Dynamic deployment of context-aware access control policies for constrained security devices

Securing the access to a server, guaranteeing a certain level of protection over an encrypted communication channel, executing particular counter measures when attacks are detected are examples of security requirements. Such requirements are identi ed based on organizational purposes and expectations in terms of resource access and availability and also on system vulnerabilities and threats. All these requirements belong to the so-called security policy. Deploying the policy means enforcing, i.e., con guring, those security components and mechanisms so that the system behavior be nally the one speci ed by the policy. The deployment issue becomes more di cult as the growing organizational requirements and expectations generally leave behind the integration of new security functionalities in the information system: the information system will not always embed the necessary security functionalities for the proper deployment of contextual security requirements. To overcome this issue, our solution is based on a central entity approach which takes in charge unmanaged contextual requirements and dynamically redeploys the policy when context changes are detected by this central entity. We also present an improvement over the OrBAC (Organization-Based Access Control) model. Up to now, a controller based on a contextual OrBAC policy is passive, in the sense that it assumes policy evaluation triggered by access requests. Therefore, it does not allow reasoning about policy state evolution when actions occur. The modi cations introduced by our work overcome this limitation and provide a proactive version of the model by integrating concepts from action speci cation languages

Employment insecurity and life satisfaction: The moderating influence of labour market policies across Europe

This article tests whether the link between employment insecurity and life satisfaction is moderated by the generosity of labour market policies across Europe. Employment insecurity provokes anxieties about (a) the difficulties of finding a new job and (b) alternative sources of non-work income. These components can be related to active and passive labour market policies, respectively. Generous policy support is thus expected to buffer the negative consequences of employment insecurity by lowering the perceived difficulty of finding a similar job or providing income maintenance during unemployment. Based on data for 22 countries from the 2010 European Social Survey, initial support for this hypothesis is found. Perceived employment insecurity is negatively associated with life satisfaction but the strength of the relationship is inversely related to the generosity of labour market policies. Employment insecurity, in other words, is more harmful in countries where labour market policies are less generous

Conditions, constraints and contracts: on the use of annotations for policy modeling.

Organisational policies express constraints on generation and processing of resources. However, application domains rely on transformation processes, which are in principle orthogonal to policy specifications and domain rules and policies may evolve in a non-synchronised way. In previous papers, we have proposed annotations as a flexible way to model aspects of some policy, and showed how they could be used to impose constraints on domain configurations, how to derive application conditions on transformations, and how to annotate complex patterns. We extend the approach by: allowing domain model elements to be annotated with collections of elements, which can be collectively applied to individual resources or collections thereof; proposing an original construction to solve the problem of annotations remaining orphan , when annotated resources are consumed; introducing a notion of contract, by which a policy imposes additional pre-conditions and post-conditions on rules for deriving new resources. We discuss a concrete case study of linguistic resources, annotated with information on the licenses under which they can be used. The annotation framework allows forms of reasoning such as identifying conflicts among licenses, enforcing the presence of licenses, or ruling out some modifications of a licence configuration

The evolution of tropos: Contexts, commitments and adaptivity

Software evolution is the main research focus of the Tropos group at University of Trento (UniTN): how do we build systems that are aware of their requirements, and are able to dynamically reconfigure themselves in response to changes in context (the environment within which they operate) and requirements. The purpose of this report is to offer an overview of ongoing work at UniTN. In particular, the report presents ideas and results of four lines of research: contextual requirements modeling and reasoning, commitments and goal models, developing self-reconfigurable systems, and requirements awareness

Government Performance and Life Satisfaction in Contemporary Britain

This paper investigates relationships between public policy outcomes and life satisfaction in contemporary Britain. Monthly national surveys gathered between April 2004 and December 2008 are used to analyze the impact of policy delivery both at the micro and macro levels, the former relating to citizens personal experiences, and the latter to cognitive evaluations of and affective reactions to the effectiveness of policies across the country as a whole. The impact of salient political events and changes in economic context involving the onset of a major financial crisis also are considered. Analyses reveal that policy outcomes, especially microlevel ones, significantly influence life satisfaction. The effects of both micro- and macrolevel outcomes involve both affective reactions to policy delivery and cognitive judgments about government performance. Controlling for these and other factors, the broader economic context in which policy judgments are made also influences life satisfaction. © 2010 Southern Political Science Association

Usable Security: Why Do We Need It? How Do We Get It?

Security experts frequently refer to people as “the weakest link in the chain” of system security. Famed hacker Kevin Mitnick revealed that he hardly ever cracked a password, because it “was easier to dupe people into revealing it” by employing a range of social engineering techniques. Often, such failures are attributed to users’ carelessness and ignorance. However, more enlightened researchers have pointed out that current security tools are simply too complex for many users, and they have made efforts to improve user interfaces to security tools. In this chapter, we aim to broaden the current perspective, focusing on the usability of security tools (or products) and the process of designing secure systems for the real-world context (the panorama) in which they have to operate. Here we demonstrate how current human factors knowledge and user-centered design principles can help security designers produce security solutions that are effective in practice