292 research outputs found
Auditors\u27 judgments and decisions under time pressure: an illustration and agenda for research
https://egrove.olemiss.edu/dl_proceedings/1098/thumbnail.jp
Extracting Role-Based Access Control Models from Business Process Event Logs
Keeruliste äriprotsesside ja järjest suurenevate andmemahtude juures on väljakutsuvaks
ülesandeks analüüsida ja parandada ettevõtte äriprotsessi andmeturvalisust. Infosüsteemid,
mis toetavad äriprotsessi mudeli (abstraktne esitus äriprotsessist) rakendamist, registreerivad
äriprotsessi tegevusi sündmustena eraldi logisse. Salvestatud sündmuste logid on aluseks
äriprotsessiga seotud andmete kaevamiseks. Need andmed on vajalikud äriprotsessi
analüüsimiseks ja parendamiseks, kuid neid andmeid võib kasutada ka turvaanalüüsiks.
Turvaanalüüsi üheks eesmärgiks on ka kontrollida, kas nende andmete hulgas turvalisusega
seotud informatsioon on kooskõlas praeguste turvanõuetega. Lisaks, äriprotsessi logide peal
saab rakendada äriprotsessikaeve (uurimisvaldkond, mis ühendab andmekaeve ja
äriprotsesside modelleerimise) tehnikaid, et luua äriprotsessi mudeleid. Lisaks äriprotsessi
mudelitele on võimalik tuletada ka teisi mudeleid, näiteks turvamudeleid, mida saab hiljem
kasutada turvameetmete tagamiseks infosüsteemis. Käesoleva töö eesmärgiks on esitada üks
võimalik meetod, kuidas luua rollipõhist ligipääsukontrolli esitatavaid turvamudeleid (Role-
Based Access Control models) XES-formaadis sündmuste logidest, mis on salvestatud
äriprotsessi toetava infosüsteemi poolt. Lisatähelepanu on suunatud kaitstavate infovarade
väljaselgitamiseks sündmuste logide põhjal. Need infovarad on näiteks dokumendid,
dokumendiväljad, või muud andmed, mida töödeldakse äriprotsessi tegevuste jooksul. Lisaks,
me hindame antud meetodi rakendatavust reaalse äriprotsessi sündmuste logi peal. Ühe
võimaliku meetodina me kontrollime sündmuste logi andmete ja seoste vastavust juurdepääsu
õigustega olemasoleva rollipõhise juurdepääsu kontrolli turvamudelis. Lõppkokkuvõttes võib
sündmuste logidest tuletatud rollipõhist ligipääsu kontrolli mudelit võtta aluseks
turvaanalüüsiks või rakendada mõnes süsteemis juurdepääsumehhanismina.Today, as business processes are getting more complex and the volumes of stored data about
business process executions are increasing in size, collecting information for the analysis and
for the improvement of the business process security1, is becoming a complex task.
Information systems that support business processes record business process executions into
event logs which capture the behavior of system usage in terms of events. Business process
event logs can be used for analysing and improving the business process, but also for
analysing the information security. One of the main goals of security analysis is to check the
compliance with existing security requirements. Also event logs can be the basis for business
process mining, or shortly process mining. Utilizing bottom-up process mining on event logs,
we can extract business process-related information for security analysis. Process mining is
not just only for discovering business process models, but also other models, such as security
models. For this purpose, we present a possible approach to extract RBAC models
(semi-)automatically from event logs in XES format. The focus is also on determining the
protected business assets, such as document or other artifact data that is exchanged and
accessed during business process activities. In addition, we evaluate the applicability of this
approach with conformance checking where we check the compliance of a real-life event log
with respect to the LTL constraints translated from RBAC model. Eventually, the purpose of
the extracted RBAC models is that they provide a basis for security analysis and they can be
adapted by other applications in order to implement access control mechanism
Implementations in Machine Ethics: A Survey
Increasingly complex and autonomous systems require machine ethics to
maximize the benefits and minimize the risks to society arising from the new
technology. It is challenging to decide which type of ethical theory to employ
and how to implement it effectively. This survey provides a threefold
contribution. First, it introduces a trimorphic taxonomy to analyze machine
ethics implementations with respect to their object (ethical theories), as well
as their nontechnical and technical aspects. Second, an exhaustive selection
and description of relevant works is presented. Third, applying the new
taxonomy to the selected works, dominant research patterns, and lessons for the
field are identified, and future directions for research are suggested.Comment: published version, journal paper, ACM Computing Surveys, 38 pages, 7
tables, 4 figure
High-throughput analysis and advanced search for visually-observed phenotypes
Title from PDF of title page (University of Missouri--Columbia, viewed on May 13, 2013).The entire thesis text is included in the research.pdf file; the official abstract appears in the short.pdf file; a non-technical public abstract appears in the public.pdf file.Dissertation advisor: Dr. Chi-Ren ShyuIncludes bibliographical references.Vita.Ph. D. University of Missouri--Columbia 2012."May 2012"The trend in many scientific disciplines today, especially in biology and genetics, is towards larger scale experiments in which a tremendous amount of data is generated. As imaging of data becomes increasingly more popular in experiments related to phenotypes, the ability to perform high-throughput big data analyses and to efficiently locate specific information within these data based on increasingly complicated and varying search criteria is of great importance to researchers. This research develops several methods for high-throughput phenotype analysis. This notably includes a registration algorithm called variable object pattern matching for mapping multiple indistinct and dynamic objects across images and detecting the presence of missing, extra, and merging objects. Research accomplishments resulted in a number of unique advanced search mechanisms including a retrieval engine that integrates multiple phenotype text sources and domain ontologies and a search method that retrieves objects based on temporal semantics and behavior. These search mechanisms represent the first of their kind in the phenotype community. While this computational framework is developed primarily for the plant community, it has potential applications in other domains including the medical field.Includes bibliographical references
An Analysis Review: Optimal Trajectory for 6-DOF-based Intelligent Controller in Biomedical Application
With technological advancements and the development of robots have begun to be utilized in numerous sectors, including industrial, agricultural, and medical. Optimizing the path planning of robot manipulators is a fundamental aspect of robot research with promising future prospects. The precise robot manipulator tracks can enhance the efficacy of a variety of robot duties, such as workshop operations, crop harvesting, and medical procedures, among others. Trajectory planning for robot manipulators is one of the fundamental robot technologies, and manipulator trajectory accuracy can be enhanced by the design of their controllers. However, the majority of controllers devised up to this point were incapable of effectively resolving the nonlinearity and uncertainty issues of high-degree freedom manipulators in order to overcome these issues and enhance the track performance of high-degree freedom manipulators. Developing practical path-planning algorithms to efficiently complete robot functions in autonomous robotics is critical. In addition, designing a collision-free path in conjunction with the physical limitations of the robot is a very challenging challenge due to the complex environment surrounding the dynamics and kinetics of robots with different degrees of freedom (DoF) and/or multiple arms. The advantages and disadvantages of current robot motion planning methods, incompleteness, scalability, safety, stability, smoothness, accuracy, optimization, and efficiency are examined in this paper
Implementations in Machine Ethics: A Survey
Increasingly complex and autonomous systems require machine ethics to maximize the benefits and minimize the risks to society arising from the new technology. It is challenging to decide which type of ethical theory to employ and how to implement it effectively. This survey provides a threefold contribution. First, it introduces a trimorphic taxonomy to analyze machine ethics implementations with respect to their object (ethical theories), as well as their nontechnical and technical aspects. Second, an exhaustive selection and description of relevant works is presented. Third, applying the new taxonomy to the selected works, dominant research patterns, and lessons for the field are identified, and future directions for research are suggested
Tools and techniques for analysing the impact of information security
PhD ThesisThe discipline of information security is employed by organisations to protect the confidentiality,
integrity and availability of information, often communicated in the form of
information security policies. A policy expresses rules, constraints and procedures to guard
against adversarial threats and reduce risk by instigating desired and secure behaviour of
those people interacting with information legitimately. To keep aligned with a dynamic threat
landscape, evolving business requirements, regulation updates, and new technologies a policy
must undergo periodic review and change. Chief Information Security Officers (CISOs) are
the main decision makers on information security policies within an organisation. Making
informed policy modifications involves analysing and therefore predicting the impact of those
changes on the success rate of business processes often expressed as workflows. Security
brings an added burden to completing a workflow. Adding a new security constraint may
reduce success rate or even eliminate it if a workflow is always forced to terminate early. This
can increase the chances of employees bypassing or violating a security policy. Removing an
existing security constraint may increase success rate but may may also increase the risk to
security. A lack of suitably aimed impact analysis tools and methodologies for CISOs means
impact analysis is currently a somewhat manual and ambiguous procedure. Analysis can
be overwhelming, time consuming, error prone, and yield unclear results, especially when
workflows are complex, have a large workforce, and diverse security requirements. This
thesis considers the provision of tools and more formal techniques specific to CISOs to help
them analyse the impact modifying a security policy has on the success rate of a workflow.
More precisely, these tools and techniques have been designed to efficiently compare the
impact between two versions of a security policy applied to the same workflow, one before,
the other after a policy modification.
This work focuses on two specific types of security impact analysis. The first is quantitative
in nature, providing a measure of success rate for a security constrained workflow
which must be executed by employees who may be absent at runtime. This work considers
quantifying workflow resiliency which indicates a workflow’s expected success rate assuming
the availability of employees to be probabilistic. New aspects of quantitative resiliency are introduced in the form of workflow metrics, and risk management techniques to manage
workflows that must work with a resiliency below acceptable levels. Defining these risk
management techniques has led to exploring the reduction of resiliency computation time and
analysing resiliency in workflows with choice. The second area of focus is more qualitative,
in terms of facilitating analysis of how people are likely to behave in response to security
and how that behaviour can impact the success rate of a workflow at a task level. Large
amounts of information from disparate sources exists on human behavioural factors in a
security setting which can be aligned with security standards and structured within a single
ontology to form a knowledge base. Consultations with two CISOs have been conducted,
whose responses have driven the implementation of two new tools, one graphical, the other
Web-oriented allowing CISOs and human factors experts to record and incorporate their
knowledge directly within an ontology. The ontology can be used by CISOs to assess the
potential impact of changes made to a security policy and help devise behavioural controls
to manage that impact. The two consulted CISOs have also carried out an evaluation of the
Web-oriented tool.
vii
Advances in Information Security and Privacy
With the recent pandemic emergency, many people are spending their days in smart working and have increased their use of digital resources for both work and entertainment. The result is that the amount of digital information handled online is dramatically increased, and we can observe a significant increase in the number of attacks, breaches, and hacks. This Special Issue aims to establish the state of the art in protecting information by mitigating information risks. This objective is reached by presenting both surveys on specific topics and original approaches and solutions to specific problems. In total, 16 papers have been published in this Special Issue
- …