Designing Monitoring Systems for Continuous Certification of Cloud Services: Deriving Meta-requirements and Design Guidelines

Continuous service certification (CSC) involves the consistently gathering and assessing certification-relevant information about cloud service operations to validate whether they continue to adhere to certification criteria. Previous research has proposed test-based CSC methodologies that directly assess the components of cloud service infrastructures. However, test-based certification requires that certification authorities can access the cloud infrastructure, which various issues may limit. To address these challenges, cloud service providers need to conduct monitoring-based CSC; that is, monitor their cloud service infrastructure to gather certification-relevant data by themselves and then provide these data to certification authorities. Nevertheless, we need to better understand how to design monitoring systems to enable cloud service providers to perform such monitoring. By taking a design science perspective, we derive universal meta-requirements and design guidelines for CSC monitoring systems based on findings from five expert focus group interviews with 33 cloud experts and 10 one-to-one interviews with cloud customers. With this study, we expand the current knowledge base regarding CSC and monitoring-based CSC. Our derived design guidelines contribute to the development of CSC monitoring systems and enable monitoring-based CSC that overcomes issues of prior test-based approaches

Cache de atributos oportunista: melhorando a eficiência do ABAC com o uso de uma política de distribuição de identidades em redes multinível para névoas computacionais

Attribute-based Access Control (ABAC) is one of the most popular access control methods. Despite its popularity, a few works address attribute management in the Internet of Things (IoT). Most of the attributes needed for an IoT policy evaluation come from an external source. Therefore, managing attributes across the network requires communication between the policy decision point and the policy information point for each attribute, impacting ABAC performance. Attribute caches can mitigate this problem; however, due to the dynamic nature of the attributes, the cost of keeping caches up to date increases for each new replica. This work presents a method that predicts attribute requests and anticipates the attribute placement closer to the requester, balancing the cost of creating a new replica and giving ABAC performance benefits. The method handles the current attribute request and predicts where the subsequent request will occur. Based on simulations with a real dataset, the proposed method reduces above 80% the number of requests in the cloud using attributes’ caches and delivers up to 55% of the attributes in the first hop.O Controle de Acesso Baseado em Atributos (Attribute-based Access Control - ABAC) é um dos métodos de controle de acesso mais populares. Apesar de sua popularidade, apenas alguns trabalhos abordam o gerenciamento de atributos na Internet das Coisas (Internet of Health Things - IoT). A maioria dos atributos necessários para uma avaliação de política em IoT vem de uma fonte externa. Portanto, o gerenciamento de atributos através da rede requer comunicação entre o ponto de decisão da política e o ponto de informação da política para cada atributo, impactando o desempenho do ABAC. Os caches de atributos podem atenuar esse problema. No entanto, devido à natureza dinâmica dos atributos, o custo para manter caches atualizados aumenta para cada nova réplica. Este trabalho apresenta um método que prevê solicitações de atributo e antecipa o posicionamento do atributo mais próximo do solicitante, equilibrando o custo de criação de uma nova réplica dando benefícios para o desempenho do ABAC. O método lida com a solicitação de atributo atual e prevê onde ocorrerá a solicitação subsequente. Através de simulações com uma base de dados real, o método proposto reduziu acima de 80% o número de requisições na nuvem utilizando os atributos nos caches e entrega até 55% dos atributos no primeiro salto.CAPES - Coordenação de Aperfeiçoamento de Pessoal de Nível Superio

An Access Control Model to Facilitate Healthcare Information Access in Context of Team Collaboration

The delivery of healthcare relies on the sharing of patients information among a group of healthcare professionals (so-called multidisciplinary teams (MDTs)). At present, electronic health records (EHRs) are widely utilized system to create, manage and share patient healthcare information among MDTs. While it is necessary to provide healthcare professionals with privileges to access patient health information, providing too many privileges may backfire when healthcare professionals accidentally or intentionally abuse their privileges. Hence, finding a middle ground, where the necessary privileges are provided and malicious usage are avoided, is necessary. This thesis highlights the access control matters in collaborative healthcare domain. Focus is mainly on the collaborative activities that are best accomplished by organized MDTs within or among healthcare organizations with an objective of accomplishing a specific task (patient treatment). Initially, we investigate the importance and challenges of effective MDTs treatment, the sharing of patient healthcare records in healthcare delivery, patient data confidentiality and the need for flexible access of the MDTs corresponding to the requirements to fulfill their duties. Also, we discuss access control requirements in the collaborative environment with respect to EHRs and usage scenario of MDTs collaboration. Additionally, we provide summary of existing access control models along with their pros and cons pertaining to collaborative health systems. Second, we present a detailed description of the proposed access control model. In this model, the MDTs is classified based on Belbin’s team role theory to ensure that privileges are provided to the actual needs of healthcare professionals and to guarantee confidentiality as well as protect the privacy of sensitive patient information. Finally, evaluation indicates that our access control model has a number of advantages including flexibility in terms of permission management, since roles and team roles can be updated without updating privilege for every user. Moreover, the level of fine-grained control of access to patient EHRs that can be authorized to healthcare providers is managed and controlled based on the job required to meet the minimum necessary standard and need-to-know principle. Additionally, the model does not add significant administrative and performance overhead.publishedVersio