912 resultados para Access control
Resumo:
Secure Access For Everyone (SAFE), is an integrated system for managing trust
using a logic-based declarative language. Logical trust systems authorize each
request by constructing a proof from a context---a set of authenticated logic
statements representing credentials and policies issued by various principals
in a networked system. A key barrier to practical use of logical trust systems
is the problem of managing proof contexts: identifying, validating, and
assembling the credentials and policies that are relevant to each trust
decision.
SAFE addresses this challenge by (i) proposing a distributed authenticated data
repository for storing the credentials and policies; (ii) introducing a
programmable credential discovery and assembly layer that generates the
appropriate tailored context for a given request. The authenticated data
repository is built upon a scalable key-value store with its contents named by
secure identifiers and certified by the issuing principal. The SAFE language
provides scripting primitives to generate and organize logic sets representing
credentials and policies, materialize the logic sets as certificates, and link
them to reflect delegation patterns in the application. The authorizer fetches
the logic sets on demand, then validates and caches them locally for further
use. Upon each request, the authorizer constructs the tailored proof context
and provides it to the SAFE inference for certified validation.
Delegation-driven credential linking with certified data distribution provides
flexible and dynamic policy control enabling security and trust infrastructure
to be agile, while addressing the perennial problems related to today's
certificate infrastructure: automated credential discovery, scalable
revocation, and issuing credentials without relying on centralized authority.
We envision SAFE as a new foundation for building secure network systems. We
used SAFE to build secure services based on case studies drawn from practice:
(i) a secure name service resolver similar to DNS that resolves a name across
multi-domain federated systems; (ii) a secure proxy shim to delegate access
control decisions in a key-value store; (iii) an authorization module for a
networked infrastructure-as-a-service system with a federated trust structure
(NSF GENI initiative); and (iv) a secure cooperative data analytics service
that adheres to individual secrecy constraints while disclosing the data. We
present empirical evaluation based on these case studies and demonstrate that
SAFE supports a wide range of applications with low overhead.
Resumo:
Emerging cybersecurity vulnerabilities in supervisory control and data acquisition (SCADA) systems are becoming urgent engineering issues for modern substations. This paper proposes a novel intrusion detection system (IDS) tailored for cybersecurity of IEC 61850 based substations. The proposed IDS integrates physical knowledge, protocol specifications and logical behaviours to provide a comprehensive and effective solution that is able to mitigate various cyberattacks. The proposed approach comprises access control detection, protocol whitelisting, model-based detection, and multi-parameter based detection. This SCADA-specific IDS is implemented and validated using a comprehensive and realistic cyber-physical test-bed and data from a real 500kV smart substation.
Resumo:
VALENTIM, R. A. M. ; MORAIS, A. H. F. ; SOUZA, V. S. V ; ARAUJO JUNIOR, H. B. ; BRANDAO, G. B. ; GUERREIRO, A. M. G. . Rede de Controle em Ambiente Hospitalar: um protocolo multiciclos para automação hospitalar sobre IEEE 802.3 com IGMP Snooping. Revista Ciência e Tecnologia, v. 11, p. 19, 2009
Resumo:
VALENTIM, R. A. M. ; MORAIS, A. H. F. ; SOUZA, V. S. V ; ARAUJO JUNIOR, H. B. ; BRANDAO, G. B. ; GUERREIRO, A. M. G. . Rede de Controle em Ambiente Hospitalar: um protocolo multiciclos para automação hospitalar sobre IEEE 802.3 com IGMP Snooping. Revista Ciência e Tecnologia, v. 11, p. 19, 2009
Resumo:
Public agencies are increasingly required to collaborate with each other in order to provide high-quality e-government services. This collaboration is usually based on the service-oriented approach and supported by interoperability platforms. Such platforms are specialized middleware-based infrastructures enabling the provision, discovery and invocation of interoperable software services. In turn, given that personal data handled by governments are often very sensitive, most governments have developed some sort of legislation focusing on data protection. This paper proposes solutions for monitoring and enforcing data protection laws within an E-government Interoperability Platform. In particular, the proposal addresses requirements posed by the Uruguayan Data Protection Law and the Uruguayan E-government Platform, although it can also be applied in similar scenarios. The solutions are based on well-known integration mechanisms (e.g. Enterprise Service Bus) as well as recognized security standards (e.g. eXtensible Access Control Markup Language) and were completely prototyped leveraging the SwitchYard ESB product.
Resumo:
Database schemas, in many organizations, are considered one of the critical assets to be protected. From database schemas, it is not only possible to infer the information being collected but also the way organizations manage their businesses and/or activities. One of the ways to disclose database schemas is through the Create, Read, Update and Delete (CRUD) expressions. In fact, their use can follow strict security rules or be unregulated by malicious users. In the first case, users are required to master database schemas. This can be critical when applications that access the database directly, which we call database interface applications (DIA), are developed by third party organizations via outsourcing. In the second case, users can disclose partially or totally database schemas following malicious algorithms based on CRUD expressions. To overcome this vulnerability, we propose a new technique where CRUD expressions cannot be directly manipulated by DIAs any more. Whenever a DIA starts-up, the associated database server generates a random codified token for each CRUD expression and sends it to the DIA that the database servers can use to execute the correspondent CRUD expression. In order to validate our proposal, we present a conceptual architectural model and a proof of concept.
Resumo:
Call Level Interfaces (CLI) are low level API that play a key role in database applications whenever a fine tune control between application tiers and the host databases is a key requirement. Unfortunately, in spite of this significant advantage, CLI were not designed to address organizational requirements and contextual runtime requirements. Among the examples we emphasize the need to decouple or not to decouple the development process of business tiers from the development process of application tiers and also the need to automatically adapt to new business and/or security needs at runtime. To tackle these CLI drawbacks, and simultaneously keep their advantages, this paper proposes an architecture relying on CLI from which multi-purpose business tiers components are built, herein referred to as Adaptable Business Tier Components (ABTC). This paper presents the reference architecture for those components and a proof of concept based on Java and Java Database Connectivity (an example of CLI).
Resumo:
Part 6: Engineering and Implementation of Collaborative Networks
Resumo:
Eggplant was identified as another fruit fly host commodity where recent changes to interstate market access requirements are causing problems for industry. The proposed research aims to develop a systems approach to meet interstate market access requirements.
Resumo:
Contested Open Spaces?: Access and control issues in Tundikhel, Kathmandu
Public spaces play a role of political, economic and cultural transformation of cities and the impact of these transformations on the nature of public space.
Urban open space(s) in Kathmandu have been an important part of the city’s urbanism. Historically they have played an important role in the city as spaces for religious, cultural, social and political and military activities during the 300 years of unified monarchy. Throughout the civil war period (Maoist insurgency between 1996 and 2006) they became material locations for political activities, and a site for protests and dharnas. In post-conflict Kathmandu, especially since the abolition of Monarchy in May 28, 2008, these spaces are increasingly seen being claimed by street hawkers, informal sellers and individuals reflecting a new set of users and functions, whereas a significant part of Tundikhel still remains under the military occupation posing important questions around access, identity and control of an important space.
Public spaces are broadly defined as crossroads where different paths and trajectories meet, sometimes overlapping and other times colliding (Madanipour, 2003). Using Tudikhel in Kathmandu, this research examines the increasing collision and contestations witnessed through social, political and neoliberal interactions. It explores how spaces are constantly
contested, negotiated and as a result reshaped through these interactions. It is observed that multiple forces are at play to gain control and access of this important open space, leading to increasing fragmentation of the space, and erosion of its historic significance both as cultural venue and a symbol of democracy in modern Nepal. It is argued that increasing disconnection of Tudikhel from wider urban setting has contributed to exacerbation of these contestations
Resumo:
Depuis plusieurs années, les États membres de l’Union européenne (UE) se soumettent à des politiques restrictives, en matière d’asile, qui les contraignent à respecter leur engagement de protéger les personnes qui fuient la persécution. Plusieurs politiques de dissuasion de l’UE sont controversées. Certaines ont d’abord été élaborées dans différents États, avant que l’UE ne mette en place une politique commune en matière d’asile. Certaines des ces politiques migratoires ont été copiées, et ont un effet négatif sur la transformation des procédures d’asile et du droit des réfugiés dans d’autres pays, tel le Canada. En raison des normes minimales imposées par la législation de l’UE, les États membres adoptent des politiques et instaurent des pratiques, qui sont mises en doute et sont critiquées par l’UNHCR et les ONG, quant au respect des obligations internationales à l'égard des droits de la personne. Parmi les politiques et les pratiques les plus critiquées certaines touchent le secteur du contrôle frontalier. En tentant de remédier à l’abolition des frontières internes, les États membres imposent aux demandeurs d’asile des barrières migratoires quasi impossibles à surmonter. Les forçant ainsi à s’entasser dans des centres de migration, au nord de l’Afrique, à rebrousser chemin ou encore à mourir en haute mer.
Resumo:
This short 3-minute video show how you can make a recording available to anyone on the internet and how to restrict access again. It also shows how to disable and re-enable student access to a specific recording.
Resumo:
The South African government has endeavoured to strengthen property rights in communal areas and develop civil society institutions for community-led development and natural resource management. However, the effectiveness of this remains unclear as the emergence and operation of civil society institutions in these areas is potentially constrained by the persistence of traditional authorities. Focusing on the former Transkei region of Eastern Cape Province, three case study communities are used examine the extent to which local institutions overlap in issues of land access and control. Within these communities, traditional leaders (chiefs and headmen) continue to exercise complete and sole authority over land allocation and use this to entrench their own positions. However, in the absence of effective state support, traditional authorities have only limited power over how land is used and in enforcing land rights, particularly over communal resources such as rangeland. This diminishes their local legitimacy and encourages some groups to contest their authority by cutting fences, ignoring collective grazing decisions and refusing to pay ‘fees’ levied on them. They are encouraged in such activities by the presence of democratically elected local civil society institutions such as ward councillors and farmers’ organisations, which have broad appeal and are increasingly responsible for much of the agrarian development that takes place, despite having no direct mandate over land. Where it occurs at all, interaction between these different institutions is generally restricted to approval being required from traditional leaders for land allocated to development projects. On this basis it is argued that a more radical approach to land reform in communal areas is required, which transfers all powers over land to elected and accountable local institutions and integrates land allocation, land management and agrarian development more effectively.
Resumo:
PURPOSE: The purpose of this study was to assess the impact of different policies on access to hormonal contraception and pregnancy rates at two high school-based clinics. METHODS: Two clinics in high schools (Schools A and B), located in a large urban district in the southwest US, provide primary medical care to enrolled students with parental consent; the majority of whom have no health insurance coverage. The hormonal contraceptive dispensing policy of at School clinic A involves providing barrier, hormonal and emergency contraceptive services on site. School clinic B uses a referral policy that directs students to obtain contraception at an off-campus affiliated family planning clinic. Baseline data (age, race and history of prior pregnancy) on female students seeking hormonal contraception at the two clinics between 9/2008-12/2009 were extracted from an electronic administrative database (AHLERS Integrated System). Data on birth control use and pregnancy tests for each student was then tracked electronically through 3/31/2010. The outcomes measures were accessing hormonal contraception and positive pregnancy tests at any point during or after birth control use were started through 12/2009. The appointment keeping rate for contraceptive services and the overall pregnancy rates were compared between the two schools. In addition the pregnancy rates were compared between the two schools for students with and without a prior history of pregnancy. RESULTS: School clinic A: 79 students sought hormonal contraception; mean age 17.5 years; 68% were > 18 years; 77% were Hispanic; and 20% reported prior pregnancy. The mean duration of the observation period was 13 months (4-19 months). All 79 students received hormonal contraception (65% pill and 35% long acting progestin injection) onsite. During the observation period, the overall pregnancy rate was 6% (5/79); 4.7% (3/63) among students with no prior pregnancy. School clinic B: 40 students sought hormonal contraception; mean age 17.5 years; 52% > 18 years; 88 % were Hispanic; and 7.5% reported prior pregnancy. All 40 students were referred to the affiliated clinic. The mean duration of the observation period was 11.9 months (4-19 months). 50% (20) kept their appointment. Pills were dispensed to 85% (17/20) and 15% (3/20) received long acting progestin injection. The overall pregnancy rate was 20% (8/40); 21.6% (8/37) among students with no prior pregnancy. A significantly higher frequency of students seeking hormonal contraception kept their initial appointment for birth control at the school dispensing onsite contraception compared to the school with a referral policy for contraception (p<0.05). The pregnancy rate was significantly higher for the school with a referral policy for contraception compared to the school with onsite contraceptive services (p< 0.05). The pregnancy rate was also significantly higher for students without a prior history of pregnancy in the school with a referral policy for contraception (21.6%) versus the school with onsite contraceptive services (4.7%) (p< 0.05). CONCLUSION: This preliminary study showed that School clinic B with a referral policy had a lower appointment keeping rate for contraceptive services and a higher pregnancy rate than School clinic A with on-site contraceptive services. An on-site dispensing policy for hormonal contraceptives at high school-based health clinics may be a convenient and effective approach to prevent unintended first and repeat pregnancies among adolescents who seek hormonal contraception. This study has strong implications for reproductive health policy, especially as directed toward high-risk teenage populations.
