125 research outputs found
A conditional role-involved purpose-based access control model
This paper presents a role-involved conditional purpose-based access control (RCPBAC) model, where a purpose is defined as the intension of data accesses or usages. RCPBAC allows users using some data for certain purpose with conditions. The structure of RCPBAC model is defined and investigated. An algorithm is developed to achieve the compliance computation between access purposes (related to data access) and intended purposes (related to data objects) and is illustrated with role-based access control (RBAC) to support RCPBAC. According to this model, more information from data providers can be extracted while at the same time assuring privacy that maximizes the usability of consumers' data. It extends traditional access control models to a further coverage of privacy preserving in data mining environment as RBAC is one of the most popular approach towards access control to achieve database security and available in database management systems. The
structure helps enterprises to circulate clear privacy promise, to collect and manage user preferences and consent
A Privacy-Aware Access Control Model for Distributed Network Monitoring
International audienceIn this paper, we introduce a new access control model that aims at addressing the privacy implications surrounding network monitoring. In fact, despite its importance, network monitoring is natively leakage-prone and, moreover, this is exacerbated due to the complexity of the highly dynamic monitoring procedures and infrastructures, that may include multiple traffic observation points, distributed mitigation mechanisms and even inter-operator cooperation. Conceived on the basis of data protection legislation, the proposed approach is grounded on a rich in expressiveness information model, that captures all the underlying monitoring concepts along with their associations. The model enables the specification of contextual authorisation policies and expressive separation and binding of duty constraints. Finally, two key innovations of our work consist in the ability to define access control rules at any level of abstraction and in enabling a verification procedure, which results in inherently privacy-aware workflows, thus fostering the realisation of the Privacy by Design vision
Privacy enhanced and web based service composition
Service selection is a key issue in the Future Internet, where applications are built by composing services and content offered by different service providers. Most existing service selection schemas only focus on the functional QoS properties of services such as throughput, latency and response time, or on their trust and reputation level. By contrast, the risk of privacy breaches arising from the selection of component services whose privacy policy is not compliant with customersâ privacy preferences is largely ignored. In this paper, we propose a novel privacy-preserving Web service composition and selection approach which (i) makes it possible to verify the compliance between usersâ privacy requirements and providersâ privacy policies and (ii) ranks the composite Web services with respect to the privacy level they offer. We demonstrate our approach using a travel agency Web service as an example of service composition
An Approach for Managing Access to Personal Information Using Ontology-Based Chains
The importance of electronic healthcare has caused numerous
changes in both substantive and procedural aspects of healthcare
processes. These changes have produced new challenges to patient
privacy and information secrecy. Traditional privacy policies cannot
respond to rapidly increased privacy needs of patients in electronic
healthcare. Technically enforceable privacy policies are needed in
order to protect patient privacy in modern healthcare with its cross
organisational information sharing and decision making.
This thesis proposes a personal information flow model that specifies
a limited number of acts on this type of information. Ontology
classified Chains of these acts can be used instead of the
"intended/business purposes" used in privacy access control to
seamlessly imbuing current healthcare applications and their
supporting infrastructure with security and privacy functionality. In
this thesis, we first introduce an integrated basic architecture, design
principles, and implementation techniques for privacy-preserving
data mining systems. We then discuss the key methods of privacypreserving
data mining systems which include four main methods:
Role based access control (RBAC), Hippocratic database, Chain
method and eXtensible Access Control Markup Language (XACML).
We found out that the traditional methods suffer from two main
problems: complexity of privacy policy design and the lack of context
flexibility that is needed while working in critical situations such as the
one we find in hospitals. We present and compare strategies for
realising these methods. Theoretical analysis and experimental
evaluation show that our new method can generate accurate data
mining models and safe data access management while protecting
the privacy of the data being mined. The experiments followed
comparative kind of experiments, to show the ease of the design first
and then follow real scenarios to show the context flexibility in saving
personal information privacy of our investigated method
Ensuring Data Security and Individual Privacy in Health Care Systems
Ph.DDOCTOR OF PHILOSOPH
RBAC seguro, dinĂąmico e distribuĂdo para aplicaçÔes relacionais
Mestrado em Engenharia de Computadores e TelemĂĄticaNowadays, database application use tools like Java Database Connectivity, Hibernate or ADO.NET to access data stored in databases. These tools are designed to bring together the relational database and object-oriented programming paradigms, forsaking applied access control policies. Hence, the application developers must master the established policies as a means to develop software that is conformant with the established access control policies. Furthermore, there are situations where these policies can evolve dynamically. In these cases it becomes hard to adjust the access control mechanisms. This challenge has led to the development of an extension to the role based access control (RBAC) model where permissions are defined as a sequence of create, read, update and delete (CRUD) expressions that can be executed and the interfaces to access them. From these permissions it's possible to generate security artefacts on the client side, i.e. in a distributed manner, which allows the clients to access the stored data while satisfying the security policies defined. On top of this model extension, a security layer has also been created in order to make the access control secure and obligatory. For the RBAC model extension this work leverages a previous work that created a dynamic access control architecture for relational applications, here referred to as DACA (Dynamic Access Control Architecture). DACA uses business logic information and the defined access control policies to build dynamically the security artefacts for the applications. In situations where the access control policies can evolve dynamically, the security artefacts are adjusted automatically. This base work, however, defines as permissions CRUD expressions, which can be executed in any order, and needs an adequate security layer to authenticate users and protect the system form intruders. Hence, this work aims to create a new architecture, called âS-DRACAâ (Secure, Dynamic and Distributed Role-based Access Control Architecture), which extends the work done with DACA so that it is capable of enforcing sequences of CRUD expressions that the applications can execute if the sequences are associated with their roles and the development of a security layer to make it secure. We discuss as well the performance of this system and its applicability to other environments outside of relational databases.Atualmente, aplicaçÔes que acedem a bases de dados utilizam ferramentas como o Java Database Connectivity, Hibernate ou ADO.NET para aceder aos dados nelas armazenados. Estas ferramentas estĂŁo desenhadas para unir os paradigmas das bases de dados relacionais e da programação orientada a objetos, mas nĂŁo estĂŁo preocupados com as polĂticas de controlo de acesso a aplicar. Portanto, os programadores de aplicaçÔes tĂȘm de dominar as polĂticas estabelecidas a fim de desenvolver aplicaçÔes em conformidade com as polĂticas de controlo de acesso estabelecidas.. AlĂ©m disso, existem situaçÔes em que as polĂticas de controlo de acesso podem evoluir dinamicamente. Nestes casos, torna-se difĂcil adequar os mecanismos de controlo de acesso. Este desafio motivou o desenvolvimento de uma extensĂŁo ao modelo de controlo de acesso baseado em papeis (RBAC) que define como permissĂ”es sequĂȘncias de expressĂ”es para criar, ler, atualizar e apagar (CRUD) informação e as interfaces de acesso a cada uma delas. A partir destas permissĂ”es podem ser gerados artefactos de segurança do lado dos clientes, i.e. de uma forma distribuĂda, que lhes permitem aceder Ă informação armazenada na base de dados segundo as polĂticas definidas. Por cima desta extenção tambĂ©m foi criada uma camada de segurança para tornar o controlo de acesso seguro e obrigatĂłrio. Para a extensĂŁo do modelo RBAC este trabalho baseou-se num trabalho anterior que criou uma arquitectura dinĂąmica de controlo de acesso para aplicaçÔes de bases de dados relacionais, aqui referida como DACA (Dynamic Access Control Architecture). DACA utiliza informação da lĂłgica de negĂłcio e as polĂticas de controlo de acesso que foram definidos para criar dinamicamente os artefactos de segurança para as aplicaçÔes. Em situaçÔes onde as polĂticas de controle de acesso evoluem de forma dinĂąmica, os artefactos de segurança sĂŁo ajustados automaticamente. Este trabalho base, no entanto, define como permissĂ”es as expressĂ”es CRUD, podendo estas ser executadas em qualquer ordem, e necessita de uma camada de segurança adequada para autenticar utilizadores e proteger os dados sensĂveis de intrusos. Portanto, neste trabalho, pretende-se criar uma nova arquitectura, chamada âS-DRACAâ (Secure, Dynamic and Distributed Role-based Access Control Architecture), que estende o trabalho feito no Ăąmbito do DACA para que este seja capaz de garantir que sejam cumpridas sequĂȘncia de expressĂ”es CRUD que as aplicaçÔes podem executar e que estĂŁo associados aos seus papĂ©is nas polĂticas RBAC e desenvolver uma camada de segurança adequada para a tornar segura. Discutimos, tambĂ©m, o seu desempenho e aplicabilidade em outros ambientes sem ser em bases de dados relacionais
âEnhanced Encryption and Fine-Grained Authorization for Database Systems
The aim of this research is to enhance fine-grained authorization and encryption
so that database systems are equipped with the controls necessary to help
enterprises adhere to zero-trust security more effectively. For fine-grained
authorization, this thesis has extended database systems with three new
concepts: Row permissions, column masks and trusted contexts. Row
permissions and column masks provide data-centric security so the security
policy cannot be bypassed as with database views, for example. They also
coexist in harmony with the rest of the database core tenets so that enterprises
are not forced to compromise neither security nor database functionality. Trusted
contexts provide applications in multitiered environments with a secure and
controlled manner to propagate user identities to the database and therefore
enable such applications to delegate the security policy to the database system
where it is enforced more effectively. Trusted contexts also protect against
application bypass so the application credentials cannot be abused to make
database changes outside the scope of the applicationâs business logic. For
encryption, this thesis has introduced a holistic database encryption solution to
address the limitations of traditional database encryption methods. It too coexists
in harmony with the rest of the database core tenets so that enterprises are not
forced to choose between security and performance as with column encryption,
for example. Lastly, row permissions, column masks, trusted contexts and holistic
database encryption have all been implemented IBM DB2, where they are relied
upon by thousands of organizations from around the world to protect critical data
and adhere to zero-trust security more effectively
NURS 3301 Professional Mobility
https://scholarworks.utrgv.edu/oer/1002/thumbnail.jp
Leadership in medical education : competencies, challenges and strategies for effectiveness
The complex nature of health care and medical educational organizations, their different primary goals (clinical service versus education), different organizational structures and the necessity for ensuring efficient and harmonious relationships between these two types of organizations create a challenging environment in which to provide effective medical education leadership. The calls for reform in both medical education and health care have added to these challenges.
The purpose of the study was to develop a framework of leadership for medical education and contribute to the literature on leadership in medical education, based on an analysis of the perceptions of key health education leaders in Saskatchewan medical education organizations at the national level in Canada.
The main objectives were the identification of core competencies, challenges and strategies for effectiveness in medical education with a focus on unique aspects of about leadership in the medical education setting. Multiple methods of data collection (individual interviews and an âeventâ study with components of focus groups interviews and short surveys) with subjects of varied backgrounds and at different levels of leadership in medical education were entailed in this study.
The data were collected over a period of 13 months (January, 2009 - February, 2010). The perceptions of 32 medical education leaders, stratified into first- (11), middle- (6) and senior-level (15) leadership positions, based upon the hierarchical position and the scope of the job, were obtained and analyzed. Quantitative data were analyzed through descriptive statistics. Qualitative data were analyzed for themes through content analysis.
The findings provide useful information on leadership competencies, challenges and effectiveness strategies in medical education. Leadership competencies included five domains including personal and interpersonal characteristics, skills for effective leadership, skills as an efficient manager, skills in medical education delivery, skills as a teacher and skills as a researcher. All leaders considered personal and interpersonal characteristics to be at the core of leadership; while skills in medical education delivery, and skills as a medical education teacher and researcher were considered least important. The senior-level leaders spent most of their time in activities requiring leadership functions (e.g., strategic planning and creating alignment) followed by activities requiring managerial skills (e.g., operational management). This distinction in the rank ordering of leadership and managerial skills was not obvious for the first- and middle-level leaders; however, most did indicate that they spent more of their time in roles requiring more managerial skills than leadership skills. Among the key competencies, essential at all levels, were effective communication and building and managing relationships. For the most part, the leadership skills were acquired informally with only a few leaders having undergone formal leadership training.
The leaders faced three types of challenges: personal and interpersonal challenges including effective time management and personal limitations; organizational challenges including those around structures and processes, organizational communication, personal and organizational relationships, creating engagement and alignment, managing culture and resistance and limited resources; and inter-organizational challenges including competing agendas and interests of stakeholders.
The context (societal needs, multiple stakeholders and health care reform), content (medical education delivery and calls for reform) and culture (e.g. professionalism, apprenticeship model of medical education, and the hidden curriculum) of medical education and inherent dualities and conflict require situated leadership skills and strategies. The main leadership theories and approaches helpful in practicing contextual leadership included transactional, transformational, and servant leadership. However, other theoretical approaches, such as moral leadership and learner-centered leadership were also useful.
Effective leadership was considered to include personal and interpersonal strategies, strategies for becoming an efficient manager and strategies for practicing inspiring and effective leadership. Personal and interpersonal strategies included looking after self, seeking advice, consciously developing fortitude, allotting time for priorities and thinking and personal development. Becoming an efficient manager involved diligent delegation, appropriate organizational communication and managing priorities. Practicing inspiring leadership involved developing the structure and processes to achieve vision, providing hope, developing mutually valued relationships which were considered key to engagement, alignment, leading change and managing resistance, moving from power to process, using appropriate leadership styles, developing the art of leading change and managing resistance, proactively influencing culture and accomplishing the vision.
In conclusion, medical education leadership was perceived as requiring both effective leadership and efficient management. The practice of inspiring and effective leadership, however, appeared to be more an art requiring an alchemy of strategies than a simple matter of application
- âŠ