1,393 research outputs found
Developing a distributed electronic health-record store for India
The DIGHT project is addressing the problem of building a scalable and highly available information store for the Electronic Health Records (EHRs) of the over one billion citizens of India
Polynomial Size Analysis of First-Order Shapely Functions
We present a size-aware type system for first-order shapely function
definitions. Here, a function definition is called shapely when the size of the
result is determined exactly by a polynomial in the sizes of the arguments.
Examples of shapely function definitions may be implementations of matrix
multiplication and the Cartesian product of two lists. The type system is
proved to be sound w.r.t. the operational semantics of the language. The type
checking problem is shown to be undecidable in general. We define a natural
syntactic restriction such that the type checking becomes decidable, even
though size polynomials are not necessarily linear or monotonic. Furthermore,
we have shown that the type-inference problem is at least semi-decidable (under
this restriction). We have implemented a procedure that combines run-time
testing and type-checking to automatically obtain size dependencies. It
terminates on total typable function definitions.Comment: 35 pages, 1 figur
Smart workplaces: a system proposal for stress management
Over the past last decades of contemporary society, workplaces
have become the primary source of many health issues, leading
to mental problems such as stress, depression, and anxiety.
Among the others, environmental aspects have shown to be the
causes of stress, illness, and lack of productivity. With the arrival
of new technologies, especially in the smart workplaces field,
most studies have focused on investigating the building energy
efficiency models and human thermal comfort. However, little has
been applied to occupants’ stress recognition and well-being
overall. Due to this fact, this present study aims to propose a
stress management solution for an interactive design system that
allows the adapting of comfortable environmental conditions
according to the user preferences by measuring in real-time the
environmental and biological characteristics, thereby helping to
prevent stress, as well as to enable users to cope stress when
being stressed. The secondary objective will focus on evaluating
one part of the system: the mobile application. The proposed
system uses several usability methods to identify users’ needs,
behavior, and expectations from the user-centered design
approach. Applied methods, such as User Research, Card
Sorting, and Expert Review, allowed us to evaluate the design
system according to Heuristics Analysis, resulting in improved
usability of interfaces and experience. The study presents the
research results, the design interface, and usability tests.
According to the User Research results, temperature and noise
are the most common environmental stressors among the users
causing stress and uncomfortable conditions to work in, and the
preference for physical activities over the digital solutions for
coping with stress. Additionally, the System Usability Scale (SUS)
results identified that the system’s usability was measured as
“excellent” and “acceptable” with a final score of 88 points out of
the 100. It is expected that these conclusions can contribute to
future investigations in the smart workplaces study field and their
interaction with the people placed there.Nas últimas décadas da sociedade contemporânea, o local de
trabalho tem se tornado principal fonte de muitos problemas de
saĂşde mental, como o stress, depressĂŁo e ansiedade. Os aspetos
ambientais têm se revelado como as causas de stress, doenças,
falta de produtividade, entre outros. Atualmente, com a chegada de
novas tecnologias, principalmente na área de locais de trabalho
inteligentes, a maioria dos estudos tem se concentrado na
investigação de modelos de eficiĂŞncia energĂ©tica de edifĂcios e
conforto térmico humano. No entanto, pouco foi aplicado ao
reconhecimento do stress dos ocupantes e ao bem-estar geral das
pessoas. Diante disso, o objetivo principal Ă© propor um sistema de
design de gestĂŁo do stress para um sistema de design interativo que
permita adaptar as condições ambientais de acordo com as
preferĂŞncias de utilizador, medindo em tempo real as caracterĂsticas
ambientais e biológicas, auxiliando assim na prevenção de stress,
bem como ajuda os utilizadores a lidar com o stress quando estĂŁo
sob o mesmo. O segundo objetivo Ă© desenhar e avaliar uma parte
do projeto — o protótipo da aplicação móvel através da realização
de testes de usabilidade. O sistema proposto resulta da abordagem
de design centrado no utilizador, utilizando diversos métodos de
usabilidade para identificar as necessidades, comportamentos e as
expectativas dos utilizadores. MĂ©todos aplicados, como Pesquisa de
Usuário, Card Sorting e Revisão de Especialistas, permitiram avaliar
o sistema de design de acordo com a análise heurĂstica, resultando
numa melhoria na usabilidade das interfaces e experiĂŞncia. O
estudo apresenta os resultados da pesquisa, a interface do design e
os testes de usabilidade. De acordo com os resultados de User
Research, a temperatura e o ruĂdo sĂŁo os stressores ambientais
mais comuns entre os utilizadores, causando stresse e condições
menos favoráveis para trabalhar, igualmente existe uma preferência
por atividades fĂsicas sobre as soluções digitais na gestĂŁo do
stresse. Adicionalmente, os resultados de System Usability Scale
(SUS) identificaram a usabilidade do sistema de design como
“excelente” e “aceitável” com pontuação final de 88 pontos em 100.
É esperado que essas conclusões possam contribuir para futuras
investigações no campo de estudo dos smart workplaces e sua
interação com os utilizadores
Scaling Distributed Ledgers and Privacy-Preserving Applications
This thesis proposes techniques aiming to make blockchain technologies and smart contract platforms practical by improving their scalability, latency, and privacy. This thesis starts by presenting the design and implementation of Chainspace, a distributed ledger that supports user defined smart contracts and execute user-supplied transactions on their objects. The correct execution of smart contract transactions is publicly verifiable. Chainspace is scalable by sharding state; it is secure against subsets of nodes trying to compromise its integrity or availability properties through Byzantine Fault Tolerance (BFT). This thesis also introduces a family of replay attacks against sharded distributed ledgers targeting cross-shard consensus protocols; they allow an attacker, with network access only, to double-spend resources with minimal efforts. We then build Byzcuit, a new cross-shard consensus protocol that is immune to those attacks and that is tailored to run at the heart of Chainspace. Next, we propose FastPay, a high-integrity settlement system for pre-funded payments that can be used as a financial side-infrastructure for Chainspace to support low-latency retail payments. This settlement system is based on Byzantine Consistent Broadcast as its core primitive, foregoing the expenses of full atomic commit channels (consensus). The resulting system has extremely low-latency for both confirmation and payment finality. Finally, this thesis proposes Coconut, a selective disclosure credential scheme supporting distributed threshold issuance, public and private attributes, re-randomization, and multiple unlinkable selective attribute revelations. It ensures authenticity and availability even when a subset of credential issuing authorities are malicious or offline, and natively integrates with Chainspace to enable a number of scalable privacy-preserving applications
Security of Contactless Smart Card Protocols
Tato práce analyzuje hrozby pro protokoly vyuĹľĂvajĂcĂ bezkontaktnĂ ÄŤipovĂ© karty a pĹ™edstavuje metodu pro poloautomatickĂ© hledánĂ zranitelnostĂ v takovĂ˝ch protokolech pomocĂ model checkingu. Návrh a implementace bezpeÄŤnĂ˝ch aplikacĂ jsou obtĂĹľnĂ© Ăşkoly, i kdyĹľ je pouĹľit bezpeÄŤnĂ˝ hardware. Specifikace na vysokĂ© Ăşrovni abstrakce mĹŻĹľe vĂ©st k rĹŻznĂ˝m implementacĂm. Je dĹŻleĹľitĂ© pouĹľĂvat ÄŤipovou kartu správnÄ›, nevhodná implementace protokolu mĹŻĹľe pĹ™inĂ©st zranitelnosti, i kdyĹľ je protokol sám o sobÄ› bezpeÄŤnĂ˝. CĂlem tĂ©to práce je poskytnout metodu, která mĹŻĹľe bĂ˝t vyuĹľita vĂ˝vojáři protokolĹŻ k vytvoĹ™enĂ modelu libovolnĂ© ÄŤipovĂ© karty, se zaměřenĂm na bezkontaktnĂ ÄŤipovĂ© karty, k vytvoĹ™enĂ modelu protokolu a k pouĹľitĂ model checkingu pro nalezenĂ ĂştokĹŻ v tomto modelu. Ăštok mĹŻĹľe bĂ˝t následnÄ› proveden a pokud nenĂ ĂşspěšnĂ˝, model je upraven pro dalšà bÄ›h model checkingu. Pro formálnĂ verifikaci byla pouĹľita platforma AVANTSSAR, modely jsou psány v jazyce ASLan++. Jsou poskytnuty pĹ™Ăklady pro demonstraci pouĹľitelnosti navrhovanĂ© metody. Tato metoda byla pouĹľita k nalezenĂ slabiny bezkontaktnĂ ÄŤipovĂ© karty Mifare DESFire. Tato práce se dále zabĂ˝vá hrozbami, kterĂ© nenĂ moĹľnĂ© pokrĂ˝t navrhovanou metodou, jako jsou Ăştoky relay. This thesis analyses contactless smart card protocol threats and presents a method of semi-automated vulnerability finding in such protocols using model checking. Designing and implementing secure applications is difficult even when secure hardware is used. High level application specifications may lead to different implementations. It is important to use the smart card correctly, inappropriate protocol implementation may introduce a vulnerability, even if the protocol is secure by itself. The goal of this thesis is to provide a method that can be used by protocol developers to create a model of arbitrary smart card, with focus on contactless smart cards, to create a model of the protocol, and to use model checking to find attacks in this model. The attack can be then executed and if not successful, the model is refined for another model checker run. The AVANTSSAR platform was used for the formal verification, models are written in the ASLan++ language. Examples are provided to demonstrate usability of the proposed method. This method was used to find a weakness of Mifare DESFire contactless smart card. This thesis also deals with threats not possible to cover by the proposed method, such as relay attacks.
FLACOS’08 Workshop proceedings
The 2nd Workshop on Formal Languages and Analysis of Contract-Oriented Software (FLACOS’08) is held in Malta. The aim of the workshop is to bring together researchers and practitioners working on language-based solutions to contract-oriented software development. The workshop is partially funded by the Nordunet3 project “COSoDIS” (Contract-Oriented Software Development for Internet Services) and it attracted 25 participants. The program consists of 4 regular papers and 10 invited participant presentations
Junos Pulse Secure Access Service Administration Guide
This guide describes basic configuration procedures for Juniper Networks Secure Access
Secure Access Service. This document was formerly titled Secure Access Administration
Guide. This document is now part of the Junos Pulse documentation set.
This guide is designed for network administrators who are configuring and maintaining
a Juniper Networks Secure Access Service device. To use this guide, you need a broad
understanding of networks in general and the Internet in particular, networking principles, and network configuration. Any detailed discussion of these concepts is beyond the scope of this guide.The Juniper Networks Secure Access Service enable you to give employees, partners,
and customers secure and controlled access to your corporate data and applications
including file servers, Web servers, native messaging and e-mail clients, hosted servers,
and more from outside your trusted network using just a Web browser.
Secure Access Service provide robust security by intermediating the data that flows
between external users and your company’s internal resources. Users gain authenticated
access to authorized resources through an extranet session hosted by the appliance.
During intermediation, Secure Access Service receives secure requests from the external,
authenticated users and then makes requests to the internal resources on behalf of those
users. By intermediating content in this way, Secure Access Service eliminates the need
to deploy extranet toolkits in a traditional DMZ or provision a remote access VPN for
employees.
To access the intuitive Secure Access Service home page, your employees, partners, and
customers need only a Web browser that supports SSL and an Internet connection. This
page provides the window from which your users can securely browse Web or file servers,
use HTML-enabled enterprise applications, start the client/server application proxy,
begin a Windows, Citrix, or Telnet/SSH terminal session, access corporate e-mail servers,
start a secured layer 3 tunnel, or schedule or attend a secure online meeting
An introduction to Quality of Security Services
We examine the concept of security as a dimension of Quality of Service in distributed systems. We provide a discussion and examples of user- specified security variables and show how the range of service levels associated with these variables can support the provision of Quality of Security Service. We also discuss various design implications regarding security ranges provided in a QoS-aware distributed system. Our goal has been to provide an understanding of QoSS and variant security, and to determine whether these concepts can be useful in improving security service and system performance in QoS-aware distributed systems. We described the general requirements for system attributes to participate in the provision of Quality of Service, and described how certain security attributes might meet these requirements. We then described various forms of user and application security "ranges "and showed how these ranges can make sense in relation to existing security policies, when those ranges are presented as user choices. Finally we described security ranges as forming a coherent system of relationships in a distributed multi-tiered system. Our conclusion is that it may be possible for security to be a semantically meaningful dimension of Quality of Service without compromising existing security policies. Further study is needed to understand the effectiveness of QoSS in improving system performance in QoS-aware systems.Approved for public release; distribution is unlimited
- …