SHI3LD: an Access Control Framework for the Mobile Web of Data

International audienceWe present Shi3ld, a context-aware access control framework for consuming the Web of Data from mobile devices

SHI3LD: an Access Control Framework for the Mobile Web of Data

International audienceWe present Shi3ld, a context-aware access control framework for consuming the Web of Data from mobile devices

The Astro-WISE approach to quality control for astronomical data

We present a novel approach to quality control during the processing of astronomical data. Quality control in the Astro-WISE Information System is integral to all aspects of data handing and provides transparent access to quality estimators for all stages of data reduction from the raw image to the final catalog. The implementation of quality control mechanisms relies on the core features in this Astro-WISE Environment (AWE): an object-oriented framework, full data lineage, and both forward and backward chaining. Quality control information can be accessed via the command-line awe-prompt and the web-based Quality-WISE service. The quality control system is described and qualified using archive data from the 8-CCD Wide Field Imager (WFI) instrument (http://www.eso.org/lasilla/instruments/wfi/) on the 2.2-m MPG/ESO telescope at La Silla and (pre-)survey data from the 32-CCD OmegaCAM instrument (http://www.astro-wise.org/~omegacam/) on the VST telescope at Paranal.Comment: Accepted for publication in topical issue of Experimental Astronomy on Astro-WISE information syste

A SEMANTIC BASED POLICY MANAGEMENT FRAMEWORK FOR CLOUD COMPUTING ENVIRONMENTS

Cloud computing paradigm has gained tremendous momentum and generated intensive interest. Although security issues are delaying its fast adoption, cloud computing is an unstoppable force and we need to provide security mechanisms to ensure its secure adoption. In this dissertation, we mainly focus on issues related to policy management and access control in the cloud. Currently, users have to use diverse access control mechanisms to protect their data when stored on the cloud service providers (CSPs). Access control policies may be specified in different policy languages and heterogeneity of access policies pose significant problems.An ideal policy management system should be able to work with all data regardless of where they are stored. Semantic Web technologies when used for policy management, can help address the crucial issues of interoperability of heterogeneous CSPs. In this dissertation, we propose a semantic based policy management framework for cloud computing environments which consists of two main components, namely policy management and specification component and policy evolution component. In the policy management and specification component, we first introduce policy management as a service (PMaaS), a cloud based policy management framework that give cloud users a unified control point for specifying authorization policies, regardless of where the data is stored. Then, we present semantic based policy management framework which enables users to specify access control policies using semantic web technologies and helps address heterogeneity issues of cloud computing environments. We also model temporal constraints and restrictions in GTRBAC using OWL and show how ontologies can be used to specify temporal constraints. We present a proof of concept implementation of the proposed framework and provide some performance evaluation. In the policy evolution component, we propose to use role mining techniques to deal with policy evolution issues and present StateMiner, a heuristic algorithm to find an RBAC state as close as possible to both the deployed RBAC state and the optimal state. We also implement the proposed algorithm and perform some experiments to demonstrate its effectiveness

SIDECACHE: Information access, management and dissemination framework for web services

<p>Abstract</p> <p>Background</p> <p>Many bioinformatics algorithms and data sets are deployed using web services so that the results can be explored via the Internet and easily integrated into other tools and services. These services often include data from other sites that is accessed either dynamically or through file downloads. Developers of these services face several problems because of the dynamic nature of the information from the upstream services. Many publicly available repositories of bioinformatics data frequently update their information. When such an update occurs, the developers of the downstream service may also need to update. For file downloads, this process is typically performed manually followed by web service restart. Requests for information obtained by dynamic access of upstream sources is sometimes subject to rate restrictions.</p> <p>Findings</p> <p>SideCache provides a framework for deploying web services that integrate information extracted from other databases and from web sources that are periodically updated. This situation occurs frequently in biotechnology where new information is being continuously generated and the latest information is important. SideCache provides several types of services including proxy access and rate control, local caching, and automatic web service updating.</p> <p>Conclusions</p> <p>We have used the SideCache framework to automate the deployment and updating of a number of bioinformatics web services and tools that extract information from remote primary sources such as NCBI, NCIBI, and Ensembl. The SideCache framework also has been used to share research results through the use of a SideCache derived web service.</p

EPICS: A Framework for Enforcing Security Policies in Composite Web Services

With advances in cloud computing and the emergence of service marketplaces, the popularity of composite services marks a paradigm shift from single-domain monolithic systems to cross-domain distributed services, which raises important privacy and security concerns. Access control becomes a challenge in such systems because authentication, authorization and data disclosure may take place across endpoints that are not known to clients. The clients lack options for specifying policies to control the sharing of their data and have to rely on service providers which offer limited selection of security and privacy preferences. This lack of awareness and loss of control over data sharing increases threats to a client's data and diminishes trust in these systems. We propose EPICS, an efficient and effective solution for enforcing security policies in composite Web services that protects data privacy throughout the service interaction lifecycle. The solution ensures that the data are distributed along with the client policies that dictate data access and an execution monitor that controls data disclosure. It empowers data owners with control of data disclosure decisions during interactions with remote services and reduces the risk of unauthorized access. The paper presents the design, implementation, and evaluation of the EPICS framework

A systematic literature review of cloud computing in eHealth

Cloud computing in eHealth is an emerging area for only few years. There needs to identify the state of the art and pinpoint challenges and possible directions for researchers and applications developers. Based on this need, we have conducted a systematic review of cloud computing in eHealth. We searched ACM Digital Library, IEEE Xplore, Inspec, ISI Web of Science and Springer as well as relevant open-access journals for relevant articles. A total of 237 studies were first searched, of which 44 papers met the Include Criteria. The studies identified three types of studied areas about cloud computing in eHealth, namely (1) cloud-based eHealth framework design (n=13); (2) applications of cloud computing (n=17); and (3) security or privacy control mechanisms of healthcare data in the cloud (n=14). Most of the studies in the review were about designs and concept-proof. Only very few studies have evaluated their research in the real world, which may indicate that the application of cloud computing in eHealth is still very immature. However, our presented review could pinpoint that a hybrid cloud platform with mixed access control and security protection mechanisms will be a main research area for developing citizen centred home-based healthcare applications

Towards a Semantic Grid Computing Platform for Disaster Management in Built Environment

Current disaster management procedures rely primarily on heuristics which result in their strategies being very cautious and sub-optimum in terms of saving life, minimising damage and returning the building to its normal function. Also effective disaster management demands decentralized, dynamic, flexible, short term and across domain resource sharing, which is not well supported by existing distributing computing infrastructres. The paper proposes a conceptual framework for emergency management in the built environment, using Semantic Grid as an integrating platform for different technologies. The framework supports a distributed network of specialists in built environment, including structural engineers, building technologists, decision analysts etc. It brings together the necessary technology threads, including the Semantic Web (to provide a framework for shared definitions of terms, resources and relationships), Web Services (to provide dynamic discovery and integration) and Grid Computing (for enhanced computational power, high speed access, collaboration and security control) to support rapid formation of virtual teams for disaster management. The proposed framework also make an extensive use of modelling and simulation (both numerical and using visualisations), data mining (to find resources in legacy data sets) and visualisation. It also include a variety of hardware instruments with access to real time data. Furthermore the whole framework is centred on collaborative working by the virtual team. Although focus of this paper is on disaster management, many aspects of the discussed Grid and Visualisation technologies will be useful for any other forms of collaboration. Conclusions are drawn about the possible future impact on the built environment

Linked Data in Libraries: A Case Study of Harvesting and Sharing Bibliographic Metadata with BIBFRAME

By way of a case study this paper illustrates and evaluates the Bibliographic Framework (or BIBFRAME) as means for harvesting and sharing bibliographic metadata over the Web for libraries. BIBFRAME is an emerging framework developed by the Library of Congress for bibliographic description based on Linked Data. Much like Semantic Web, the goal of Linked Data is to make Web “data aware” and transform the existing Web of documents into a Web of data. Linked Data leverages the existing Web infrastructure and allows linking and sharing of structured data for human and machine consumption. The BIBFRAME model attempts to contextualize the Linked Data technology for libraries. Library applications and systems contain high-quality structured metadata but this data is generally static in its presentation and seldom integrated with other internal metadata sources or linked to external Web resources. With BIBFRAME existing disparate library metadata sources such as catalogs and digital collections can be harvested and integrated over the Web. In addition, bibliographic data enriched with Linked Data could offer richer navigational control and access points for users. With Linked Data principles, metadata from libraries could also become harvestable by search engines, transforming dormant catalogs and digital collections into active knowledge repositories. Thus experimenting with Linked Data using existing bibliographic metadata holds the potential to empower libraries to harness the reach of commercial search engines to continuously discover, navigate, and obtain new domain specific knowledge resources on the basis of their verified metadata. The initial part of the paper introduces BIBFRAME and discusses Linked Data in the context of libraries. The final part of this paper outlines a step-by-step process for implementing BIBFRAME with existing library metadata