Object-specific Role-based Access Control

The proper management of privacy and security constraints in information systems in general and access control in particular constitute a tremendous, but still prevalent challenge. Role-based access control (RBAC) and its variations can be considered as the widely adopted approach to realize authorization in information systems. However, RBAC lacks a proper object-specific support, which disallows establishing the fine-grained access control required in many domains. By comparison, attribute-based access control (ABAC) enables a fine-grained access control based on policies and rules evaluating attributes. As a drawback, ABAC lacks the abstraction of roles. Moreover, it is challenging to engineer and to audit the granted privileges encoded in rule-based policies. This paper presents the generic approach of object-specific role-based access control (ORAC). On one hand, ORAC enables information system engineers, administrators and users to utilize the well-known principle of roles. On the other, ORAC allows realizing the access to objects in a fine-grained way where required. The approach was systematically established according to well-elicited key requirements for fine-grained access control in information systems. For the purpose of evaluation, the approach was applied to real-world scenarios and implemented in a proof-of-concept prototype demonstrating its feasibility and applicability

Roolipohjainen käyttöoikeuksien hallinta

Tässä opinnäytetyössä tutkitaan roolipohjaista käyttöoikeuksien hallintaa käyttöoikeuksien hallintajärjestelmissä. Käyttöoikeudella tarkoitetaan mitä tahansa henkilön työssään tarvitsemaa tietojärjestelmää tai fyysistä laitetta, jonka käyttämiseksi tarvitaan lupa. Rooli on vastaavasti joukko käyttöoikeuksia, joita henkilö tarvitsee suoriutuakseen työtehtävistään. Roolipohjaisessa käyttöoikeuksien hallinnassa käyttöoikeuksia haetaan, myönnetään tai poistetaan kerralla roolien avulla sen sijaan, että käyttöoikeuksia hallittaisiin yksittäisinä. Työn tavoitteena on selvittää, mitä roolipohjaisella käyttöoikeuksien hallinnalla tarkoitetaan ja mitkä tekijät vaikuttavat siihen, millainen roolipohjaisen käyttöoikeuksien hallinta sopii erilaisille organisaatioille. Työssä kerrotaan yleisesti käyttöoikeuksien hallinnan aihepiiristä ja syvennytään tarkemmin roolipohjaisen käyttöoikeuksien hallinnan ominaispiirteisiin ja käsitteisiin. Lisäksi perehdytään aihepiirin keskeisimpiin lakeihin ja säädöksiin, standardeihin, menetelmiin ja malleihin. Työn lopputuloksena syntyvää tietoa voidaan käyttää apuna perehtyessä aihealueeseen ennen käyttöoikeuksien hallintaprojektin aloittamista, laajennettaessa olemassa olevaa käyttöoikeuksien hallintaa roolipohjaisuuteen tai suunniteltaessa roolipohjaisia käyttöoikeuksien hallintasovelluksia. Tutkimuksen asiakastapauksena toimii tietojärjestelmäprojekti, jossa Salon kaupungille toimitettiin roolipohjainen käyttöoikeuksien hallintajärjestelmä. Salon kaupunki tavoitteli projektissa keskitettyä käyttöoikeuksien hallinnan prosessia ja järjestelmää, jonka avulla se pystyisi hallitsemaan roolipohjaisesti kaikkia kaupungin sekä terveydenhuollon työntekijöiden käyttöoikeuksia. Tutkimuksen lopputuloksena selviää, mitä varten roolipohjainen käyttöoikeuksien hallinta on luotu ja mitä käsitteellä rooli tarkoitetaan eri asiayhteyksissä. Rooleista puhuttaessa on tärkeää erottaa työ- ja järjestelmäroolien merkitys. Roolien avulla pyritään tuomaan hallittavuutta, nopeutta, johdonmukaisuutta, kustannussäästöjä ja tietoturvallisuutta käyttöoikeuksien hallintaan. Tavoitteisiin pääsemiseksi on huomioitava on kaikki toimintaympäristöön liittyvät tekijät ja arvioitava tapauskohtaisesti oikeat menetelmät roolien määrittämiseksi. Käyttäjien määrä, hallittavien käyttöoikeuksien määrä, tietojärjestelmien laajuus, organisaatiorakenne, liiketoimintaan ja toimialaan liittyvät ominaispiirteet, säädökset ja tietoturvavaatimukset vaikuttavat kaikki oikean toimintatavan valintaan.This study deals with role-based access rights management in access rights management systems. Access right here means any information system or physical device to which a person needs a permission, to use it in their job. In role-based access rights management systems access rights are requested, approved or removed by using roles rather than managing access rights separately. The aim of this study was to find out the meaning of the role-based access rights management and the factors which influence what kind of role-based access rights management suits different organizations. First there is a general description of access rights management and then the focus is on the concept of role-based access control. After that common laws, standards, models and methods of rolebased access rights management are described. The results of the study can be used for getting familiar with the subject before an identity management project, changing current system to role-based access control or planning the role-based identity management software. The customer case in this study is a project where role-based access rights management software was delivered to the city of Salo. The aim of the city was to create a centralized process for handling access rights. The project included the identity management software which can be used to handle all the access rights of the personnel of the city and its healthcare service. The study shows why the role-based access rights management was created and what the definition of role means in different contexts. It is very important to separate the meaning of the task roles and system roles. By using roles, access right management can be more manageable, faster, more consistent, more cost-effective and more secure. To achieve these goals all factors related to the operational environment have to be taken into account and the right methods for defining roles must be chosen. The number of users, the number of access rights, the size of system environment, the organization structure, the special characteristics of the business area, laws and demands for security do have an effect on how to choose the right way to use role-based access rights management

Scalable And Secure Provenance Querying For Scientific Workflows And Its Application In Autism Study

In the era of big data, scientific workflows have become essential to automate scientific experiments and guarantee repeatability. As both data and workflow increase in their scale, requirements for having a data lineage management system commensurate with the complexity of the workflow also become necessary, calling for new scalable storage, query, and analytics infrastructure. This system that manages and preserves the derivation history and morphosis of data, known as provenance system, is essential for maintaining quality and trustworthiness of data products and ensuring reproducibility of scientific discoveries. With a flurry of research and increased adoption of scientific workflows in processing sensitive data, i.e., health and medication domain, securing information flow and instrumenting access privileges in the system have become a fundamental precursor to deploying large-scale scientific workflows. That has become more important now since today team of scientists around the world can collaborate on experiments using globally distributed sensitive data sources. Hence, it has become imperative to augment scientific workflow systems as well as the underlying provenance management systems with data security protocols. Provenance systems, void of data security protocol, are susceptible to vulnerability. In this dissertation research, we delineate how scientific workflows can improve therapeutic practices in autism spectrum disorders. The data-intensive computation inherent in these workflows and sensitive nature of the data, necessitate support for scalable, parallel and robust provenance queries and secured view of data. With that in perspective, we propose $OPQL^{Pig}$, a parallel, robust, reliable and scalable provenance query language and introduce the concept of access privilege inheritance in the provenance systems. We characterize desirable properties of role-based access control protocol in scientific workflows and demonstrate how the qualities are integrated into the workflow provenance systems as well. Finally, we describe how these concepts fit within the DATAVIEW workflow management system

Obstacles to prompt and effective malaria treatment lead to low community-coverage in two rural districts of Tanzania

BACKGROUND\ud \ud Malaria is still a leading child killer in sub-Saharan Africa. Yet, access to prompt and effective malaria treatment, a mainstay of any malaria control strategy, is sub-optimal in many settings. Little is known about obstacles to treatment and community-effectiveness of case-management strategies. This research quantified treatment seeking behaviour and access to treatment in a highly endemic rural Tanzanian community. The aim was to provide a better understanding of obstacles to treatment access in order to develop practical and cost-effective interventions.\ud \ud METHODS\ud \ud We conducted community-based treatment-seeking surveys including 226 recent fever episodes in 2004 and 2005. The local Demographic Surveillance System provided additional household information. A census of drug retailers and health facilities provided data on availability and location of treatment sources.\ud \ud RESULTS\ud \ud After intensive health education, the biomedical concept of malaria has largely been adopted by the community. 87.5% (78.2-93.8) of the fever cases in children and 80.7% (68.1-90.0) in adults were treated with one of the recommended antimalarials (at the time SP, amodiaquine or quinine). However, only 22.5% (13.9-33.2) of the children and 10.5% (4.0-21.5) of the adults received prompt and appropriate antimalarial treatment. Health facility attendance increased the odds of receiving an antimalarial (OR = 7.7) but did not have an influence on correct dosage. The exemption system for under-fives in public health facilities was not functioning and drug expenditures for children were as high in health facilities as with private retailers.\ud \ud CONCLUSION\ud \ud A clear preference for modern medicine was reflected in the frequent use of antimalarials. Yet, quality of case-management was far from satisfactory as was the functioning of the exemption mechanism for the main risk group. Private drug retailers played a central role by complementing existing formal health services in delivering antimalarial treatment. Health system factors like these need to be tackled urgently in order to translate the high efficacy of newly introduced artemisinin-based combination therapy (ACT) into equitable community-effectiveness and health-impact

Supporting Location Privacy Management through Feedback and Control

Participation in modern, socially-focused digital systems involves a large degree of privacy management, i.e. controlling who may access what information under what circumstances. Effective privacy management (control) requires that mobile systems’ users be able to make informed privacy decisions as their experience and knowledge of a system progresses. By informed, we mean users be aware of the actual information flow. Moreover, privacy preferences vary across the context and it is hard to define privacy policy that reflects the dynamic nature of our lives. This research explores the problem of supporting awareness of information flow and designing usable interfaces for maintaining privacy policies ad-hoc. We borrow from the world of Computer Supported Collaborative Work (CSCW) and propose to incorporate social translucence, a design approach that “supports coherent behaviour by making participants and their activities visible to one another”. We use the characteristics of social translucence, namely visibility, awareness and accountability in order to introduce social norms in spatially dispersed systems. Our research is driven by two questions: (1) how can artifacts from real world social interaction, such as responsibility, be embedded into mobile interaction; and (2) can systems be designed in which both privacy violations and the burden of privacy management is minimized. The contributions of our work are: (1) an implementation of Buddy Tracker, privacy-aware location-sharing application based on the social translucence; (2) the design and evaluation of the concept of real-time feedback as a means of incorporating social translucence in location-sharing scenarios; and finally (3) a novel interface for ad-hoc privacy management called Privacy-Shake. We explore the role of real-time feedback for privacy management in the context of Buddy Tracker. Informed by focus group discussions, interviews, surveys and two field trials of Buddy Tracker we found that when using a system that provided real-time feedback, people were more accountable for their actions and reduced the number of unreasonable location requests. From our observations we develop concrete design guidelines for incorporating real-time feedback into information sharing applications in a manner that ensures social acceptance of the technology

Contributions to the privacy provisioning for federated identity management platforms

Identity information, personal data and user’s profiles are key assets for organizations and companies by becoming the use of identity management (IdM) infrastructures a prerequisite for most companies, since IdM systems allow them to perform their business transactions by sharing information and customizing services for several purposes in more efficient and effective ways. Due to the importance of the identity management paradigm, a lot of work has been done so far resulting in a set of standards and specifications. According to them, under the umbrella of the IdM paradigm a person’s digital identity can be shared, linked and reused across different domains by allowing users simple session management, etc. In this way, users’ information is widely collected and distributed to offer new added value services and to enhance availability. Whereas these new services have a positive impact on users’ life, they also bring privacy problems. To manage users’ personal data, while protecting their privacy, IdM systems are the ideal target where to deploy privacy solutions, since they handle users’ attribute exchange. Nevertheless, current IdM models and specifications do not sufficiently address comprehensive privacy mechanisms or guidelines, which enable users to better control over the use, divulging and revocation of their online identities. These are essential aspects, specially in sensitive environments where incorrect and unsecured management of user’s data may lead to attacks, privacy breaches, identity misuse or frauds. Nowadays there are several approaches to IdM that have benefits and shortcomings, from the privacy perspective. In this thesis, the main goal is contributing to the privacy provisioning for federated identity management platforms. And for this purpose, we propose a generic architecture that extends current federation IdM systems. We have mainly focused our contributions on health care environments, given their particularly sensitive nature. The two main pillars of the proposed architecture, are the introduction of a selective privacy-enhanced user profile management model and flexibility in revocation consent by incorporating an event-based hybrid IdM approach, which enables to replace time constraints and explicit revocation by activating and deactivating authorization rights according to events. The combination of both models enables to deal with both online and offline scenarios, as well as to empower the user role, by letting her to bring together identity information from different sources. Regarding user’s consent revocation, we propose an implicit revocation consent mechanism based on events, that empowers a new concept, the sleepyhead credentials, which is issued only once and would be used any time. Moreover, we integrate this concept in IdM systems supporting a delegation protocol and we contribute with the definition of mathematical model to determine event arrivals to the IdM system and how they are managed to the corresponding entities, as well as its integration with the most widely deployed specification, i.e., Security Assertion Markup Language (SAML). In regard to user profile management, we define a privacy-awareness user profile management model to provide efficient selective information disclosure. With this contribution a service provider would be able to accesses the specific personal information without being able to inspect any other details and keeping user control of her data by controlling who can access. The structure that we consider for the user profile storage is based on extensions of Merkle trees allowing for hash combining that would minimize the need of individual verification of elements along a path. An algorithm for sorting the tree as we envision frequently accessed attributes to be closer to the root (minimizing the access’ time) is also provided. Formal validation of the above mentioned ideas has been carried out through simulations and the development of prototypes. Besides, dissemination activities were performed in projects, journals and conferences.Programa Oficial de Doctorado en Ingeniería TelemáticaPresidente: María Celeste Campo Vázquez.- Secretario: María Francisca Hinarejos Campos.- Vocal: Óscar Esparza Martí

Towards Collaborative Scientific Workflow Management System

The big data explosion phenomenon has impacted several domains, starting from research areas to divergent of business models in recent years. As this intensive amount of data opens up the possibilities of several interesting knowledge discoveries, over the past few years divergent of research domains have undergone the shift of trend towards analyzing those massive amount data. Scientific Workflow Management System (SWfMS) has gained much popularity in recent years in accelerating those data-intensive analyses, visualization, and discoveries of important information. Data-intensive tasks are often significantly time-consuming and complex in nature and hence SWfMSs are designed to efficiently support the specification, modification, execution, failure handling, and monitoring of the tasks in a scientific workflow. As far as the complexity, dimension, and volume of data are concerned, their effective analysis or management often become challenging for an individual and requires collaboration of multiple scientists instead. Hence, the notion of 'Collaborative SWfMS' was coined - which gained significant interest among researchers in recent years as none of the existing SWfMSs directly support real-time collaboration among scientists. In terms of collaborative SWfMSs, consistency management in the face of conflicting concurrent operations of the collaborators is a major challenge for its highly interconnected document structure among the computational modules - where any minor change in a part of the workflow can highly impact the other part of the collaborative workflow for the datalink relation among them. In addition to the consistency management, studies show several other challenges that need to be addressed towards a successful design of collaborative SWfMSs, such as sub-workflow composition and execution by different sub-groups, relationship between scientific workflows and collaboration models, sub-workflow monitoring, seamless integration and access control of the workflow components among collaborators and so on. In this thesis, we propose a locking scheme to facilitate consistency management in collaborative SWfMSs. The proposed method works by locking workflow components at a granular attribute level in addition to supporting locks on a targeted part of the collaborative workflow. We conducted several experiments to analyze the performance of the proposed method in comparison to related existing methods. Our studies show that the proposed method can reduce the average waiting time of a collaborator by up to 36% while increasing the average workflow update rate by up to 15% in comparison to existing descendent modular level locking techniques for collaborative SWfMSs. We also propose a role-based access control technique for the management of collaborative SWfMSs. We leverage the Collaborative Interactive Application Methodology (CIAM) for the investigation of role-based access control in the context of collaborative SWfMSs. We present our proposed method with a use-case of Plant Phenotyping and Genotyping research domain. Recent study shows that the collaborative SWfMSs often different sets of opportunities and challenges. From our investigations on existing research works towards collaborative SWfMSs and findings of our prior two studies, we propose an architecture of collaborative SWfMSs. We propose - SciWorCS - a Collaborative Scientific Workflow Management System as a proof of concept of the proposed architecture; which is the first of its kind to the best of our knowledge. We present several real-world use-cases of scientific workflows using SciWorCS. Finally, we conduct several user studies using SciWorCS comprising different real-world scientific workflows (i.e., from myExperiment) to understand the user behavior and styles of work in the context of collaborative SWfMSs. In addition to evaluating SciWorCS, the user studies reveal several interesting facts which can significantly contribute in the research domain, as none of the existing methods considered such empirical studies, and rather relied only on computer generated simulated studies for evaluation

Intelligent Products: Shifting the Production Control Logic in Construction (With Lean and BIM)

Production management and control in construction has not been addressed/updated ever since the introduction of Critical Path Method and the Last Planner® system. The predominant outside-in control logic and a fragmented and deep supply chain in construction significantly affect the efficiency over a lifecycle. In a construction project, a large number of organisations interact with the product throughout the process, requiring a significant amount of information handling and synchronisation between these organisations. However, due to the deep supply chains and problems with lack of information integration, the information flow down across the lifecycle poses a significant challenge. This research proposes a product centric system, where the control logic of the production process is embedded within the individual components from the design phase. The solution is enabled by a number of technologies and tools such as Building Information Modelling, Internet of Things, Messaging Systems and within the conceptual process framework of Lean Construction. The vision encompasses the lifecycle of projects from design to construction and maintenance, where the products can interact with the environment and its actors through various stages supporting a variety of actions. The vision and the tools and technologies required to support it are described in this pape