2,146 research outputs found
A Declarative Framework for Specifying and Enforcing Purpose-aware Policies
Purpose is crucial for privacy protection as it makes users confident that
their personal data are processed as intended. Available proposals for the
specification and enforcement of purpose-aware policies are unsatisfactory for
their ambiguous semantics of purposes and/or lack of support to the run-time
enforcement of policies.
In this paper, we propose a declarative framework based on a first-order
temporal logic that allows us to give a precise semantics to purpose-aware
policies and to reuse algorithms for the design of a run-time monitor enforcing
purpose-aware policies. We also show the complexity of the generation and use
of the monitor which, to the best of our knowledge, is the first such a result
in literature on purpose-aware policies.Comment: Extended version of the paper accepted at the 11th International
Workshop on Security and Trust Management (STM 2015
Compliance of Semantic Constraints - A Requirements Analysis for Process Management Systems
Key to the use of process management systems (PrMS) in
practice is their ability to facilitate the implementation, execution, and adaptation of business processes while still being able to ensure error-free process executions. Mechanisms have been developed to prevent errors
at the syntactic level such as deadlocks. In many application domains, processes often have to comply with business level rules and policies (i.e., semantic constraints). Hence, in order to ensure error-free executions at the semantic level, PrMS need certain control mechanisms for validating and ensuring the compliance with semantic constraints throughout the process lifecycle. In this paper, we discuss fundamental requirements for
a comprehensive support of semantic constraints in PrMS. Moreover, we provide a survey on existing approaches and discuss to what extent they meet the requirements and which challenges still have to be tackled.
Finally, we show how the challenge of life time compliance can be dealt with by integrating design time and runtime process validation
Design and Experimental Validation of a Software-Defined Radio Access Network Testbed with Slicing Support
Network slicing is a fundamental feature of 5G systems to partition a single
network into a number of segregated logical networks, each optimized for a
particular type of service, or dedicated to a particular customer or
application. The realization of network slicing is particularly challenging in
the Radio Access Network (RAN) part, where multiple slices can be multiplexed
over the same radio channel and Radio Resource Management (RRM) functions shall
be used to split the cell radio resources and achieve the expected behaviour
per slice. In this context, this paper describes the key design and
implementation aspects of a Software-Defined RAN (SD-RAN) experimental testbed
with slicing support. The testbed has been designed consistently with the
slicing capabilities and related management framework established by 3GPP in
Release 15. The testbed is used to demonstrate the provisioning of RAN slices
(e.g. preparation, commissioning and activation phases) and the operation of
the implemented RRM functionality for slice-aware admission control and
scheduling
Secure Cloud-Edge Deployments, with Trust
Assessing the security level of IoT applications to be deployed to
heterogeneous Cloud-Edge infrastructures operated by different providers is a
non-trivial task. In this article, we present a methodology that permits to
express security requirements for IoT applications, as well as infrastructure
security capabilities, in a simple and declarative manner, and to automatically
obtain an explainable assessment of the security level of the possible
application deployments. The methodology also considers the impact of trust
relations among different stakeholders using or managing Cloud-Edge
infrastructures. A lifelike example is used to showcase the prototyped
implementation of the methodology
- …