The Role of Law in Russian Health Reform: Report to the United States Agency for International Development

True reform necessarily entails new law. In the newly independent Russian Federation, law has played a formative role in efforts to reform the health care system. Both historically and structurally, the health care system in Russia is more dependent on legal authorization than that in most Western industrialized countries. Reforms that providers might institute independently elsewhere are not likely to happen in Russia without specific laws authorizing them. Policy makers often formulate the substance of policy in the context of developing legislation, instead of drafting legislation to codify settled policy decisions. Thus, identifying and developing suitable laws has become an essential component of health care reform in Russia since the early 1990’s

Preparing Teachers: Highly Qualified to Do What? Editors’ introduction

The No Child Left Behind Act of 2001 has had significant effects on teacher preparation programs, both in terms of changes required for policy compliance and through important program adjustments. These adjustments have largely been made in response to changes in partner schools and districts, where pacing guides, scripted curricula, benchmark testing and program improvement mandates are now the norm. In the context of anticipated robust policy activity in K-12 education and teacher education (e.g., possible re-authorization of the Elementary and Secondary Education Act, adoption of the Common Core Standards, new teacher certification performance assessments, etc.), it is important to understand the ways in which the current federal law, focused primarily on K-12 education, has also shaped teacher preparation programs. Paying attention to the dynamics involved in such context that his article introduces the articles of EPAA/AAPE’s Special Issue on Preparing Teachers: Highly Qualified to Do What

Citizen Electronic Identities using TPM 2.0

Electronic Identification (eID) is becoming commonplace in several European countries. eID is typically used to authenticate to government e-services, but is also used for other services, such as public transit, e-banking, and physical security access control. Typical eID tokens take the form of physical smart cards, but successes in merging eID into phone operator SIM cards show that eID tokens integrated into a personal device can offer better usability compared to standalone tokens. At the same time, trusted hardware that enables secure storage and isolated processing of sensitive data have become commonplace both on PC platforms as well as mobile devices. Some time ago, the Trusted Computing Group (TCG) released the version 2.0 of the Trusted Platform Module (TPM) specification. We propose an eID architecture based on the new, rich authorization model introduced in the TCGs TPM 2.0. The goal of the design is to improve the overall security and usability compared to traditional smart card-based solutions. We also provide, to the best our knowledge, the first accessible description of the TPM 2.0 authorization model.Comment: This work is based on an earlier work: Citizen Electronic Identities using TPM 2.0, to appear in the Proceedings of the 4th international workshop on Trustworthy embedded devices, TrustED'14, November 3, 2014, Scottsdale, Arizona, USA, http://dx.doi.org/10.1145/2666141.266614

ACMiner: Extraction and Analysis of Authorization Checks in Android's Middleware

Billions of users rely on the security of the Android platform to protect phones, tablets, and many different types of consumer electronics. While Android's permission model is well studied, the enforcement of the protection policy has received relatively little attention. Much of this enforcement is spread across system services, taking the form of hard-coded checks within their implementations. In this paper, we propose Authorization Check Miner (ACMiner), a framework for evaluating the correctness of Android's access control enforcement through consistency analysis of authorization checks. ACMiner combines program and text analysis techniques to generate a rich set of authorization checks, mines the corresponding protection policy for each service entry point, and uses association rule mining at a service granularity to identify inconsistencies that may correspond to vulnerabilities. We used ACMiner to study the AOSP version of Android 7.1.1 to identify 28 vulnerabilities relating to missing authorization checks. In doing so, we demonstrate ACMiner's ability to help domain experts process thousands of authorization checks scattered across millions of lines of code