On Using Encryption Techniques to Enhance Sticky Policies Enforcement

How to enforce privacy policies to protect sensitive personal data has become an urgent research topic for security researchers, as very little has been done in this field apart from some ad hoc research efforts. The sticky policy paradigm, proposed by Karjoth, Schunter, and Waidner, provides very useful inspiration on how we can protect sensitive personal data, but the enforcement is very weak. In this paper we provide an overview of the state of the art in enforcing sticky policies, especially the concept of sticky policy enforcement using encryption techniques including Public-Key Encryption (PKE), Identity-Based Encryption (IBE), Attribute-Based Encryption (ABE), and Proxy Re-Encryption (PRE). We provide detailed comparison results on the (dis)advantages of these enforcement mechanisms. As a result of the analysis, we provide a general framework for enhancing sticky policy enforcement using Type-based PRE (TPRE), which is an extension of general PRE

bdbms -- A Database Management System for Biological Data

Biologists are increasingly using databases for storing and managing their data. Biological databases typically consist of a mixture of raw data, metadata, sequences, annotations, and related data obtained from various sources. Current database technology lacks several functionalities that are needed by biological databases. In this paper, we introduce bdbms, an extensible prototype database management system for supporting biological data. bdbms extends the functionalities of current DBMSs to include: (1) Annotation and provenance management including storage, indexing, manipulation, and querying of annotation and provenance as first class objects in bdbms, (2) Local dependency tracking to track the dependencies and derivations among data items, (3) Update authorization to support data curation via content-based authorization, in contrast to identity-based authorization, and (4) New access methods and their supporting operators that support pattern matching on various types of compressed biological data types. This paper presents the design of bdbms along with the techniques proposed to support these functionalities including an extension to SQL. We also outline some open issues in building bdbms.Comment: This article is published under a Creative Commons License Agreement (http://creativecommons.org/licenses/by/2.5/.) You may copy, distribute, display, and perform the work, make derivative works and make commercial use of the work, but, you must attribute the work to the author and CIDR 2007. 3rd Biennial Conference on Innovative Data Systems Research (CIDR) January 710, 2007, Asilomar, California, US

Distributed Access Control for Web and Business Processes

Middleware influenced the research community in developing a number of systems for controlling access to distributed resources. Nowadays a new paradigm for the lightweight integration of business resources from different partners is starting to take hold – Web Services and Business Processes for Web Services. Security and access control policies for Web Services protocols and distributed systems are well studied and almost standardized, but there is not yet a comprehensive proposal for an access control architecture for business processes. So, it is worth looking at the available approaches to distributed authorization as a starting point for a better understanding of what they already have and what they still need to address the security challenges for business processes

Secure Data Sharing With AdHoc

In the scientific circles, there is pressing need to form temporary and dynamic collaborations to share diverse resources (e.g. data, an access to services, applications or various instruments). Theoretically, the traditional grid technologies respond to this need with the abstraction of a Virtual Organization (VO). In practice its procedures are characterized by latency, administrative overhead and are inconvenient to its users. We would like to propose the Manifesto for Secure Sharing. The main postulate is that users should be able to share data and resources by themselves without any intervention on the system administrator's side. In addition, operating an intuitive interface does not require IT skills. AdHoc is a resource sharing interface designed for users willing to share data or computational resources within seconds and almost effortlessly. The AdHoc application is built on the top of traditional security frameworks, such as the PKI X.509 certificate scheme, Globus GSI, gLite VOMS and Shibboleth. It enables users rapid and secure collaboration

Workforce Investment Act (WIA) Reauthorization Proposals in the 113th Congress: Comparison of Major Features of Current Law and S.1356

The Workforce Investment Act of 1998 (WIA; P.L. 105-220) is the primary federal program that supports workforce development activities, including job search assistance, career development, and job training. WIA established the One-Stop delivery system as a way to co-locate and coordinate the activities of multiple employment programs for adults, youth, and various targeted subpopulations. The delivery of these services occurs primarily through more than 3,000 One- Stop career centers nationwide. WIA includes four main titles that cover employment and training services, adult education and literacy services, the employment service, and vocational rehabilitation services for individuals with disabilities. The authorizations for appropriations for most programs under WIA expired at the end of FY2003. Since that time, WIA programs have been funded through the annual appropriations process. The Senate Committee on Health, Education, Labor, and Pensions (HELP) held a markup of S. 1356 (the Workforce Investment Act of 2013) on July 31, 2013, and ordered the bill reported by a vote of 18 to 3. S. 1356 would reauthorize WIA through 2018. S. 1356 would maintain the One-Stop delivery system established by WIA but would make changes to the programs, services, and governing structure of WIA, through changes to Workforce Investment Boards (WIBs), state plan requirements, national programs, and alignment and coordination provisions across all titles. Some of the major changes include the adoption of primary indicators of performance across all WIA titles, the requirement of a Unified State Plan that includes all core programs, the authorization of innovation and replication grants, greater emphasis on economic and employment outcomes for adult education programs, and expanded services for youth and students with disabilities. This report provides a comparison of major themes in current WIA and in S. 1356