474,368 research outputs found
A Formal Structure of Separation of Duty and Trust in Modelling Delegation Policy
There are considerable number of approaches to policy specification both for security management and policy driven network management purposes as reported in [20]. This specification sort security policies into two basic types: authorization and obligation policies. Most of the researches in security policies specification over the years focus on authorization policy modelling. In this paper, we report our approach in the design and Modelling of obligation Policy as delegation in information security by considering separation of duty and trust as pre-requisite conditions for delegation. The formal structures of the Delegation models developed was adapted from the Mathematical structures of Separation of duty (both Static and Dynamic SoD) in RBAC environment as described in [8] and [16]. Three factors of Properties, Experiences and Recommendation as described in [22] were used for the Trust Modelling. Future works proposed include the development of a formal model for revocation after delegation and integration of appropriate authorization policy with the model.Facultad de Informátic
Security-Driven Model-Based Dynamic Adaptation
International audienceSecurity is a key-challenge for software engineering, especially when considering access control and software evolutions. No satisfying solution exists for maintaining the alignment of access control policies with the business logic. Current implementations of access control rely on the separation between the policy and the application code. In practice, this separation is not so strict and some rules are hard-coded within the application, making the evolution of the policy difficult. We propose a new methodology for implementing security-driven applications. From a policy defined by a security expert, we generate an architectural model, reflecting the access control policy. We leverage the advances in the models@runtime domain to keep this model synchronized with the running system. When the policy is updated, the architectural model is updated, which in turn reconfigures the running system. As a proof of concept, we apply the approach to the development of a library management system
New risks and opportunities for food security: scenario analyses for 2015 and 2050
"Given the number of undernourished people in the developing world and the increasingly complex risks to food security, policymakers are faced with an enormous agenda. Freeing people from hunger will require more and better-targeted investments, innovations, and policy actions, driven by a keen understanding of the dynamic risks and forces that shape the factors affecting people's access to food and the links with nutrition. The International Food Policy Research Institute's (IFPRI's) International Model for Policy Analysis of Agricultural Commodities and Trade (IMPACT) provides insight into the management of these risks through appropriate policy actions. By projecting future global food scenarios to 2050, IMPACT explores the potential implications of policy action and inaction in several main risk areas as well as the effects on child malnutrition in the developing world, commodity prices, demand, cereal yields, production, and net trade. In the progressive policy actions scenario, which assumes increased investment in rural development, health, education, and agricultural research and development, developing country governments and the international community are able to dramatically reduce the number of food-insecure people, leading to a worldwide decline in hunger. Under these conditions, Latin America and China are able to virtually eliminate child malnutrition by 2050. Bolstered by the development and dissemination of improved technologies and better infrastructure, crop production and yields increase in developing countries. Notably, the bulk of the growth in production is driven by yield increases rather than by expanding land area. Spurred by growth in the agricultural sector, average incomes in developing countries increase. Rising incomes bolster demand for high-value agricultural products, such as meat, dairy, and fruits and vegetables; global livestock production more than doubles, for example. Average per capita calorie supplies for developing countries exceed 3,400 per day, well in excess of minimum requirements. The policy failure scenario assumes greater political discord and more extensive agricultural protectionism, together with the failure of policies to deal with food emergencies related to conflict. Slow growth and trade restrictions lead to stagnation in average per capita calorie availability, which remains only slightly above minimum requirements until after 2030, when availability increases. In addition, crucial investments in agriculture, rural development, and poverty reduction are forgone or displaced. Because of limited investment in agricultural research and technology, this scenario has a high level of crop area expansion as a result of relatively rapid population growth and slim yield improvements in developing countries. This scenario also results in flat maize prices, declining per capita cereal demand, falling beef prices, and relatively flat meat demand. As a result of the policies in this scenario, the number of malnourished children in developing countries rises between 1997 and 2015, after which there are only modest declines. In the technology and natural resource management failure scenario, yield growth falls even more than under the preceding scenario, forcing farmers to move into marginal producing areas, which causes a more rapid expansion of cereal area into less productive land that does not compensate for the yield shortfalls (and causes environmental degradation). As a result, cereal prices rise substantially through 2030 and then fall off only gradually. Beef and other meat prices, which are affected by the price of feed, follow a similar pattern. Developing-country per capita calorie availability is essentially unchanged over 1997–2050 and remains at a barely adequate average level. Given unequal access to the food that is available, millions of people actually consume less than the minimum. The occurrence of child undernourishment is even higher than under the policy failure scenario in all developing-country regions. Overall, the technology and natural resource management failure scenario results in the worst impact on food security and child malnourishment in the developing world. The progressive policy scenario outlines several of the most crucial positive steps. National governments and the international community must assume a new focus on agricultural growth and rural development, along with increasing their investments in education, social services, and health. Policies to encourage synergistic growth in the nonfarm sectors are also needed to spur broad-based economic growth. Underpinning these strategies and research agendas must be a firm commitment to reducing hunger and improving the welfare of the world's undernourished people." From Authors' Executive SummaryImpact model, Caloric intake, Safety nets,
Supporting Management lnteraction and Composition of Self-Managed Cells
Management in ubiquitous systems cannot rely on human intervention or centralised
decision-making functions because systems are complex and devices
are inherently mobile and cannot refer to centralised management applications
for reconfiguration and adaptation directives. Management must be devolved,
based on local decision-making and feedback control-loops embedded in autonomous
components. Previous work has introduced a Self-Managed Cell (SMC)
as an infrastructure for building ubiquitous applications. An SMC consists
of a set of hardware and software components that implement a policy-driven
feedback control-loop. This allows SMCs to adapt continually to changes in
their environment or in their usage requirements. Typical applications include
body-area networks for healthcare monitoring, and communities of unmanned
autonomous vehicles (UAVs) for surveillance and reconnaissance operations.
Ubiquitous applications are typically formed from multiple interacting autonomous
components, which establish peer-to-peer collaborations, federate and
compose into larger structures. Components must interact to distribute management
tasks and to enforce communication strategies. This thesis presents
an integrated framework which supports the design and the rapid establishment
of policy-based SMC interactions by systematically composing simpler abstractions
as building elements of a more complex collaboration. Policy-based
interactions are realised – subject to an extensible set of security functions –
through the exchanges of interfaces, policies and events, and our framework
was designed to support the specification, instantiation and reuse of patterns of
interaction that prescribe the manner in which these exchanges are achieved.
We have defined a library of patterns that provide reusable abstractions for
the structure, task-allocation and communication aspects of an interaction,
which can be individually combined for building larger policy-based systems in
a methodical manner. We have specified a formal model to ensure the rigorous
verification of SMC interactions before policies are deployed in physical devices.
A prototype has been implemented that demonstrates the practical feasibility
of our framework in constrained resources
Recommended from our members
A dynamic simulation of low-carbon policy influences on endogenous electricity demand in an isolated island system
This paper considers the dynamics of electricity demand in response to changes arising from low-carbon policies and socio-economic developments. As part of an investigation into the evolution of such systems on small economically-developed islands, endogenous electricity demand and associated policies are studied for the Azorean island of São Miguel. A comprehensive System Dynamics (SD) model covering the period 2005 − 2050 is presented which captures both historical behaviours and real-world influences on the endogenous demand dynamics of an island-based electricity system. The impact of tourism, energy efficiency and electric vehicles (EV) expansion allied with associated policy options, are critically evaluated by the SD model using a series of scenarios. The model shows that energy efficiency measures exhibit the most significant long-term impact on electricity demand, while in contrast, policies to increase tourism have a much less direct impact and EV expansion has thought-provoking impacts on the long-term demand, although this is not as influential as energy efficiency measures
XRound : A reversible template language and its application in model-based security analysis
Successful analysis of the models used in Model-Driven Development requires the ability to synthesise the results of analysis and automatically integrate these results with the models themselves. This paper presents a reversible template language called XRound which supports round-trip transformations between models and the logic used to encode system properties. A template processor that supports the language is described, and the use of the template language is illustrated by its application in an analysis workbench, designed to support analysis of security properties of UML and MOF-based models. As a result of using reversible templates, it is possible to seamlessly and automatically integrate the results of a security analysis with a model. (C) 2008 Elsevier B.V. All rights reserved
A JSON Token-Based Authentication and Access Management Schema for Cloud SaaS Applications
Cloud computing is significantly reshaping the computing industry built
around core concepts such as virtualization, processing power, connectivity and
elasticity to store and share IT resources via a broad network. It has emerged
as the key technology that unleashes the potency of Big Data, Internet of
Things, Mobile and Web Applications, and other related technologies, but it
also comes with its challenges - such as governance, security, and privacy.
This paper is focused on the security and privacy challenges of cloud computing
with specific reference to user authentication and access management for cloud
SaaS applications. The suggested model uses a framework that harnesses the
stateless and secure nature of JWT for client authentication and session
management. Furthermore, authorized access to protected cloud SaaS resources
have been efficiently managed. Accordingly, a Policy Match Gate (PMG) component
and a Policy Activity Monitor (PAM) component have been introduced. In
addition, other subcomponents such as a Policy Validation Unit (PVU) and a
Policy Proxy DB (PPDB) have also been established for optimized service
delivery. A theoretical analysis of the proposed model portrays a system that
is secure, lightweight and highly scalable for improved cloud resource security
and management.Comment: 6 Page
- …