1,713 research outputs found
Social Anchor: Privacy-Friendly Attribute Aggregation From Social Networks
In the last decade or so, we have experienced a tremendous proliferation and popularity of different Social Networks (SNs), resulting more and more user attributes being stored in such SNs. These attributes represent a valuable asset and many innovative online services are offered in exchange of such attributes. This particular phenomenon has allured these social networks to act as Identity Providers (IdPs). However, the current setting unnecessarily imposes a restriction: a user can only release attributes from one single IdP in a single session, thereby, limiting the user to aggregate attributes from multiple IdPs within the same session. In addition, our analysis suggests that the manner by which attributes are released from these SNs is extremely privacy-invasive and a user has very limited control to exercise her privacy during this process. In this article, we present Social Anchor, a system for attribute aggregation from social networks in a privacy-friendly fashion. Our proposed Social Anchor system effectively addresses both of these serious issues. Apart from the proposal, we have implemented Social Anchor following a set of security and privacy requirements. We have also examined the associated trust issues using a formal trust analysis model. Besides, we have presented a formal analysis of its protocols using a state-of-the-art formal analysis tool called AVISPA to ensure the security of Social Anchor. Finally, we have provided a performance analysis of Social Anchor
Supporting UK-wide e-clinical trials and studies
As clinical trials and epidemiological studies become increasingly large, covering wider (national) geographical areas and involving ever broader populations, the need to provide an information management infrastructure that can support such endeavours is essential. A wealth of clinical data now exists at varying levels of care (primary care, secondary care, etc.). Simple, secure access to such data would greatly benefit the key processes involved in clinical trials and epidemiological studies: patient recruitment, data collection and study management. The Grid paradigm provides one model for seamless access to such data and support of these processes.
The VOTES project (Virtual Organisations for Trials and Epidemiological Studies) is a collaboration between several UK institutions to implement a generic framework that effectively leverages the available health-care information across the UK to support more efficient gathering and processing of trial information. The structure of the information available in the health-care domain in the UK itself varies broadly in-line with the national boundaries of the constituent states (England, Scotland, Wales and Northern Ireland). Technologies must address these political boundaries and the impact these boundaries have in terms of for example, information governance, policies, and of course large-scale heterogeneous distribution of the data sets themselves.
This paper outlines the methodology in implementing the framework between three specific data sources that serve as useful case studies: Scottish data from the Scottish Care Information (SCI) Store data repository, data on the General Practice Research Database (GPRD) diabetes trial at Imperial College London, and benign prostate hypoplasia (BPH) data from the University of Nottingham. The design, implementation and wider research issues are discussed along with the technological challenges encountered in the project in the application of Grid technologies
FaaS: Federation-as-a-Service
This document is the main high-level architecture specification of the
SUNFISH cloud federation solution. Its main objective is to introduce the
concept of Federation-as-a-Service (FaaS) and the SUNFISH platform. FaaS is the
new and innovative cloud federation service proposed by the SUNFISH project.
The document defines the functionalities of FaaS, its governance and precise
objectives. With respect to these objectives, the document proposes the
high-level architecture of the SUNFISH platform: the software architecture that
permits realising a FaaS federation. More specifically, the document describes
all the components forming the platform, the offered functionalities and their
high-level interactions underlying the main FaaS functionalities. The document
concludes by outlining the main implementation strategies towards the actual
implementation of the proposed cloud federation solution.Comment: Technical Report Edited by Francesco Paolo Schiavo, Vladimiro
Sassone, Luca Nicoletti and Andrea Margher
Analysing Trust Issues in Cloud Identity Environments
Trust acts as a facilitator for decision making in environments, where decisions are subject to risk and uncertainty. Security is one of the factors contributing to the trust model that is a requirement for service users. In this paper we ask, What can be done to improve end user trust in choosing a cloud identity provider? Security and privacy are central issues in a cloud identity environment and it is the end user who determines the amount of trust they have in any identity system. This paper is an in-depth literature survey that evaluates identity service delivery in a cloud environment from the perspective of the service user
Data Minimisation in Communication Protocols: A Formal Analysis Framework and Application to Identity Management
With the growing amount of personal information exchanged over the Internet,
privacy is becoming more and more a concern for users. One of the key
principles in protecting privacy is data minimisation. This principle requires
that only the minimum amount of information necessary to accomplish a certain
goal is collected and processed. "Privacy-enhancing" communication protocols
have been proposed to guarantee data minimisation in a wide range of
applications. However, currently there is no satisfactory way to assess and
compare the privacy they offer in a precise way: existing analyses are either
too informal and high-level, or specific for one particular system. In this
work, we propose a general formal framework to analyse and compare
communication protocols with respect to privacy by data minimisation. Privacy
requirements are formalised independent of a particular protocol in terms of
the knowledge of (coalitions of) actors in a three-layer model of personal
information. These requirements are then verified automatically for particular
protocols by computing this knowledge from a description of their
communication. We validate our framework in an identity management (IdM) case
study. As IdM systems are used more and more to satisfy the increasing need for
reliable on-line identification and authentication, privacy is becoming an
increasingly critical issue. We use our framework to analyse and compare four
identity management systems. Finally, we discuss the completeness and
(re)usability of the proposed framework
Semantic Security for E-Health: A Case Study in Enhanced Access Control
Data collection, access and usage are essential for many forms of collaborative research. E-Health represents one area with much to gain by sharing of data across organisational boundaries. In such contexts, security and access control are essential to protect the often complex, privacy and information governance concerns of associated stakeholders. In this paper we argue that semantic technologies have unique benefits for specification and enforcement of security policies that cross organisation boundaries. We illustrate this through a case study based around the International Niemann-Pick Disease (NPD) Registry (www.inpdr.org) - which typifies many current e-Health security processes and policies. We show how approaches based upon ontology-based policy specification overcome many of the current security challenges facing the development of such systems and enhance access control by leveraging existing security information associated with clinical collaborators
Authentication and Identity Management for the EPOS Project
The increase in the number of online services emphasizes the value of authentication and
identity management that we, even without realizing, depend on. In EPOS this authentication
and identity management are also crucial, by dealing and being responsible for large amounts
of heterogeneous data in multiple formats and from various providers, that can be public or
private. Controlling and identify the access to this data is the key. For this purpose, it is
necessary to create a system capable of authenticating, authorizing, and account the usage of
these services. While services in a development phase can have authentication and authorization
modules directly implemented in them, this is not an option for legacy services that cannot be
modified. This thesis regards the issue of providing secure and interoperable authentication
and authorization framework, associated with correct identity management and an accounting
module, stating the difficulties faced and how to be addressed. These issues are approached by
implementing the proposed methods in one of the GNSS Data and Products TCS services, that
will serve as a study case. While authentication mechanisms have improved constantly over
the years, with the addition of multiple authentication factors, there is still not a clear and
defined way of how authentication should be done. New security threats are always showing
up, and authentication systems need to adapt and improve while maintaining a balance between
security and usability. Our goal is, therefore, to propose a system that can provide a good user
experience allied to security, which can be used in the TCS services or other web services facing
similar problems.A importância da autenticação e gestão de identidades, de que dependemos inconscientemente, aumenta com o crescimento do número de serviços online ao nosso dispor. No EPOS,
devido à disponibilização e gestão de dados heterogéneos de várias entidades, que podem ser
públicas ou privadas, a existência de um sistema de autenticação e gestão de identidades é
também crucial, em que o controlo e identificação do acesso a estes dados é a chave. Numa
fase de desenvolvimento dos serviços, estes módulos de autenticação e autorização podem ser
diretamente implementados e é possível existir uma adaptação do software aos mesmos. No
entanto, há serviços já existentes, cujas alterações implicam mudanças de grande escala e
uma reformulação de todo o sistema, e como tal não é exequível fazer alterações diretas aos
mesmos. Esta dissertação aborda o desenvolvimento de um sistema de autenticação e autorização seguro e interoperável, associado a uma correta gestão de identidades e um módulo de
controlo, identificando os problemas encontrados e propondo soluções para os mesmos. Este
desenvolvimento é aplicado num dos serviços do TCS GNSS Data and Products e servirá como
caso de estudo. Embora os mecanismos de autenticação tenham melhorado continuamente ao
longo dos anos, com a adição de vários fatores de autenticação, ainda não existe um método
único e claro de como a autenticação deve ser feita. Novas ameaças estão sempre a surgir e
os sistemas atuais precisam de se adaptar e melhorar, mantendo um equilíbrio entre segurança
e usabilidade. O nosso objetivo é propor um sistema que possa aliar a segurança a uma boa
experiência para o utilizador, e que possa ser utilizado não só nos serviços do TCS, mas também
em outros serviços web que enfrentem problemas semelhantes
- …