Authorisation in Context: Incorporating Context-Sensitivity into an Access Control Framework

With sensitive information about ourselves now distributed across personal devices, people need to make access control decisions for different contexts of use. However, despite advances in improving the usability of access control for both developers and users, we still lack insights about how the intentions behind policy decisions in different contexts of use are shaped. In this paper, we describe how context was incorporated into an access control framework using a study of how context influences access control decision making. We describe how the main recommendations arising from this study were used to build context into a policy editor for this access control framework

Modelling role hierarchy structure using the Formal Concept Analysis

We demonstrate how one can use the formal concept analysis (FCA) to obtain the role hierarchy for the role based access control from the existing access control matrix. We also discuss assesed by means of FCA the quality of security system and finding users with excess permissions

On Mutual Authorizations: Semantics, Integration Issues, and Performance

reciprocity is a powerful determinant of human behavior. None of the existing access control models however captures this reciprocity phenomenon. In this paper, we introduce a new kind of grant, which we call mutual, to express authorizations that actually do this, i.e., users grant access to their resources only to users who allow them access to theirs. We define the syntax and semantics of mutual authorizations and show how this new grant can be included in the Role-Based Access Control model, i.e., extend RBAC with it. We use location-based services as an example to deploy mutual authorizations, and we propose two approaches to integrate them into these services. Next, we prove the soundness and analyze the complexity of both approaches. We also study how the ratio of mutual to allow and to deny authorizations affects the number of persons whose position a given person may read. These ratios may help in predicting whether users are willing to use mutual authorizations instead of deny or allow. Experiments confirm our complexity analysis and shed light on the performance of our approaches

Managing access to the internet in public libraries in the UK: the findings of the MAIPLE project

One of the key purposes of the public library is to provide access to information (UNESCO, 1994). In the UK, information is provided in printed formats and for the last decade via public access Internet workstations installed as part of the People’s Network initiative. Recent figures reveal that UK public libraries provide approximately 40,000 computer terminals offering users around 80,000 hours across more than 4,000 service points (CIPFA, 2012). In addition, increasing numbers of public libraries allow users to connect devices such as tablets or smart phones to the Internet via a wireless network access point (Wi-Fi). How do public library staff manage this? What about users viewing harmful or illegal content? And what are the implications for a profession committed to freedom of access to information and opposition to censorship? MAIPLE, a two-year project funded by the Arts and Humanities Research Council has been investigating this issue as little was known about how UK public libraries manage Internet content control including illegal material. MAIPLE has drawn on an extensive review of the literature, an online survey to which all UK public library services were invited to participate (39 per cent response rate) and case studies with five services (two in England, one in Scotland, one in Wales and one in Northern Ireland) to examine the ways these issues are managed and their implications for staff. This presentation will explore the prevalence of tools such as filtering software, Acceptable Use Policies, user authentication, booking software and visual monitoring by staff and consider their efficacy and desirability in the provision of public Internet access. It will consider the professional dilemmas inherent within managing content and access. Finally, it will highlight some of the more important themes emerging from the findings and their implications for practitioners and policy makers

Forever Young: Aging Control For Smartphones In Hybrid Networks

The demand for Internet services that require frequent updates through small messages, such as microblogging, has tremendously grown in the past few years. Although the use of such applications by domestic users is usually free, their access from mobile devices is subject to fees and consumes energy from limited batteries. If a user activates his mobile device and is in range of a service provider, a content update is received at the expense of monetary and energy costs. Thus, users face a tradeoff between such costs and their messages aging. The goal of this paper is to show how to cope with such a tradeoff, by devising \emph{aging control policies}. An aging control policy consists of deciding, based on the current utility of the last message received, whether to activate the mobile device, and if so, which technology to use (WiFi or 3G). We present a model that yields the optimal aging control policy. Our model is based on a Markov Decision Process in which states correspond to message ages. Using our model, we show the existence of an optimal strategy in the class of threshold strategies, wherein users activate their mobile devices if the age of their messages surpasses a given threshold and remain inactive otherwise. We then consider strategic content providers (publishers) that offer \emph{bonus packages} to users, so as to incent them to download updates of advertisement campaigns. We provide simple algorithms for publishers to determine optimal bonus levels, leveraging the fact that users adopt their optimal aging control strategies. The accuracy of our model is validated against traces from the UMass DieselNet bus network.Comment: See also http://www-net.cs.umass.edu/~sadoc/agecontrol

Master of Science

thesisCloud infrastructures have massively increased access to latent compute resources al- lowing for computations that were previously out of reach to be performed efficiently and cheaply. Due to the multi-user nature of clouds, this wealth of resources has been "siloed" into discrete isolated segments to ensure privacy and control over the resources by their current owner. Modern clouds have evolved beyond basic resource sharing, and have become platforms of modern development. Clouds are now home to rich ecosystems of services provided by third parties, or the cloud itself. However, clouds employ a rigid access control model that limits how cloud users can access these third-party services. With XNet, we aim to make cloud access control systems more flexible and dynamic by model- ing cloud access control as an object-based capability system. In this model, cloud users create and exchange "capabilities" to resources that permit them to use those resources as long as they continue to possess a capability to them. This model has collaborative policy definition at its core, allowing cloud users to more safely provide services to other users, and use services provided to them. We have implemented our model, and have integrated it into the popular OpenStack cloud system. Further, we have modified the existing Galaxy scientific workflow system to support our model, greatly enhancing the security guaranteed to users of the Galaxy system

23. Navigating Consent, Rights, and Intellectual Property (A, D, E)

This course is intended for anyone (community members, language teachers, archives users, students, faculty, senior researchers) of any level who wants to have a better understanding of how consent, permission, intellectual property, cultural property, traditional knowledge and copyright interact with each other and how they affect language researchers, community members, archive staff and the general public. The class will be organized into a combination of lecture and open discussion about the above-named concepts, as well as other concepts such as open versus public access, fair use, public domain, terms and conditions of use, access embargos, access restrictions, access protocols, attribution, etc. To contextualize the class content, we will explore various real and hypothetical scenarios to illustrate processes and legislature that control access and articulate rights and property