270,963 research outputs found

    Integrating security solutions to support nanoCMOS electronics research

    Get PDF
    The UK Engineering and Physical Sciences Research Council (EPSRC) funded Meeting the Design Challenges of nanoCMOS Electronics (nanoCMOS) is developing a research infrastructure for collaborative electronics research across multiple institutions in the UK with especially strong industrial and commercial involvement. Unlike other domains, the electronics industry is driven by the necessity of protecting the intellectual property of the data, designs and software associated with next generation electronics devices and therefore requires fine-grained security. Similarly, the project also demands seamless access to large scale high performance compute resources for atomic scale device simulations and the capability to manage the hundreds of thousands of files and the metadata associated with these simulations. Within this context, the project has explored a wide range of authentication and authorization infrastructures facilitating compute resource access and providing fine-grained security over numerous distributed file stores and files. We conclude that no single security solution meets the needs of the project. This paper describes the experiences of applying X.509-based certificates and public key infrastructures, VOMS, PERMIS, Kerberos and the Internet2 Shibboleth technologies for nanoCMOS security. We outline how we are integrating these solutions to provide a complete end-end security framework meeting the demands of the nanoCMOS electronics domain

    Secure data sharing and processing in heterogeneous clouds

    Get PDF
    The extensive cloud adoption among the European Public Sector Players empowered them to own and operate a range of cloud infrastructures. These deployments vary both in the size and capabilities, as well as in the range of employed technologies and processes. The public sector, however, lacks the necessary technology to enable effective, interoperable and secure integration of a multitude of its computing clouds and services. In this work we focus on the federation of private clouds and the approaches that enable secure data sharing and processing among the collaborating infrastructures and services of public entities. We investigate the aspects of access control, data and security policy languages, as well as cryptographic approaches that enable fine-grained security and data processing in semi-trusted environments. We identify the main challenges and frame the future work that serve as an enabler of interoperability among heterogeneous infrastructures and services. Our goal is to enable both security and legal conformance as well as to facilitate transparency, privacy and effectivity of private cloud federations for the public sector needs. © 2015 The Authors

    Federated authentication and authorisation for e-science

    Get PDF
    The Grid and Web service community are defining a range of standards for a complete solution for security. The National e-Science Centre (NeSC) at the University of Glasgow is investigating how the various pre-integration components work together in a variety of e-Science projects. The EPSRC-funded nanoCMOS project aims to allow electronics designers and manufacturers to use e-Science technologies and expertise to solve problems of device variability and its impact on system design. To support the security requirements of nanoCMOS, two NeSC projects (VPMan and OMII-SP) are providing tools to allow easy configuration of security infrastructures, exploiting previous successful projects using Shibboleth and PERMIS. This paper presents the model in which these tools interoperate to provide secure and simple access to Grid resources for non-technical users

    PEP4Django - A Policy Enforcement Point for Python Web Applications

    Get PDF
    Traditionally, access control mechanisms have been hard-coded into application components. Such approach is error-prone, mixing business logic with access control concerns, and affecting the flexibility of security policies, as is the case with IFRN SUAP Django-based system. The externalization of access control rules allows their decoupling from business logic, through the use of authorization servers where access control policies are stored and queried for computing access decisions. In this context, this paper presents an approach that allows a Django Web application to delegate access control decisions to an external authorization server. The approach has been integrated into an enterprise level system, which has been used for experimentation. The results obtained indicate a negligible overhead, while allowing the modification of access control policies without interrupting the system

    Supporting security-oriented, collaborative nanoCMOS electronics research

    Get PDF
    Grid technologies support collaborative e-Research typified by multiple institutions and resources seamlessly shared to tackle common research problems. The rules for collaboration and resource sharing are commonly achieved through establishment and management of virtual organizations (VOs) where policies on access and usage of resources by collaborators are defined and enforced by sites involved in the collaboration. The expression and enforcement of these rules is made through access control systems where roles/privileges are defined and associated with individuals as digitally signed attribute certificates which collaborating sites then use to authorize access to resources. Key to this approach is that the roles are assigned to the right individuals in the VO; the attribute certificates are only presented to the appropriate resources in the VO; it is transparent to the end user researchers, and finally that it is manageable for resource providers and administrators in the collaboration. In this paper, we present a security model and implementation improving the overall usability and security of resources used in Grid-based e-Research collaborations through exploitation of the Internet2 Shibboleth technology. This is explored in the context of a major new security focused project at the National e-Science Centre (NeSC) at the University of Glasgow in the nanoCMOS electronics domain

    IAMS framework: a new framework for acceptable user experiences for integrating physical and virtual identity access management systems

    No full text
    The modern world is populated with so many virtual and physical Identity Access Management Systems (IAMSs) that individuals are required to maintain numerous passwords and login credentials. The tedious task of remembering multiple login credentials can be minimised through the utilisation of an innovative approach of single sign-in mechanisms. During recent times, several systems have been developed to provide physical and virtual identity management systems; however, most have not been very successful. Many of the available systems do not provide the feature of virtual access on mobile devices via the internet; this proves to be a limiting factor in the usage of the systems. Physical spaces, such as offices and government entities, are also favourable places for the deployment of interoperable physical and virtual identity management systems, although this area has only been explored to a minimal level. Alongside increasing the level of awareness for the need to deploy interoperable physical and virtual identity management systems, this paper addresses the immediate need to establish clear standards and guidelines for successful integration of the two medium

    Toward the Integration of Economics and Outdoor Recreation Management

    Get PDF
    The general theme of this bulletin is that improved management of public-sector recreational resources is a multidisciplinary task. To this end, we attempt to integrate elements of outdoor recreation management theory and economics. The bulletin is written for both resource managers and researchers. For the former, our intent is to emphasize the importance of being aware of economic implications-at least conceptually-of management actions that influence the character and availability of recreational opportunities. To researchers involved in developing recreation management theory, we draw attention to the parallel between recreation management theory and the traditional managerial economic model of the firm. To economists, particularly those involved in developing and applying nonmarket valuation techniques, we draw attention to the types of decisions faced by resource managers. We argue that the most important resource allocation issues are of the incremental variety, so nonmarket valuation should also yield incremental values. These values alone, however, are not sufficient economic input into rational public choice analysis. The missing link , or nexus, between outdoor recreation management theory and economic analysis is the integration of supply and demand, as called for by traditional managerial economics. Collaborative research to develop recreation supply response functions akin to agricultural production functions is an essential step that is missing from both literatures. Theoretical and applied work assume greater practical importance if they feed information into this broadened framework. It is our hope that this bulletin will bring the disciplines closer to that realization

    Knowledge re-use for decision support

    Get PDF
    Effective decision support has already been identified as a fundamental requirement for the realisation of Network Enabled Capability. Decision making itself is a knowledge-intensive process, and it is known that right decisions can only be reached based on decision maker's good judgement, which in turn is based on sufficient knowledge. It is not unusual for decision makers to make incorrect decisions because of insufficient knowledge. However, it is not always possible for decision makers to have all the knowledge needed for making decisions in complex situations without external support. The re-use of knowledge has been identified as providing an important contribution to such support, and this paper considers one, hitherto unexplored, aspect of how this may be achieved. This paper is concerned with the computational view of knowledge re-use to establish an understanding of a knowledge-based system for decision support. The paper explores knowledge re-use for decision support from two perspectives: knowledge provider's and knowledge re-user's. Key issues and challenges of knowledge re-use are identified from both perspectives. A structural model for knowledge re-use is proposed with initial evaluation through empirical study of both experienced and novice decision maker's behaviour in reusing knowledge to make decisions. The proposed structural model for knowledge re-use captures five main elements (knowledge re-uers, knowledge types, knowledge sources, environment, and integration strategies) as well as the relationships between the elements, which forms a foundation for constructing a knowledge-based decision support system. The paper suggests that further research should be investigating the relationship between knowledge re-use and learning to achieve intelligent decision support
    • 

    corecore