865 resultados para Privacy Based Access Control
Resumo:
Peer reviewed
Resumo:
Previously developed models for predicting absolute risk of invasive epithelial ovarian cancer have included a limited number of risk factors and have had low discriminatory power (area under the receiver operating characteristic curve (AUC) < 0.60). Because of this, we developed and internally validated a relative risk prediction model that incorporates 17 established epidemiologic risk factors and 17 genome-wide significant single nucleotide polymorphisms (SNPs) using data from 11 case-control studies in the United States (5,793 cases; 9,512 controls) from the Ovarian Cancer Association Consortium (data accrued from 1992 to 2010). We developed a hierarchical logistic regression model for predicting case-control status that included imputation of missing data. We randomly divided the data into an 80% training sample and used the remaining 20% for model evaluation. The AUC for the full model was 0.664. A reduced model without SNPs performed similarly (AUC = 0.649). Both models performed better than a baseline model that included age and study site only (AUC = 0.563). The best predictive power was obtained in the full model among women younger than 50 years of age (AUC = 0.714); however, the addition of SNPs increased the AUC the most for women older than 50 years of age (AUC = 0.638 vs. 0.616). Adapting this improved model to estimate absolute risk and evaluating it in prospective data sets is warranted.
Resumo:
I serpenti robot sono una classe di meccanismi iper-ridondanti che appartiene alla robotica modulare. Grazie alla loro forma snella ed allungata e all'alto grado di ridondanza possono muoversi in ambienti complessi con elevata agilità. L'abilità di spostarsi, manipolare e adattarsi efficientemente ad una grande varietà di terreni li rende ideali per diverse applicazioni, come ad esempio attività di ricerca e soccorso, ispezione o ricognizione. I robot serpenti si muovono nello spazio modificando la propria forma, senza necessità di ulteriori dispositivi quali ruote od arti. Tali deformazioni, che consistono in movimenti ondulatori ciclici che generano uno spostamento dell'intero meccanismo, vengono definiti andature. La maggior parte di esse sono ispirate al mondo naturale, come lo strisciamento, il movimento laterale o il movimento a concertina, mentre altre sono create per applicazioni specifiche, come il rotolamento o l'arrampicamento. Un serpente robot con molti gradi di libertà deve essere capace di coordinare i propri giunti e reagire ad ostacoli in tempo reale per riuscire a muoversi efficacemente in ambienti complessi o non strutturati. Inoltre, aumentare la semplicità e ridurre il numero di controllori necessari alla locomozione alleggerise una struttura di controllo che potrebbe richiedere complessità per ulteriori attività specifiche. L'obiettivo di questa tesi è ottenere un comportamento autonomo cedevole che si adatti alla conformazione dell'ambiente in cui il robot si sta spostando, accrescendo le capacità di locomozione del serpente robot. Sfruttando la cedevolezza intrinseca del serpente robot utilizzato in questo lavoro, il SEA Snake, e utilizzando un controllo che combina cedevolezza attiva ad una struttura di coordinazione che ammette una decentralizzazione variabile del robot, si dimostra come tre andature possano essere modificate per ottenere una locomozione efficiente in ambienti complessi non noti a priori o non modellabili.
Resumo:
In database applications, access control security layers are mostly developed from tools provided by vendors of database management systems and deployed in the same servers containing the data to be protected. This solution conveys several drawbacks. Among them we emphasize: 1) if policies are complex, their enforcement can lead to performance decay of database servers; 2) when modifications in the established policies implies modifications in the business logic (usually deployed at the client-side), there is no other possibility than modify the business logic in advance and, finally, 3) malicious users can issue CRUD expressions systematically against the DBMS expecting to identify any security gap. In order to overcome these drawbacks, in this paper we propose an access control stack characterized by: most of the mechanisms are deployed at the client-side; whenever security policies evolve, the security mechanisms are automatically updated at runtime and, finally, client-side applications do not handle CRUD expressions directly. We also present an implementation of the proposed stack to prove its feasibility. This paper presents a new approach to enforce access control in database applications, this way expecting to contribute positively to the state of the art in the field.
Resumo:
In database applications, access control security layers are mostly developed from tools provided by vendors of database management systems and deployed in the same servers containing the data to be protected. This solution conveys several drawbacks. Among them we emphasize: (1) if policies are complex, their enforcement can lead to performance decay of database servers; (2) when modifications in the established policies implies modifications in the business logic (usually deployed at the client-side), there is no other possibility than modify the business logic in advance and, finally, 3) malicious users can issue CRUD expressions systematically against the DBMS expecting to identify any security gap. In order to overcome these drawbacks, in this paper we propose an access control stack characterized by: most of the mechanisms are deployed at the client-side; whenever security policies evolve, the security mechanisms are automatically updated at runtime and, finally, client-side applications do not handle CRUD expressions directly. We also present an implementation of the proposed stack to prove its feasibility. This paper presents a new approach to enforce access control in database applications, this way expecting to contribute positively to the state of the art in the field.
Resumo:
Background: There are limited data concerning endoscopist-directed endoscopic retrograde cholangiopancreatography deep sedation. The aim of this study was to establish the safety and risk factors for difficult sedation in daily practice. Patients and methods: Hospital-based, frequency matched case-control study. All patients were identified from a database of 1,008 patients between 2014 and 2015. The cases were those with difficult sedations. This concept was defined based on the combination of the receipt of high-doses of midazolam or propofol, poor tolerance, use of reversal agents or sedation-related adverse events. The presence of different factors was evaluated to determine whether they predicted difficult sedation. Results: One-hundred and eighty-nine patients (63 cases, 126 controls) were included. Cases were classified in terms of high-dose requirements (n = 35, 55.56%), sedation-related adverse events (n = 14, 22.22%), the use of reversal agents (n = 13, 20.63%) and agitation/discomfort (n = 8, 12.7%). Concerning adverse events, the total rate was 1.39%, including clinically relevant hypoxemia (n = 11), severe hypotension (n = 2) and paradoxical reactions to midazolam (n = 1). The rate of hypoxemia was higher in patients under propofol combined with midazolam than in patients with propofol alone (2.56% vs. 0.8%, p < 0.001). Alcohol consumption (OR: 2.674 [CI 95%: 1.098-6.515], p = 0.030), opioid consumption (OR: 2.713 [CI 95%: 1.096-6.716], p = 0.031) and the consumption of other psychoactive drugs (OR: 2.015 [CI 95%: 1.017-3.991], p = 0.045) were confirmed to be independent risk factors for difficult sedation. Conclusions: Endoscopist-directed deep sedation during endoscopic retrograde cholangiopancreatography is safe. The presence of certain factors should be assessed before the procedure to identify patients who are high-risk for difficult sedation.
Resumo:
Otto-von-Guericke-Universität Magdeburg, Fakultät für Maschinenbau, Dissertation, 2016
Resumo:
Generally, smart campus applications do not consider the role of the user with his/her position in a university environment, consequently irrelevant information is delivered to the users. This dissertation proposes a location-based access control model, named Smart-RBAC, extending the functionality of Role-based Access Control Model (RBAC) by including user’s location as the contextual attribute, to solve the aforementioned problem. Smart-RBAC model is designed with a focus on content delivery to the user in order to offer a feasible level of flexibility, which was missing in the existing location-based access control models. An instance of the model, derived from Liferay’s RBAC, is implemented by creating a portal application to test and validate the Smart-RBAC model. Additionally, portlet-based applications are developed to assess the suitability of the model in a smart campus environment. The evaluation of the model, based on a popular theoretical framework, demonstrates the model’s capability to achieve some security goals like “Dynamic Separation of Duty” and “Accountability”. We believe that the Smart-RBAC model will improve the existing smart campus applications since it utilizes both, role and location of the user, to deliver content.
Resumo:
RFID on radioaaltoja hyväksikäyttävä langaton kommunikointitekniikka, jota käytetään tunnistamaan tunnisteella merkittyjä esineitä tai ihmisiä yksilöinä. RFID on jo pitkään ollut tunnettu tekniikka, mutta vasta viime vuosikymmeninä sitä on alettu hyödyntämään kaupallisesti eri sovellusaloilla. Kandidaatintyön tarkoituksena on tehdä yleiskatsaus RFID:n historiaan, järjestelmien osiin ja niiden toimintaan sekä kartoittaa RFID-markkinoiden nykytilaa ja lähitulevaisuutta sekä globaalilta kannalta että Suomessa. Lopuksi työssä tarkastellaan RFID-perusteisten kulunvalvontajärjestelmien perusominaisuuksia ja niiden toimintaa.
Resumo:
Rollbaserad åtkomstkontroll är en standardiserad och väl etablerad modell för att hantera åtkomsträttigheter i informationssystem. Den vedertagna ANSI-standarden 359-2004 saknar dock stöd för att geografiskt avgränsa rollbehörigheter. Informationssystem som behandlar geografiska data och de senaste årens ökade spridning av mobila enheter påkallar ett behov av att sådana rumsliga aspekter diskuteras inom kontexten av rollbaserad åtkomstkontroll. Arbetet syftar till att bringa klarhet i hur det befintliga kunskapstillståndet inom ämnesområdet rollbaserad åtkomst kontroll med geografisk avgränsning ser ut, och vilka aspekter hos detta som står i behov av vidare utveckling. Genom de teoretiska referensramar som skapats vid inledande litteraturstudier har en efterföljande systematisk litteraturgenomgång möjliggjorts, där vetenskapligt material selekterats genom fördefinierade urvalskriterier. Sammanställningen och analysen av den systematiska litteraturgenomgångens resultat har i samverkan med de teoretiska referensramarna lett fram till arbetets huvudsakliga kunskapsbidrag: en områdesöversikt där ämnets state-of-the-art presenteras och en strukturerad lista över angelägna forsknings- och utvecklingsbehov inom området.
Resumo:
Nowadays due to the security vulnerability of distributed systems, it is needed mechanisms to guarantee the security requirements of distributed objects communications. Middleware Platforms component integration platforms provide security functions that typically offer services for auditing, for guarantee messages protection, authentication, and access control. In order to support these functions, middleware platforms use digital certificates that are provided and managed by external entities. However, most middleware platforms do not define requirements to get, to maintain, to validate and to delegate digital certificates. In addition, most digital certification systems use X.509 certificates that are complex and have a lot of attributes. In order to address these problems, this work proposes a digital certification generic service for middleware platforms. This service provides flexibility via the joint use of public key certificates, to implement the authentication function, and attributes certificates to the authorization function. It also supports delegation. Certificate based access control is transparent for objects. The proposed service defines the digital certificate format, the store and retrieval system, certificate validation and support for delegation. In order to validate the proposed architecture, this work presents the implementation of the digital certification service for the CORBA middleware platform and a case study that illustrates the service functionalities
Resumo:
L'obiettivo della tesi è la creazione di un'infrastruttura di tipo RBAC (Role Based Access Control), adibita al controllo degli accessi all'interno del linguaggio di coordinazione TuCSoN. Il punto di partenza si basa sull'analisi del lavoro sviluppato dall'Ing. Galassi: "Modello di sicurezza e controllo di accesso in una infrastruttura di coordinazione: architettura e implementazione". Usando questa come base teorica di partenza, si sono estrapolati i concetti chiave e si è data vita ad un'implementazione funzionante e di semplice utilizzo di RBAC in TuCSoN.
Resumo:
File system security is fundamental to the security of UNIX and Linux systems since in these systems almost everything is in the form of a file. To protect the system files and other sensitive user files from unauthorized accesses, certain security schemes are chosen and used by different organizations in their computer systems. A file system security model provides a formal description of a protection system. Each security model is associated with specified security policies which focus on one or more of the security principles: confidentiality, integrity and availability. The security policy is not only about “who” can access an object, but also about “how” a subject can access an object. To enforce the security policies, each access request is checked against the specified policies to decide whether it is allowed or rejected. The current protection schemes in UNIX/Linux systems focus on the access control. Besides the basic access control scheme of the system itself, which includes permission bits, setuid and seteuid mechanism and the root, there are other protection models, such as Capabilities, Domain Type Enforcement (DTE) and Role-Based Access Control (RBAC), supported and used in certain organizations. These models protect the confidentiality of the data directly. The integrity of the data is protected indirectly by only allowing trusted users to operate on the objects. The access control decisions of these models depend on either the identity of the user or the attributes of the process the user can execute, and the attributes of the objects. Adoption of these sophisticated models has been slow; this is likely due to the enormous complexity of specifying controls over a large file system and the need for system administrators to learn a new paradigm for file protection. We propose a new security model: file system firewall. It is an adoption of the familiar network firewall protection model, used to control the data that flows between networked computers, toward file system protection. This model can support decisions of access control based on any system generated attributes about the access requests, e.g., time of day. The access control decisions are not on one entity, such as the account in traditional discretionary access control or the domain name in DTE. In file system firewall, the access decisions are made upon situations on multiple entities. A situation is programmable with predicates on the attributes of subject, object and the system. File system firewall specifies the appropriate actions on these situations. We implemented the prototype of file system firewall on SUSE Linux. Preliminary results of performance tests on the prototype indicate that the runtime overhead is acceptable. We compared file system firewall with TE in SELinux to show that firewall model can accommodate many other access control models. Finally, we show the ease of use of firewall model. When firewall system is restricted to specified part of the system, all the other resources are not affected. This enables a relatively smooth adoption. This fact and that it is a familiar model to system administrators will facilitate adoption and correct use. The user study we conducted on traditional UNIX access control, SELinux and file system firewall confirmed that. The beginner users found it easier to use and faster to learn then traditional UNIX access control scheme and SELinux.
Resumo:
Las redes son la esencia de comunidades y sociedades humanas; constituyen el entramado en el que nos relacionamos y determinan cómo lo hacemos, cómo se disemina la información o incluso cómo las cosas se llevan a cabo. Pero el protagonismo de las redes va más allá del que adquiere en las redes sociales. Se encuentran en el seno de múltiples estructuras que conocemos, desde las interaciones entre las proteínas dentro de una célula hasta la interconexión de los routers de internet. Las redes sociales están presentes en internet desde sus principios, en el correo electrónico por tomar un ejemplo. Dentro de cada cliente de correo se manejan listas contactos que agregadas constituyen una red social. Sin embargo, ha sido con la aparición de los sitios web de redes sociales cuando este tipo de aplicaciones web han llegado a la conciencia general. Las redes sociales se han situado entre los sitios más populares y con más tráfico de la web. Páginas como Facebook o Twitter manejan cifras asombrosas en cuanto a número de usuarios activos, de tráfico o de tiempo invertido en el sitio. Pero las funcionalidades de red social no están restringidas a las redes sociales orientadas a contactos, aquellas enfocadas a construir tu lista de contactos e interactuar con ellos. Existen otros ejemplos de sitios que aprovechan las redes sociales para aumentar la actividad de los usuarios y su involucración alrededor de algún tipo de contenido. Estos ejemplos van desde una de las redes sociales más antiguas, Flickr, orientada al intercambio de fotografías, hasta Github, la red social de código libre más popular hoy en día. No es una casualidad que la popularidad de estos sitios web venga de la mano de sus funcionalidades de red social. El escenario es más rico aún, ya que los sitios de redes sociales interaccionan entre ellos, compartiendo y exportando listas de contactos, servicios de autenticación y proporcionando un valioso canal para publicitar la actividad de los usuarios en otros sitios web. Esta funcionalidad es reciente y aún les queda un paso hasta que las redes sociales superen su condición de bunkers y lleguen a un estado de verdadera interoperabilidad entre ellas, tal como funcionan hoy en día el correo electrónico o la mensajería instantánea. Este trabajo muestra una tecnología que permite construir sitios web con características de red social distribuída. En primer lugar, se presenta una tecnología para la construcción de un componente intermedio que permite proporcionar cualquier característica de gestión de contenidos al popular marco de desarrollo web modelo-vista-controlador (MVC) Ruby on Rails. Esta técnica constituye una herramienta para desarrolladores que les permita abstraerse de las complejidades de la gestión de contenidos y enfocarse en las particularidades de los propios contenidos. Esta técnica se usará también para proporcionar las características de red social. Se describe una nueva métrica de reusabilidad de código para demostrar la validez del componente intermedio en marcos MVC. En segundo lugar, se analizan las características de los sitios web de redes sociales más populares, con el objetivo de encontrar los patrones comunes que aparecen en ellos. Este análisis servirá como base para definir los requisitos que debe cumplir un marco para construir redes sociales. A continuación se propone una arquitectura de referencia que proporcione este tipo de características. Dicha arquitectura ha sido implementada en un componente, Social Stream, y probada en varias redes sociales, tanto orientadas a contactos como a contenido, en el contexto de una asociación vecinal tanto como en proyectos de investigación financiados por la UE. Ha sido la base de varios proyectos fin de carrera. Además, ha sido publicado como código libre, obteniendo una comunidad creciente y está siendo usado más allá del ámbito de este trabajo. Dicha arquitectura ha permitido la definición de un nuevo modelo de control de acceso social que supera varias limitaciones presentes en los modelos de control de acceso para redes sociales. Más aún, se han analizado casos de estudio de sitios de red social distribuídos, reuniendo un conjunto de caraterísticas que debe cumplir un marco para construir redes sociales distribuídas. Por último, se ha extendido la arquitectura del marco para dar cabida a las características de redes sociales distribuídas. Su implementación ha sido validada en proyectos de investigación financiados por la UE. Abstract Networks are the substance of human communities and societies; they constitute the structural framework on which we relate to each other and determine the way we do it, the way information is diseminated or even the way people get things done. But network prominence goes beyond the importance it acquires in social networks. Networks are found within numerous known structures, from protein interactions inside a cell to router connections on the internet. Social networks are present on the internet since its beginnings, in emails for example. Inside every email client, there are contact lists that added together constitute a social network. However, it has been with the emergence of social network sites (SNS) when these kinds of web applications have reached general awareness. SNS are now among the most popular sites in the web and with the higher traffic. Sites such as Facebook and Twitter hold astonishing figures of active users, traffic and time invested into the sites. Nevertheless, SNS functionalities are not restricted to contact-oriented social networks, those that are focused on building your own list of contacts and interacting with them. There are other examples of sites that leverage social networking to foster user activity and engagement around other types of content. Examples go from early SNS such as Flickr, the photography related networking site, to Github, the most popular social network repository nowadays. It is not an accident that the popularity of these websites comes hand-in-hand with their social network capabilities The scenario is even richer, due to the fact that SNS interact with each other, sharing and exporting contact lists and authentication as well as providing a valuable channel to publize user activity in other sites. These interactions are very recent and they are still finding their way to the point where SNS overcome their condition of data silos to a stage of full interoperability between sites, in the same way email and instant messaging networks work today. This work introduces a technology that allows to rapidly build any kind of distributed social network website. It first introduces a new technique to create middleware that can provide any kind of content management feature to a popular model-view-controller (MVC) web development framework, Ruby on Rails. It provides developers with tools that allow them to abstract from the complexities related with content management and focus on the development of specific content. This same technique is also used to provide the framework with social network features. Additionally, it describes a new metric of code reuse to assert the validity of the kind of middleware that is emerging in MVC frameworks. Secondly, the characteristics of top popular SNS are analysed in order to find the common patterns shown in them. This analysis is the ground for defining the requirements of a framework for building social network websites. Next, a reference architecture for supporting the features found in the analysis is proposed. This architecture has been implemented in a software component, called Social Stream, and tested in several social networks, both contact- and content-oriented, in local neighbourhood associations and EU-founded research projects. It has also been the ground for several Master’s theses. It has been released as a free and open source software that has obtained a growing community and that is now being used beyond the scope of this work. The social architecture has enabled the definition of a new social-based access control model that overcomes some of the limitations currenly present in access control models for social networks. Furthermore, paradigms and case studies in distributed SNS have been analysed, gathering a set of features for distributed social networking. Finally the architecture of the framework has been extended to support distributed SNS capabilities. Its implementation has also been validated in EU-founded research projects.
