History-sensitive versus future-sensitive approaches to security in distributed systems

We consider the use of aspect-oriented techniques as a flexible way to deal with security policies in distributed systems. Recent work suggests to use aspects for analysing the future behaviour of programs and to make access control decisions based on this; this gives the flavour of dealing with information flow rather than mere access control. We show in this paper that it is beneficial to augment this approach with history-based components as is the traditional approach in reference monitor-based approaches to mandatory access control. Our developments are performed in an aspect-oriented coordination language aiming to describe the Bell-LaPadula policy as elegantly as possible. Furthermore, the resulting language has the capability of combining both history- and future-sensitive policies, providing even more flexibility and power.Comment: In Proceedings ICE 2010, arXiv:1010.530

Authorization and access control of application data in Workflow systems

Workflow Management Systems (WfMSs) are used to support the modeling and coordinated execution of business processes within an organization or across organizational boundaries. Although some research efforts have addressed requirements for authorization and access control for workflow systems, little attention has been paid to the requirements as they apply to application data accessed or managed by WfMSs. In this paper, we discuss key access control requirements for application data in workflow applications using examples from the healthcare domain, introduce a classification of application data used in workflow systems by analyzing their sources, and then propose a comprehensive data authorization and access control mechanism for WfMSs. This involves four aspects: role, task, process instance-based user group, and data content. For implementation, a predicate-based access control method is used. We believe that the proposed model is applicable to workflow applications and WfMSs with diverse access control requirements

A conditional role-involved purpose-based access control model

This paper presents a role-involved conditional purpose-based access control (RCPBAC) model, where a purpose is defined as the intension of data accesses or usages. RCPBAC allows users using some data for certain purpose with conditions. The structure of RCPBAC model is defined and investigated. An algorithm is developed to achieve the compliance computation between access purposes (related to data access) and intended purposes (related to data objects) and is illustrated with role-based access control (RBAC) to support RCPBAC. According to this model, more information from data providers can be extracted while at the same time assuring privacy that maximizes the usability of consumers' data. It extends traditional access control models to a further coverage of privacy preserving in data mining environment as RBAC is one of the most popular approach towards access control to achieve database security and available in database management systems. The structure helps enterprises to circulate clear privacy promise, to collect and manage user preferences and consent

The inverse relationship between farm size and productivity in rural Rwanda

The Rwandan government has recently adopted new agricultural and land policies that strive to increase productivity in the agricultural sector though land consolidation and concentration, and through the promotion of regional crop specialisation and monocropping. This paper, however, identifies the strong inverse relationship between farm size and land productivity under the current land management system; also when taking into account farm fragmentation, crop diversification, frequency of multicropping and household size. In addition, it concludes that increased farm fragmentation, higher frequency of multicropping, and more crop diversification do not necessarily have a significant negative impact upon productivity, on the contrary. The paper reflects upon the implications of Rwanda’s agrarian and land policies

The Contextual Database of the Generations and Gender Program

The increasing recognition that the study of human behaviors has to take into account the multiple contexts in which they occur has opened a promising research avenue in social sciences. It also presents new challenges, e.g., to complement micro-level surveys with the collection of meaningful contextual data within a common conceptual framework. The Contextual Database of the Generations and Gender Program aims at responding to the new data demands by providing a comparative collection of around 210 variables on a national and sub-national level, thus complementing the individual-level data collected in the Generations and Gender Survey.World, comparative analysis, data banks