221,044 research outputs found

    Analyzing and Managing Role-Based Access Control Policies

    Full text link

    Approaches and frameworks for management and research in small-scale fisheries in the developing world

    Get PDF
    Commonly adopted approaches to managing small-scale fisheries (SSFs) in developing countries do not ensure sustainability. Progress is impeded by a gap between innovative SSF research and slower-moving SSF management. The paper aims to bridge the gap by showing that the three primary bases of SSF management--ecosystem, stakeholdersā€™ rights and resilience--are mutually consistent and complementary. It nominates the ecosystem approach as an appropriate starting point because it is established in national and international law and policy. Within this approach, the emerging resilience perspective and associated concepts of adaptive management and institutional learning can move management beyond traditional control and resource-use optimization, which largely ignore the different expectations of stakeholders; the complexity of ecosystem dynamics; and how ecological, social, political and economic subsystems are linked. Integrating a rights-based perspective helps balance the ecological bias of ecosystem-based and resilience approaches. The paper introduces three management implementation frameworks that can lend structure and order to research and management regardless of the management approach chosen. Finally, it outlines possible research approaches to overcome the heretofore limited capacity of fishery research to integrate across ecological, social and economic dimensions and so better serve the management objective of avoiding fishery failure by nurturing and preserving the ecological, social and institutional attributes that enable it to renew and reorganize itself. (PDF contains 29 pages

    Enabling Interactive Analytics of Secure Data using Cloud Kotta

    Full text link
    Research, especially in the social sciences and humanities, is increasingly reliant on the application of data science methods to analyze large amounts of (often private) data. Secure data enclaves provide a solution for managing and analyzing private data. However, such enclaves do not readily support discovery science---a form of exploratory or interactive analysis by which researchers execute a range of (sometimes large) analyses in an iterative and collaborative manner. The batch computing model offered by many data enclaves is well suited to executing large compute tasks; however it is far from ideal for day-to-day discovery science. As researchers must submit jobs to queues and wait for results, the high latencies inherent in queue-based, batch computing systems hinder interactive analysis. In this paper we describe how we have augmented the Cloud Kotta secure data enclave to support collaborative and interactive analysis of sensitive data. Our model uses Jupyter notebooks as a flexible analysis environment and Python language constructs to support the execution of arbitrary functions on private data within this secure framework.Comment: To appear in Proceedings of Workshop on Scientific Cloud Computing, Washington, DC USA, June 2017 (ScienceCloud 2017), 7 page

    Policy analysis for self-administrated role-based access control

    No full text
    Current techniques for security analysis of administrative role-based access control (ARBAC) policies restrict themselves to the separate administration assumption that essentially separates administrative roles from regular ones. The naive algorithm of tracking all users is all that is known for the security analysis of ARBAC policies without separate administration, and the state space explosion that this results in precludes building effective tools. In contrast, the separate administration assumption greatly simplifies the analysis since it makes it sufficient to track only one user at a time. However, separation limits the expressiveness of the models and restricts modeling distributed administrative control. In this paper, we undertake a fundamental study of analysis of ARBAC policies without the separate administration restriction, and show that analysis algorithms can be built that track only a bounded number of users, where the bound depends only on the number of administrative roles in the system. Using this fundamental insight paves the way for us to design an involved heuristic to further tame the state space explosion in practical systems. Our results are also very effective when applied on policies designed under the separate administration restriction. We implement our techniques and report on experiments conducted on several realistic case studies
    • ā€¦
    corecore