-Owned Small Business headquartered in Colorado Springs, Colorado.

RFID technology has been available for decades, but it is only recently that its application has become a core topic for computing. This book introduces the technologies and techniques of large-scale RFID-enabled mobile computing systems, set in the context of specific case studies.

The book begins with a quick introduction to RFID basics and then discusses the various elements of the topic, using applications such as e-passports, ticketing and supply-chain management throughout. The text explores RFID technology fundamentals, including operating principles, core system components and performance trade-offs involved in the selection of specific RFID platforms. The emphasis is on a practical approach, developing an arsenal of techniques and designs that can be mixed and matched to fit the needs of new systems and applications.

Features

• Offers a practical approach, with specific RFID applications providing context for discussion

• Highlights the basics of RFID, including wireless energy transfer and communication by reflection.

• Presents the main ingredients for building complete network RFID systems

• Discusses the different types of readers and tags in detail – making particular reference to common technologies used in real systems

• Explores how the different identifier systems encode unique serial codes for tagged entities, and how codes are assigned to particular organizations

• Describes the structure and functionality of modern RFID systems and middleware

• Considers different types of network services required for RFID support

• Debates the hot topics of privacy and security

• Looks at the future of RFID technology

• Allows readers to experiment via a supplementary website with operational instances of RFID network services: http://www.roussos.eu/rfid

Written for IT professionals as well as students, this comprehensive and reader-friendly text discusses the current state-of-the-art in RFID platforms and architecture. It will be invaluable for anyone experienced in software development and involved with RFID technology, and will facilitate informed decision-making.

The Zope Book is an authoritative guide to Zope, an open-source Web application server. Zope goes beyond server-side scripting languages like PHP by providing a complete object framework, a built-in Web server, a Web-based management interface, and load-balancing through ZEO (Zope Enterprise Objects). That's a considerable punch, and Zope is attracting increasing interest from developers looking for an alternative to heavyweight commercial application servers. Zope is implemented in Python, an object-oriented scripting language, and runs on Windows, Linux, and Solaris.

Written by Zope developers, this title is concise and to the point. It is aimed at people new to Zope as well as current users, although some existing knowledge of Web technology is necessary. The book is organized into three parts. The first part is introductory, outlining how Zope works and explaining basic DTML (Document Template Markup Language), a tag-based language for server-side scripting. The second, and longest, part tackles users and security, scripting with Python or Perl, using Zope's built-in search engine, and connecting to relational databases. Part three covers scaling and extending Zope, with a short chapter on ZEO and information on creating your own custom Zope classes. Reference material is contained in two appendices, one for DTML and the other for the core Zope API.

The Zope Book offers an excellent, high-level view supplemented by more detail for the most common development tasks. The authors refer you to Zope's documentation or other resources for the most advanced or specialist topics. The result is ideal for evaluating Zope, and also useful for getting started with Zope projects. --Tim Anderson, amazon.co.uk

About the Author

Amos Latteier is a software engineer with Zope Corporation, the company that publishes Zope. He started hacking Python in the 1.3 days. He was one of the first users of Bobo, Zope's precursor. Using Bobo, he wrote Web applications for Hewlett Packard and others. Later he joined Zope Corporation and helped usher Zope into existence. Amos wrote most of Zope's initial networking and XML support. More recently, he developed training materials, wrote the online Help system, and wrote officially documentation and magazine articles about Zope. He is currently planning Zope's future directions. Michel Pelletier has been a software developer for Zope Corporation since January of 1999, right about the same time Zope became Open Source. Michel likes to hike, fly, read, drink beer, play his horns, and of coarse, hack in his favorite language, Python. Michel lives and works in Portland, Oregon. Before working for the Zope Corporation, Michel was self-employed in a number of jobs including freelance network engineer, waiter, software consultant, beer taster, sales associate, pizza restaurant manager, starving musician, dish washer, bum, Appalachian Trail thru-hiker, and college drop-out.