158,945 research outputs found
The Role of Law in Russian Health Reform: Report to the United States Agency for International Development
True reform necessarily entails new law. In the newly independent Russian Federation, law has played a formative role in efforts to reform the health care system. Both historically and structurally, the health care system in Russia is more dependent on legal authorization than that in most Western industrialized countries. Reforms that providers might institute independently elsewhere are not likely to happen in Russia without specific laws authorizing them. Policy makers often formulate the substance of policy in the context of developing legislation, instead of drafting legislation to codify settled policy decisions. Thus, identifying and developing suitable laws has become an essential component of health care reform in Russia since the early 1990’s
Preparing Teachers: Highly Qualified to Do What? Editors’ introduction
The No Child Left Behind Act of 2001 has had significant effects on teacher preparation programs, both in terms of changes required for policy compliance and through important program adjustments. These adjustments have largely been made in response to changes in partner schools and districts, where pacing guides, scripted curricula, benchmark testing and program improvement mandates are now the norm. In the context of anticipated robust policy activity in K-12 education and teacher education (e.g., possible re-authorization of the Elementary and Secondary Education Act, adoption of the Common Core Standards, new teacher certification performance assessments, etc.), it is important to understand the ways in which the current federal law, focused primarily on K-12 education, has also shaped teacher preparation programs. Paying attention to the dynamics involved in such context that his article introduces the articles of EPAA/AAPE’s Special Issue on Preparing Teachers: Highly Qualified to Do What
Citizen Electronic Identities using TPM 2.0
Electronic Identification (eID) is becoming commonplace in several European
countries. eID is typically used to authenticate to government e-services, but
is also used for other services, such as public transit, e-banking, and
physical security access control. Typical eID tokens take the form of physical
smart cards, but successes in merging eID into phone operator SIM cards show
that eID tokens integrated into a personal device can offer better usability
compared to standalone tokens. At the same time, trusted hardware that enables
secure storage and isolated processing of sensitive data have become
commonplace both on PC platforms as well as mobile devices.
Some time ago, the Trusted Computing Group (TCG) released the version 2.0 of
the Trusted Platform Module (TPM) specification. We propose an eID architecture
based on the new, rich authorization model introduced in the TCGs TPM 2.0. The
goal of the design is to improve the overall security and usability compared to
traditional smart card-based solutions. We also provide, to the best our
knowledge, the first accessible description of the TPM 2.0 authorization model.Comment: This work is based on an earlier work: Citizen Electronic Identities
using TPM 2.0, to appear in the Proceedings of the 4th international workshop
on Trustworthy embedded devices, TrustED'14, November 3, 2014, Scottsdale,
Arizona, USA, http://dx.doi.org/10.1145/2666141.266614
ACMiner: Extraction and Analysis of Authorization Checks in Android's Middleware
Billions of users rely on the security of the Android platform to protect
phones, tablets, and many different types of consumer electronics. While
Android's permission model is well studied, the enforcement of the protection
policy has received relatively little attention. Much of this enforcement is
spread across system services, taking the form of hard-coded checks within
their implementations. In this paper, we propose Authorization Check Miner
(ACMiner), a framework for evaluating the correctness of Android's access
control enforcement through consistency analysis of authorization checks.
ACMiner combines program and text analysis techniques to generate a rich set of
authorization checks, mines the corresponding protection policy for each
service entry point, and uses association rule mining at a service granularity
to identify inconsistencies that may correspond to vulnerabilities. We used
ACMiner to study the AOSP version of Android 7.1.1 to identify 28
vulnerabilities relating to missing authorization checks. In doing so, we
demonstrate ACMiner's ability to help domain experts process thousands of
authorization checks scattered across millions of lines of code
- …