How to break access control in a controlled manner

The Electronic Medical Record (EMR) integrates heterogeneous information within a Healthcare Institution stressing the need for security and access control. The Biostatistics and Medical Informatics Department from Porto Faculty of Medicine has recently implemented a Virtual EMR (VEMR) in order to integrate patient information and clinical reports within a university hospital. With more than 500 medical doctors using the system on a daily basis, an access control policy and model were implemented. However, the healthcare environment has unanticipated situations (i.e. emergency situations) where access to information is essential. Most traditional policies do not allow for overriding. A policy that allows for Break-The-Glass (BTG) was implemented in order to override access control whilst providing for non-repudiation mechanisms for its usage. The policy was easily integrated within the model confirming its modularity and the fact that user intervention in defining security procedures is crucial to its successful implementation and use

Developing Intellectual Access and Control Mechanisms for Discipline-Based Virtual Libraries that Feature Media Integration

On December 9, 1992, Case Western Reserve University Library began the work of creating its first virtual library in the geological sciences. Ten more discipline-based virtual libraries will be developed by the end of 1994. One of the most vital components of a virtual library is the intellectual access to information and knowledge resources in all formats, thus the control mechanisms enabling access become very important issues which challenge traditional approaches in the construction of classification schemes, thesauri, and other types of controlled vocabularies. This paper presents some basic and important considerations in the process of developing intellectual access and control mechanisms for discipline-based virtual libraries

A Shibboleth-protected privilege management infrastructure for e-science education

Simplifying access to and usage of large scale compute resources via the grid is of critical importance to encourage the uptake of e-research. Security is one aspect that needs to be made as simple as possible for end users. The ESP-Grid and DyVOSE projects at the National e-Science Centre (NeSC) at the University of Glasgow are investigating security technologies which will make the end-user experience of using the grid easier and more secure. In this paper, we outline how simplified (from the user experience) authentication and authorization of users are achieved through single usernames and passwords at users' home institutions. This infrastructure, which will be applied in the second year of the grid computing module part of the advanced MSc in Computing Science at the University of Glasgow, combines grid portal technology, the Internet2 Shibboleth Federated Access Control infrastructure, and the PERMS role-based access control technology. Through this infrastructure inter-institutional teaching can be supported where secure access to federated resources is made possible between sites. A key aspect of the work we describe here is the ability to support dynamic delegation of authority whereby local/remote administrators are able to dynamically assign meaningful privileges to remote/local users respectively in a trusted manner thus allowing for the dynamic establishment of virtual organizations with fine grained security at their heart

Uncertainty Analysis and Instrument Selection Using a Web-Based Virtual Experiment

A methodology has been developed and successfully implemented for transforming physical experiments in an undergraduate thermo-fluids laboratory at Old Dominion University (ODU), a doctoral university, into web-based virtual experiments while the Mechanical Engineering (ME) faculty at Western Kentucky University (WKU), an undergraduate university, have developed and implemented a Design of Experiments (DOE) Plan to assure that graduates of their program have acquired the skills necessary to design and conduct experiments and analyze experimental results. This paper presents details about a web-based virtual experiment designed to teach students about selection of instruments based on the uncertainty estimated from the virtual experiment. The web-based virtual experiment, involves the measurement of frictional losses in fluid flowing in a pipe at various flow rates. In this virtual module, the student experimenter can adjust the flow rate in the pipe with a virtual flow control valve and measure both the flow rate and the pressure drop by selecting different measuring instruments. The selected instruments have corresponding measurement uncertainties and the student is tasked through various activities in the virtual experiment to evaluate which instrument is the best fit for the particular experimental design situation. The web-based virtual module has been tested at ODU and an assessment of its effectiveness in student learning is provided. Student learning gains achieved through the web-based virtual module were measured by comparing the performance of a Control group (no access to the module) and an Experimental group with access to the web-based virtual module. Both groups were administered an identical multiple choice quiz and the quiz scores were analyzed to gage the effectiveness of the module in teaching students about instrument selection, and uncertainty and errors in experiments. Students in the Experimental group were also surveyed to get their feedback on the effectiveness of the module in aiding their learning of these skills

DyVOSE project: experiences in applying privilege management infrastructures

Privilege Management Infrastructures (PMI) are emerging as a necessary alternative to authorization through Access Control Lists (ACL) as the need for finer grained security on the Grid increases in numerous domains. The 2-year JISC funded DyVOSE Project has investigated applying PMIs within an e-Science education context. This has involved establishing a Grid Computing module as part of Glasgow University’s Advanced MSc degree in Computing Science. A laboratory infrastructure was built for the students realising a PMI with the PERMIS software, to protect Grid Services they created. The first year of the course centered on building a static PMI at Glasgow. The second year extended this to allow dynamic attribute delegation between Glasgow and Edinburgh to support dynamic establishment of fine grained authorization based virtual organizations across multiple institutions. This dynamic delegation was implemented using the DIS (Delegation Issuing) Web Service supplied by the University of Kent. This paper describes the experiences and lessons learned from setting up and applying the advanced Grid authorization infrastructure within the Grid Computing course, focusing primarily on the second year and the dynamic virtual organisation setup between Glasgow and Edinburgh

Supporting security-oriented, collaborative nanoCMOS electronics research

Grid technologies support collaborative e-Research typified by multiple institutions and resources seamlessly shared to tackle common research problems. The rules for collaboration and resource sharing are commonly achieved through establishment and management of virtual organizations (VOs) where policies on access and usage of resources by collaborators are defined and enforced by sites involved in the collaboration. The expression and enforcement of these rules is made through access control systems where roles/privileges are defined and associated with individuals as digitally signed attribute certificates which collaborating sites then use to authorize access to resources. Key to this approach is that the roles are assigned to the right individuals in the VO; the attribute certificates are only presented to the appropriate resources in the VO; it is transparent to the end user researchers, and finally that it is manageable for resource providers and administrators in the collaboration. In this paper, we present a security model and implementation improving the overall usability and security of resources used in Grid-based e-Research collaborations through exploitation of the Internet2 Shibboleth technology. This is explored in the context of a major new security focused project at the National e-Science Centre (NeSC) at the University of Glasgow in the nanoCMOS electronics domain

Knowledge Generation and Dissemination in Virtual Communities and Virtual Teams

In recent years, the creation of Internet-based knowledge has become increasingly significant. However, with regard to the influence and control of knowledge management processes, knowledge communities indicate specific problems for creating and distributing information. People – constantly or temporarily – without Internet access are left out of this knowledge dissemination. The CCIRP project takes problems of this kind into account, creating concepts how information generation in knowledge communities (e.g. CC-Expert) or in virtual teams, and how this knowledge can be distributed based on traditional media. The paper describes two approaches (within the context of the project CCIRP) that deal with knowledge generation and dissemination. CC-Expert is a tool for virtual communities (open user group) and VITEA for virtual teams (closed user groups), which were realised at the university of Koblenz, Germany. The approach VITEA shows how the knowledge generation and dissemination in virtual teams can be improved. It offers an environment to disseminate knowledge to team members without Internet access or with temporarily no access or even where Internet access is more inconvenient than using other media. In the VITEA-System the technologies of a reference lab and a virtual community are combined. One focus are the common aspects and differences and another the methods of knowledge generation and how to distribute knowledge by using heterogeneous media

Design of A Virtual Laboratory for Automation Control

In the past, only students who studied on campus were able to access laboratory equipment in traditional lab courses; distance learning students, enrolled in online courses, were at a disadvantage for they could learn basic lab experiment principles but could never experience hands-on learning. Modeling and simulation can be a powerful tool for generating virtual laboratories for distance learning students. This thesis describes the design and development of a virtual laboratory for automation control using mechanical, electrical, and pneumatic components for an automation and control course at Old Dominion University. This virtual laboratory application was implemented for two platforms — Windows personal computers and Android smartphones. The virtual lab serves as pre-lab session for on-campus students and a virtual lab tool for distance-learning students to gain some “hands-on” lab experience. Utilizing the virtual learning environment as a supplement to engineering-based laboratories is also beneficial for students to prepare for the physical experiment and obtain a “hands-on,” practical lab experience without the hazards present in the physical lab. Such a methodology can also be applied to experiments in different fields such chemistry, etc

WSN and RFID integration to support intelligent monitoring in smart buildings using hybrid intelligent decision support systems

The real time monitoring of environment context aware activities is becoming a standard in the service delivery in a wide range of domains (child and elderly care and supervision, logistics, circulation, and other). The safety of people, goods and premises depends on the prompt reaction to potential hazards identified at an early stage to engage appropriate control actions. This requires capturing real time data to process locally at the device level or communicate to backend systems for real time decision making. This research examines the wireless sensor network and radio frequency identification technology integration in smart homes to support advanced safety systems deployed upstream to safety and emergency response. These systems are based on the use of hybrid intelligent decision support systems configured in a multi-distributed architecture enabled by the wireless communication of detection and tracking data to support intelligent real-time monitoring in smart buildings. This paper introduces first the concept of wireless sensor network and radio frequency identification technology integration showing the various options for the task distribution between radio frequency identification and hybrid intelligent decision support systems. This integration is then illustrated in a multi-distributed system architecture to identify motion and control access in a smart building using a room capacity model for occupancy and evacuation, access rights and a navigation map automatically generated by the system. The solution shown in the case study is based on a virtual layout of the smart building which is implemented using the capabilities of the building information model and hybrid intelligent decision support system.The Saudi High Education Ministry and Brunel University (UK