Analysis of Seed Potato Systems in Ethiopia

This study aimed to analyze the seed potato systems in Ethiopia, identify constraints and prioritize improvement options, combining desk research, rapid appraisal and formal surveys, expert elicitation, field observations and local knowledge. In Ethiopia, informal, alternative and formal seed systems co-exist. The informal system, with low quality seed, is dominant. The formal system is too small to contribute significantly to improve that situation. The informal seed system should prioritize improving seed quality by increasing awareness and skills of farmers, improving seed tuber quality of early generations and market access. The alternative and formal seed systems should prioritize improving the production capacity of quality seed by availing new varieties, designing quality control methods and improving farmer’s awareness. To improve overall seed potato supply in Ethiopia, experts postulated co-existence and linkage of the three seed systems and development of self-regulation and selfcertification in the informal, alternative and formal cooperative seed potato systems. Resumen Este estudio tuvo el propósito de analizar los sistemas de producción de papa en Etiopia, identificar limitantes, y priorizar opciones de mejorar, mediante la combinación de investigación de escritorio, apreciaciones rápidas y estudios formales, encuestas a expertos, observaciones de campo y conocimiento local. En Etiopia co-existen sistemas de semilla informal, alternativo y formal. Domina el sistema informal, con baja calidad de semilla. El sistema formal es muy pequeño como para contribuir significativamente al mejoramiento de esa situación. El sistema informal de semilla debería tener como prioridad el mejoramiento en la calidad de la semilla mediante el aumento en la atención y habilidades de los productores, mejorando la calidad de la semilla-tubérculo de las generaciones tempranas y el acceso al mercado. Los sistemas alternativo y formal de semilla deberían priorizar el mejoramiento en la capacidad de producción de semilla de calidad, mediante la validación de nuevas variedades, el diseño de métodos de control de calidad, y mejorando la atención del productor. Para mejorar el suministro general de semilla de papa en Etiopia, los expertos postularon la co-existencia y asociación de los tres sistemas de semillas y el desarrollo de autorregulación y autocertificación en los sistemas cooperativos de semilla de papa informal, alternativo y formal. Keywords Potato . Seed quality . Seed tuber . Seed system . Quality improvement . Expert elicitation . Solanum tuberosum Introductio

Hardware Design and Implementation of Role-Based Cryptography

Traditional public key cryptographic methods provide access control to sensitive data by allowing the message sender to grant a single recipient permission to read the encrypted message. The Need2Know® system (N2K) improves upon these methods by providing role-based access control. N2K defines data access permissions similar to those of a multi-user file system, but N2K strictly enforces access through cryptographic standards. Since custom hardware can efficiently implement many cryptographic algorithms and can provide additional security, N2K stands to benefit greatly from a hardware implementation. To this end, the main N2K algorithm, the Key Protection Module (KPM), is being specified in VHDL. The design is being built and tested incrementally: this first phase implements the core control logic of the KPM without integrating its cryptographic sub-modules. Both RTL simulation and formal verification are used to test the design. This is the first N2K implementation in hardware, and it promises to provide an accelerated and secured alternative to the software-based system. A hardware implementation is a necessary step toward highly secure and flexible deployments of the N2K system

The SPORTSMART study: a pilot randomised controlled trial of sexually transmitted infection screening interventions targeting men in football club settings

Background: Uptake of chlamydia screening by men in England has been substantially lower than by women. Non-traditional settings such as sports clubs offer opportunities to widen access. Involving people who are not medically trained to promote screening could optimise acceptability. Methods: We developed two interventions to explore the acceptability and feasibility of urine-based sexually transmitted infection (STI) screening interventions targeting men in football clubs. We tested these interventions in a pilot cluster randomised control trial. Six clubs were randomly allocated, two to each of three trial arms: team captain-led and poster STI screening promotion; sexual health adviser-led and poster STI screening promotion; and poster-only STI screening promotion (control/comparator). Primary outcome was test uptake. Results: Across the three arms, 153 men participated in the trial and 90 accepted the offer of screening (59%, 95% CI 35% to 79%). Acceptance rates were broadly comparable across the arms: captain-led: 28/56 (50%); health professional-led: 31/46 (67%); and control: 31/51 (61%). However, rates varied appreciably by club, precluding formal comparison of arms. No infections were identified. Process evaluation confirmed that interventions were delivered in a standardised way but the control arm was unintentionally ‘enhanced’ by some team captains actively publicising screening events. Conclusions: Compared with other UK-based community screening models, uptake was high but gaining access to clubs was not always easy. Use of sexual health advisers and team captains to promote screening did not appear to confer additional benefit over a poster-promoted approach. Although the interventions show potential, the broader implications of this strategy for UK male STI screening policy require further investigation

Formal Methods for the Verification of Safety Critical Applications using SPIN Model Checker

Security over the years has been a major concern for the organizations and companies.With the emergence of smart cards, industry has become more interested in methodologies which are used to establish the correctness and security of the applications developed with the acceptance of the use of smart cards in such domains.This paper provides a general introduction to the state-of-the-art of formal methods for the development of safety-critical systems. The idea is to combine two program verification approaches: the functional verification at the source code level and the verification of high level properties on a formal model built from the program and its specification. One of the important security systems in building security is door access control. The door access control is a physical security that assures the security of a building by limiting access to the building to specific people and by keeping records of such entries.In thispaper we employ a model checking method to verify the functional aspects of the smartcard operated door lock system which authenticates each person entering the building.PROMELA model for the proposed system Is presented. DOI: 10.17762/ijritcc2321-8169.150710

Audit-based Compliance Control (AC2) for EHR Systems

Traditionally, medical data is stored and processed using paper-based files. Recently, medical facilities have started to store, access and exchange medical data in digital form. The drivers for this change are mainly demands for cost reduction, and higher quality of health care. The main concerns when dealing with medical data are availability and confidentiality. Unavailability (even temporary) of medical data is expensive. Physicians may not be able to diagnose patients correctly, or they may have to repeat exams, adding to the overall costs of health care. In extreme cases availability of medical data can even be a matter of life or death. On the other hand, confidentiality of medical data is also important. Legislation requires medical facilities to observe the privacy of the patients, and states that patients have a final say on whether or not their medical data can be processed or not. Moreover, if physicians, or their EHR systems, are not trusted by the patients, for instance because of frequent privacy breaches, then patients may refuse to submit (correct) information, complicating the work of the physicians greatly. \ud \ud In traditional data protection systems, confidentiality and availability are conflicting requirements. The more data protection methods are applied to shield data from outsiders the more likely it becomes that authorized persons will not get access to the data in time. Consider for example, a password verification service that is temporarily not available, an access pass that someone forgot to bring, and so on. In this report we discuss a novel approach to data protection, Audit-based Compliance Control (AC2), and we argue that it is particularly suited for application in EHR systems. In AC2, a-priori access control is minimized to the mere authentication of users and objects, and their basic authorizations. More complex security procedures, such as checking user compliance to policies, are performed a-posteriori by using a formal and automated auditing mechanism. To support our claim we discuss legislation concerning the processing of health records, and we formalize a scenario involving medical personnel and a basic EHR system to show how AC2 can be used in practice. \ud \ud This report is based on previous work (Dekker & Etalle 2006) where we assessed the applicability of a-posteriori access control in a health care scenario. A more technically detailed article about AC2 recently appeared in the IJIS journal, where we focussed however on collaborative work environments (Cederquist, Corin, Dekker, Etalle, & Hartog, 2007). In this report we first provide background and related work before explaining the principal components of the AC2 framework. Moreover we model a detailed EHR case study to show its operation in practice. We conclude by discussing how this framework meets current trends in healthcare and by highlighting the main advantages and drawbacks of using an a-posteriori access control mechanism as opposed to more traditional access control mechanisms

Managerial Control Effects on Information Security Policy Compliance Intentions: Considerations of Formal and Informal Modes of Control

With the continued advancement in computer and digital technologies, companies, institutions, and organizations worldwide have leveraged new information technology to increase efficiency and effectiveness for all aspects of their business functions. Oftentimes, the information processed and stored on information systems poses an information security risk to the organization, employees, and clients alike. Therefore, a comprehensive and effective information security management program is essential to protecting data from accidental or intentional exposure to actors who wish to gain access to data to make a profit by selling the information to the highest bidder, utilize the stolen data for their own internal research and development, or use the data to damage a targeted institution for nefarious motives. Employees’ compliance with corporate information security policies is a necessary component to the success of the corporate information security management program. In this study, I adopted the control theory and developed a research model to explain how formal and informal organizational controls affect employees’ intentions to comply with information security policies. To test the model, I collected data from 303 respondents about their perceptions of their organizations’ formal and informal control modes along with their respective intentions to comply with information security policies. SEM-PLS analysis provided results that were only partially in consonance with previous studies and showed some additive effects when control modes were combined into a single model. I found clan control (informal) to have a significant and positive effect. I also found that adding the informal control modes into the model resulted in a different effect by rendering input control (formal) and self-control (informal) insignificant and changing the direction of the relationship of outcome control (formal) and behavior control (formal). In turn, these findings can help organizations set up proper controls to protect themselves from cyber threats and establish the most effective methods of control based on organizational context and control theory to ensure employees’ compliance with the established information security policies of their organizations

Un processus formel d'intégration de politiques de contrôle d'accès dans les systèmes d'information

Security is a key aspect in information systems (IS) development. One cannot build a bank IS without security in mind. In medical IS, security is one of the most important features of the software. Access control is one of many security aspects of an IS. It defines permitted or forbidden execution of system's actions by an user. Between the conception of an access control policy and its effective deployment on an IS, several steps can introduce unacceptable errors. Using formal methods may be an answer to reduce errors during the modeling of access control policies. Using the process algebra EB[superscript 3], one can formally model IS. Its extension, EB[superscript 3]SEC, was created in order to model access control policies. The ASTD notation combines Harel's Statecharts and EB[superscript 3] operators into a graphical and formal notation that can be used in order to model IS. However, both methods lack tools allowing a designer to prove or verify security properties in order to validate an access control policy. Furthermore, the implementation of an access control policy must correspond to its abstract specification. This thesis defines translation rules from EB[superscript 3] to ASTD, from ASTD to Event-B and from ASTD to B. It also introduces a formal architecture expressed using the B notation in order to enforce a policy over an IS. This modeling of access control policies in B can be used in order to prove properties, thanks to the B prover, but also to verify properties using ProB, a model checker for B. Finally, a refinement strategy for the access control policy into an implementation is proposed. B refinements are proved, this ensures that the implementation corresponds to the initial model of the access control policy

Security Policy Specification Using a Graphical Approach

A security policy states the acceptable actions of an information system, as the actions bear on security. There is a pressing need for organizations to declare their security policies, even informal statements would be better than the current practice. But, formal policy statements are preferable to support (1) reasoning about policies, e.g., for consistency and completeness, (2) automated enforcement of the policy, e.g., using wrappers around legacy systems or after the fact with an intrusion detection system, and (3) other formal manipulation of policies, e.g., the composition of policies. We present LaSCO, the Language for Security Constraints on Objects, in which a policy consists of two parts: the domain (assumptions about the system) and the requirement (what is allowed assuming the domain is satisfied). Thus policies defined in LaSCO have the appearance of conditional access control statements. LaSCO policies are specified as expressions in logic and as directed graphs, giving a visual view of policy. LaSCO has a simple semantics in first order logic (which we provide), thus permitting policies we write, even for complex policies, to be very perspicuous. LaSCO has syntax to express many of the situations we have found to be useful on policies or, more interesting, the composition of policies. LaSCO has an object-oriented structure, permitting it to be useful to describe policies on the objects and methods of an application written in an object-oriented language, in addition to the traditional policies on operating system objects. A LaSCO specification can be automatically translated into executable code that checks an invocation of a program with respect to a policy. The implementation of LaSCO is in Java, and generates wrappers to check Java programs with respect to a policy.Comment: 28 pages, 22 figures, in color (but color is not essential for viewing); UC Davis CS department technical report (July 22, 1998

Aboriginal Rights in Alaska

This paper was originally presented at Session A.1, "The Aborigine in comparative law," at the 12th Congress of the International Academy of Comparative Law, Sydney, Australia, August 1986. The paper as originally presented can be found at http://hdl.handle.net/11122/9784.This paper describes the current state of aboriginal rights in Alaska and the impact of federal and state laws and policies on Alaska Native political and legal rights, tribal status, self-determination, and access to tribal lands. Topics covered include the legal determination of Alaska Native identity, the legal status of Alaska Native groups, Alaska Native land rights, sovereignty and self-government, subsistence, recognition of family and kinship structures, the criminal justice system in rural Alaska, customary versus formal legal process, and human rights and equality before the law.Factual Background / Legal Identity and Membership / Legal Status of Native Groups / Land Rights/Self-Government/Use of Natural Resources (Local or Regional Governments; Control of or Participation in Decisions Concerning Natural Resources) / Recognition of Family/Kinship Structures (Experience under the Indian Child Welfare Act 1978; Impact on Customary Law) / Criminal Justice and Procedure: Impact of the Criminal Justice System (Relationship between Law Enforcement and Self-Government; Procedure and Customary Conflicts) / Special Legal Institutions (Local Methods of Dispute Resolution; Distribution of Funds, Benefits and Services, and Political Representation) / Human Rights and Equality Before the Law / Notes / Bibliograph