Object-based Information Flow Control in Peer-to-peer Publish/Subscribe Systems

Distributed systems are getting so scalable like IoT (Internet of Things) and P2P (Peer-to-Peer) systems that millions of devices are connected and support various types of applications. Here, distributed systems are required to be secure in addition to increasing the performance, reliability, and availability and reducing the energy consumption. In distributed systems, information in objects flows to other objects by transactions reading and writing data in the objects. Here, some information of an object may illegally flow to a subject which is not allowed to get the information of the object. Especially, a leakage of sensitive information is to be prevented from occurring. In order to keep information systems secure, illegal information flow among objects has to be prevented. Types of synchronization protocols are so far discussed based on read and write access rights in the RBAC (Role-Based Access Control) model to prevent illegal information flow.In this thesis, we newly propose a P2PPSO (P2P type of topic-based PS (Publish/Subscribe) with Object concept) model and discuss the models and protocols for information flow control. A P2PPSO model is composed of peer processes (peers) which communicate with one another by publishing and subscribing event messages. Each peer can both publish and receive event messages with no centralized coordinator compared with traditional centralized PS models. Each event message published by a source peer carries information to a target peer. The contents carried by an event message are considered to be composed of objects. An object is a unit of data resource. Objects are characterized by topics, and each event message is also characterized by topics named publication topics.In order to make a P2PPSO system secure, we first newly propose a TBAC (Topic-Based Access Control) model. Here, an access right is a pair ⟨t, op⟩ of a topic t and a publish or subscribe operation op. A peer is allowed to publish an event message with publication topics and subscribe interesting topics only if the publication and subscription access rights are granted to the peer, respectively. Suppose an event message e_j published by a peer p_j carries an object on some topics into a target peer p_i. Here, information in the peer p_j illegally flows to the peer p_i if the target peer p_i is not allowed to subscribe the topics. An illegal object is an object whose topics a target peer is not allowed to subscribe. Even if an event message is received by a target peer by checking topics, objects carried by the event message may be illegal at the target peer. Hence, first, we propose a TOBS (Topics-of-Objects-Based Synchronization) protocol to prevent target peers from being delivered illegal objects in the P2PPSO system. Here, even if an event message is received by a target peer, illegal objects in the event message are not delivered to the target peer.In the TOBS protocol, every event message is assumed to be causally delivered to every common target peer in the underlying network. Suppose an event message e_2 is delivered to a target peer p_i before another event message e_1 while the event message e_1 causally precedes the event message e_2 (e_1 →_c e_2). Here, the event message e_2 is premature at the peer p_i. Hence, secondly, we propose a TOBSCO (TOBS with Causally Ordering delivery) protocol where the function to causally deliver every pair of event messages is added to the TOBS protocol. Here, we assume the underlying network supports reliable communication among every pair of peers, i.e. no event message loss, no duplicate message, and the sending order delivery of messages. Every pair of event messages received by using topics are causally delivered to every common target peer by using the vector of sequence numbers.In the TOBS and TOBSCO protocols, objects delivered to target peers are held as replicas of the objects by the target peers. If a peer updates data of an object, the peer distributes event messages, i.e. update event messages, to update every replica of the object obtained by other peers. If a peer updates an object without changing topics, the object is referred to as altered. Here, an update event message for the altered object is meaningless since peers check only topics to exchange event messages. Hence, thirdly, we propose an ETOBSCO (Efficient TOBSCO) protocol where update event messages of objects are published only if topics of the objects are updated to reduce the network overhead.In the evaluation, first, we show how many numbers of event messages and objects are prevented from being delivered to target peers in the TOBS protocol. Next, we show every pair of event messages are causally delivered but it takes longer to deliver event messages in the TOBSCO protocol than the TOBS protocol. Finally, we show the fewer number of event messages are delivered while it takes longer to update replicas of altered objects in the ETOBSCO protocol than the TOBSCO protocol.博士(工学)法政大学 (Hosei University

From Conventional to State-of-the-Art IoT Access Control Models

open access articleThe advent in Online Social Networks (OSN) and Internet of Things (IoT) has created a new world of collaboration and communication between people and devices. The domain of internet of things uses billions of devices (ranging from tiny sensors to macro scale devices) that continuously produce and exchange huge amounts of data with people and applications. Similarly, more than a billion people are connected through social networking sites to collaborate and share their knowledge. The applications of IoT such as smart health, smart city, social networking, video surveillance and vehicular communication are quickly evolving people’s daily lives. These applications provide accurate, information-rich and personalized services to the users. However, providing personalized information comes at the cost of accessing private information of users such as their location, social relationship details, health information and daily activities. When the information is accessible online, there is always a chance that it can be used maliciously by unauthorized entities. Therefore, an effective access control mechanism must be employed to ensure the security and privacy of entities using OSN and IoT services. Access control refers to a process which can restrict user’s access to data and resources. It enforces access rules to grant authorized users an access to resources and prevent others. This survey examines the increasing literature on access control for traditional models in general, and for OSN and IoT in specific. Challenges and problems related to access control mechanisms are explored to facilitate the adoption of access control solutions in OSN and IoT scenarios. The survey provides a review of the requirements for access control enforcement, discusses several security issues in access control, and elaborates underlying principles and limitations of famous access control models. We evaluate the feasibility of current access control models for OSN and IoT and provide the future development direction of access control for the sam

Beyond the Law - An Ethnography of Zambian Abortion Politics

Every year, as many as 25 million women are estimated to resort to unsafe abortion worldwide. Many of these abortions lead to severe complications and death. Nevertheless, abortion remains a contentious issue that is commonly left out of discussion in global health. When addressed in international fora, abortion is often treated primarily as a legal question, and liberal abortion laws are taken as proxies for girls’ and women’s access to safe and legal abortion services. Zambia is internationally known to have a relatively permissive abortion law. Nonetheless safe abortions are difficult to access and unsafe abortion remains a considerable health and societal problem, contributing to the high maternal mortality statistics in the country. The inconsistency between Zambia’s abortion legislation and the lack of legal abortion services is not well understood, and is the starting point for this study that examines the complex relationship between abortion law, policy implementation and practice. The aim of this dissertation is to generate knowledge on how articulations between policy, legislation and sociocultural conditions shape women’s reproductive possibilities. The study draws on 11 months of multi-sited ethnographic fieldwork that took the Zambian abortion policy as its main object of study and followed its movements across different layers of the Zambian society and health system. The findings reveal that the restrictive elements of the abortion law - which were in focus when it was developed in the early 1970s - resonate strongly with current interpretations of the law, further strengthened by the declaration of Zambia as a Christian nation. Examining the processes involved in translating abortion policy from paperwork to practice, the study reveals unfolding discursive disputes and subtle power mechanisms. Centrally located policy actors in the health bureaucracy are key in these processes that shape and constrain girls’ and women’s access to safe abortion services. The dissertation argues that strategic use of knowledge and ‘ignorance’ are core mechanisms for the ways in which the politics of abortion is played out. The study further investigates the everyday reproductive politics of abortion as it unfolds at the local community level and reveals a tolerance of abortions that are kept out of the public domain, while abortions that become known to the public are made subject to loud condemnation. Informed by Fassin’s conceptualization of moral economy, the dissertation discusses how public opposition to abortion serves to preserve the moral self and to strengthen social ties in the community. Morgan and Roberts’ concept of ‘reproductive governance’ is located centrally in this inquiry of Zambian abortion politics. The concept facilitates an analysis of how abortion governance plays out across social and bureaucratic layers in subtle ways that shape or even impede the abortion policy’s on-the-ground implementation. As such, this study goes beyond the common focus on the legal status of abortion and contributes to the literature on how reproductive practices, such as abortion, are shaped by structures of power that operate through a set of visible and less visible tools.Doktorgradsavhandlin

Adequate Access to Contraception and Sexual and Reproductive Health (SRH) Information Post-Abortion: A Case Study from Nepal

This qualitative, exploratory study examined the post-abortion experiences of Nepali women, and access and uptake of safe abortion services; unsafe abortion; post-abortion contraception; and sexual and reproductive health information. Analysis revealed themes relating to women’s abortion seeking decision-making processes and barriers to high quality safe abortion services and family planning counselling. Findings emphasised the interconnectivity of sexual and reproductive health and rights; gender discrimination, reproductive coercion; education; poverty; geographical isolation; spousal separation; and women’s empowerment

Bringing the Global to the Local: Using Participatory Research to Address Sexual Violence with Immigrant Communities in NYC

This report reveals, in their own voices, the experiences New York City immigrant women have with sexual violence and their thoughts on ending this victimization. Many of the women who participated in this pilot study talked about the situations they faced and the barriers they experienced in seeking help for sexual violence. Systematic changes are impossible without active community involvement. Our research seeks innovative partnerships with New York City communities, both to prevent violence before it happens and to intervene when it occurs. This report highlights the scope of sexual violence as experienced by immigrant women, the barriers that immigrant women face when seeking help, and the issues involved in preventing such violence in their communities

Immaculate Deception: One Educator\u27s Exploration Into the Systemic Shaming of Women in Ireland

This thesis explores the topic of shame through my perspective as a pro-choice woman and future educator. It tells of the long relationship I have had with shame, which began when I had my first abortion. It also describes the history of shame inflicted on the women of Ireland, who continue to fight for their reproductive rights. I use these narratives to support my position that educators have a responsibility to create safe spaces for controversial topics and vulnerable populations on university campuses

Redefining personal information in the context of the Internet

Réalisée en cotutelle avec l'Université de Panthéon-Assas (Paris II)Vers la fin des années soixante, face à l’importance grandissante de l’utilisation des ordinateurs par les organisations, une définition englobante de la notion de donnée personnelle a été incorporée dans les lois en matière de protection de données personnelles (« LPDPs »). Avec Internet et la circulation accrue de nouvelles données (adresse IP, données de géolocalisation, etc.), il y a lieu de s’interroger quant à l’adéquation entre cette définition et cette réalité. Aussi, si la notion de donnée personnelle, définie comme étant « une donnée concernant un individu identifiable » est toujours applicable à un tel contexte révolutionnaire, il n’en demeure pas moins qu’il importe de trouver des principes interprétatifs qui puissent intégrer ces changements factuels. La présente thèse vise à proposer une interprétation tenant compte de l’objectif recherché par les LPDPs, à savoir protéger les individus contre les risques de dommage découlant de la collecte, de l’utilisation ou de la divulgation de leurs données. Alors que la collecte et la divulgation des données entraîneront surtout un risque de dommage de nature subjective (la collecte, un sentiment d’être sous observation et la divulgation, un sentiment d’embarras et d’humiliation), l’utilisation de ces données causera davantage un dommage objectif (dommage de nature financière, physique ou discriminatoire). La thèse propose plusieurs critères qui devraient être pris en compte pour évaluer ce risque de dommage ; elle servira de guide afin de déterminer quelles données doivent être qualifiées de personnelles, et fera en sorte que les LPDPs soient le plus efficaces possibles dans un contexte de développements technologiques grandissants.In the late sixties, with the growing use of computers by organizations, a very broad definition of personal information as “information about an identifiable individual” was elaborated and has been incorporated in data protection laws (“DPLs”). In more recent days, with the Internet and the circulation of new types of information (IP addresses, location information, etc), the efficiency of this definition may be challenged. This thesis aims at proposing a new way of interpreting personal information. Instead of using a literal interpretation, an interpretation which takes into account the purpose behind DPLs will be proposed, in order to ensure that DPLs do what they are supposed to do: address or avoid the risk of harm to individuals triggered by organizations handling their personal information. While the collection or disclosure of information may trigger a more subjective kind of harm (the collection, a feeling of being observed and the disclosure, embarrassment and humiliation), the use of information will trigger a more objective kind of harm (financial, physical, discrimination, etc.). Various criteria useful in order to evaluate this risk of harm will be proposed. The thesis aims at providing a guide that may be used in order to determine whether certain information should qualify as personal information. It will provide for a useful framework under which DPLs remain efficient in light of modern technologies and the Internet