Designing a Messaging Strategy to Improve Information Security Policy Compliance

Lack of employee compliance with information security policies is a key factor driving security incidents. Information security practitioners struggle to enforce policy compliance while employees try to curtail controls in favor of expediency and other perceived business and personal goals. This research-in-progress project utilizes the Design Science Research framework to develop an intervention based on a novel messaging strategy that aims to help information security practitioners improve employees’ behaviors through intrinsic motivation, thus increasing compliance with information security policies

A Configurable Transport Layer for CAF

The message-driven nature of actors lays a foundation for developing scalable and distributed software. While the actor itself has been thoroughly modeled, the message passing layer lacks a common definition. Properties and guarantees of message exchange often shift with implementations and contexts. This adds complexity to the development process, limits portability, and removes transparency from distributed actor systems. In this work, we examine actor communication, focusing on the implementation and runtime costs of reliable and ordered delivery. Both guarantees are often based on TCP for remote messaging, which mixes network transport with the semantics of messaging. However, the choice of transport may follow different constraints and is often governed by deployment. As a first step towards re-architecting actor-to-actor communication, we decouple the messaging guarantees from the transport protocol. We validate our approach by redesigning the network stack of the C++ Actor Framework (CAF) so that it allows to combine an arbitrary transport protocol with additional functions for remote messaging. An evaluation quantifies the cost of composability and the impact of individual layers on the entire stack

Improving the Scalability of DPWS-Based Networked Infrastructures

The Devices Profile for Web Services (DPWS) specification enables seamless discovery, configuration, and interoperability of networked devices in various settings, ranging from home automation and multimedia to manufacturing equipment and data centers. Unfortunately, the sheer simplicity of event notification mechanisms that makes it fit for resource-constrained devices, makes it hard to scale to large infrastructures with more stringent dependability requirements, ironically, where self-configuration would be most useful. In this report, we address this challenge with a proposal to integrate gossip-based dissemination in DPWS, thus maintaining compatibility with original assumptions of the specification, and avoiding a centralized configuration server or custom black-box middleware components. In detail, we show how our approach provides an evolutionary and non-intrusive solution to the scalability limitations of DPWS and experimentally evaluate it with an implementation based on the the Web Services for Devices (WS4D) Java Multi Edition DPWS Stack (JMEDS).Comment: 28 pages, Technical Repor

Utilizing the Human Rights Framework: Lessons Learned from the From Poverty to Opportunity Campaign: Realizing Human Rights in Illinois

In response to the growth and deepening of poverty in Illinois and the collateral human rights consequences, in December of 2006, Heartland Alliance for Human Needs & Human Rights initiated the "From Poverty to Opportunity Campaign: Realizing Human Rights in Illinois". Working in collaboration with a coalition of community members, advocates, organizers, faith-based institutions, and policy leaders, the campaign advocated state-wide for an improved response to the growing problem of poverty in Illinois. This paper documents some of the lessons Heartland Alliance has learned while using the human rights framework to build and advance a campaign to eliminate extreme poverty in Illinois

Using Intervention Mapping to Develop an Efficacious Multicomponent Systems-Based Intervention to Increase Human Papillomavirus (HPV) Vaccination in a Large Urban Pediatric Clinic Network

Background: The CDC recommends HPV vaccine for all adolescents to prevent cervical, anal, oropharyngeal, vaginal, vulvar, and penile cancers, and genital warts. HPV vaccine rates currently fall short of national vaccination goals. Despite evidence-based strategies with demonstrated efficacy to increase HPV vaccination rates, adoption and implementation of these strategies within clinics is lacking. The Adolescent Vaccination Program (AVP) is a multicomponent systems-based intervention designed to implement five evidence-based strategies within primary care pediatric practices. The AVP has demonstrated efficacy in increasing HPV vaccine initiation and completion among adolescents 10-17 years of age. The purpose of this paper is to describe the application of Intervention Mapping (IM) toward the development, implementation, and formative evaluation of the clinic-based AVP prototype. Methods: Intervention Mapping (IM) guided the development of the Adolescent Vaccination Program (AVP). Deliverables comprised: a logic model of the problem (IM Step 1); matrices of behavior change objectives (IM Step 2); a program planning document comprising scope, sequence, theory-based methods, and practical strategies (IM Step 3); functional AVP component prototypes (IM Step 4); and plans for implementation (IM Step 5) and evaluation (IM Step 6). Results: The AVP consists of six evidence-based strategies implemented in a successful sequenced roll-out that (1) established immunization champions in each clinic, (2) disseminated provider assessment and feedback reports with data-informed vaccination goals, (3) provided continued medical and nursing education (with ethics credit) on HPV, HPV vaccination, message bundling, and responding to parent hesitancy, (4) electronic health record cues to providers on patient eligibility, and (5) patient reminders for HPV vaccine initiation and completion. Conclusions: IM provided a logical and systematic approach to developing and evaluating a multicomponent systems-based intervention to increase HPV vaccination rates among adolescents in pediatric clinics

Revisiting Actor Programming in C++

The actor model of computation has gained significant popularity over the last decade. Its high level of abstraction makes it appealing for concurrent applications in parallel and distributed systems. However, designing a real-world actor framework that subsumes full scalability, strong reliability, and high resource efficiency requires many conceptual and algorithmic additives to the original model. In this paper, we report on designing and building CAF, the "C++ Actor Framework". CAF targets at providing a concurrent and distributed native environment for scaling up to very large, high-performance applications, and equally well down to small constrained systems. We present the key specifications and design concepts---in particular a message-transparent architecture, type-safe message interfaces, and pattern matching facilities---that make native actors a viable approach for many robust, elastic, and highly distributed developments. We demonstrate the feasibility of CAF in three scenarios: first for elastic, upscaling environments, second for including heterogeneous hardware like GPGPUs, and third for distributed runtime systems. Extensive performance evaluations indicate ideal runtime behaviour for up to 64 cores at very low memory footprint, or in the presence of GPUs. In these tests, CAF continuously outperforms the competing actor environments Erlang, Charm++, SalsaLite, Scala, ActorFoundry, and even the OpenMPI.Comment: 33 page