Architecture for Provenance Systems

This document covers the logical and process architectures of provenance systems. The logical architecture identifies key roles and their interactions, whereas the process architecture discusses distribution and security. A fundamental aspect of our presentation is its technology-independent nature, which makes it reusable: the principles that are exposed in this document may be applied to different technologies

What Do All These Numbers Mean? Data Visualization as an Innovative Methodology to Make Program Decisions

Background: There is a lack of consistent, comprehensible data collection and analysis methods for evaluating teacher preparation program’s coverage of required standards for accreditation. Of particular concern is the adequate coverage of standards and competencies that address the teaching of English learners and teachers of students from culturally and linguistically diverse backgrounds. Purpose: To graphically convey the findings of a faculty survey regarding English learner and multicultural content in teacher preparation coursework in order to inform them of inadequate coverage (and saturation) of those particular teaching standards and competencies. Setting: A small teacher preparation program in a Northern California public university that prepares elementary school teachers and special education teachers. Intervention: 10 full and part-time faculty members in a teacher preparation program that prepares elementary and special education teachers. Research Design: Congruency study, in which raw data from faculty survey responses were compared with rated program responses to teacher preparation standards by means of a relational database with graphing output capabilities. Data Collection: A survey instrument was designed and administered to all faculty members in the program. Findings: The resulting radar maps and other graphic outputs allowed faculty to clearly see where their course content aligned with the program accreditation response and where more coverage of that particular competency was necessary. Conclusions: The use of relational databases was a highly effective method for helping one teacher preparation program to visualize their progress towards meeting standards for teacher preparation in the area of student diversity and the teaching of English learners. Keywords: data visualization, program evaluation, teacher developmen

Analysis and Implementation of Policy Inference of Uploaded Images on Networking Sites

Human or user increase in the usage of social networking through various platforms by sharing their images increased a need for developing more secure systems which help user to share information among groups or people that he or she authorizes without causing any security issues in future. People can then share their desired images by applying different settings on the image such as who can view the image, who can download the image etc., and least bother about the privacy. To solve the privacy problem of excessive and careless sharing of images and information by users, this paper analyzes and describes a privacy policy development system that helps users to create new privacy settings for the images they share and helps in reducing the security breach or fraud over internet. It also helps the user by providing individual settings to all the images they share individually. Depending on the user history on the sharing site, the system proposes a policy in which the user can approve or make changes to the privacy prediction. Polices are thus improved afterwards in time with all the user inputs. Along with the description, this paper also presents a part of implementation of the system

IT infrastructure & microservices authentication

Mestrado IPB-ESTGBIOma - Integrated solutions in BIOeconomy for the Mobilization of the Agrifood chain project is structured in 6 PPS (Products, Processes, and Services) out of which, a part of PPS2 is covered in this work. This work resulted in the second deliverable of PPS2 which is defined as PPS2.A1.E2 - IT infrastructure design and graphical interface conceptual design. BIOma project is in the early stage and this deliverable is a design task of the project. For defining the system architecture, requirements, UML diagrams, physical architecture, and logical architecture have been proposed. The system architecture is based on microservices due to its advantages like scalability and maintainability for bigger projects like BIOma where several sensors are used for big data analysis. Special attention has been devoted to the research and study for the authentication and authorization of users and devices in a microservices architecture. The proposed authentication solution is a result of research made for microservices authentication where it was concluded that using a separate microservice for user authentication is the best solution. FIWARE is an open-source initiative defining a universal set of standards for context data management that facilitates the development of Smart solutions for different domains like Smart Cities, Smart Industry, Smart Agrifood, and Smart Energy. FIWARE’s PEP (Policy Enforcement Point) proxy solution has been proposed in this work for the better management of user’s identities, and client-side certificates have been proposed for authentication of IoT (Internet of Things) devices. The communication between microservices is done through AMQP (Advanced Message Queuing Protocol), and between IoT devices and microservices is done through MQTT (Message Queuing Telemetry Transport) protocol

Expressive Policy-Based Access Control for Resource-Constrained Devices

Upcoming smart scenarios enabled by the Internet of Things envision smart objects that expose services that can adapt to user behavior or be managed with the goal of achieving higher productivity, often in multi-stakeholder applications. In such environments, smart things are cheap sensors (and actuators) and, therefore, constrained devices. However, they are also critical components because of the importance of the provided information. Therefore, strong security is a must. Nevertheless, existing feasible approaches do not cope well with the principle of least privilege; they lack both expressiveness and the ability to update the policy to be enforced in the sensors. In this paper, we propose an access control model that comprises a policy language that provides dynamic fine-grained policy enforcement in the sensors based on local context conditions. This dynamic policy cycle requires a secure, efficient, and traceable message exchange protocol. For that purpose, a security protocol called Hidra is also proposed. A security and performance evaluation demonstrates the feasibility and adequacy of the proposed protocol and access control model.This work was supported in part by the Training and Research Unit through UPV/EHU under Grant UFI11/16 and in part by the Department of Economic Development and Competitiveness of the Basque Government through the Security Technologies SEKUTEK Collaborative Research Projec

Indeterminacy-aware prediction model for authentication in IoT.

The Internet of Things (IoT) has opened a new chapter in data access. It has brought obvious opportunities as well as major security and privacy challenges. Access control is one of the challenges in IoT. This holds true as the existing, conventional access control paradigms do not fit into IoT, thus access control requires more investigation and remains an open issue. IoT has a number of inherent characteristics, including scalability, heterogeneity and dynamism, which hinder access control. While most of the impact of these characteristics have been well studied in the literature, we highlighted “indeterminacy” in authentication as a neglected research issue. This work stresses that an indeterminacy-resilient model for IoT authentication is missing from the literature. According to our findings, indeterminacy consists of at least two facets: “uncertainty” and “ambiguity”. As a result, various relevant theories were studied in this work. Our proposed framework is based on well-known machine learning models and Attribute-Based Access Control (ABAC). To implement and evaluate our framework, we first generate datasets, in which the location of the users is a main dataset attribute, with the aim to analyse the role of user mobility in the performance of the prediction models. Next, multiple classification algorithms were used with our datasets in order to build our best-fit prediction models. Our results suggest that our prediction models are able to determine the class of the authentication requests while considering both the uncertainty and ambiguity in the IoT system