474,368 research outputs found

    A Formal Structure of Separation of Duty and Trust in Modelling Delegation Policy

    Get PDF
    There are considerable number of approaches to policy specification both for security management and policy driven network management purposes as reported in [20]. This specification sort security policies into two basic types: authorization and obligation policies. Most of the researches in security policies specification over the years focus on authorization policy modelling. In this paper, we report our approach in the design and Modelling of obligation Policy as delegation in information security by considering separation of duty and trust as pre-requisite conditions for delegation. The formal structures of the Delegation models developed was adapted from the Mathematical structures of Separation of duty (both Static and Dynamic SoD) in RBAC environment as described in [8] and [16]. Three factors of Properties, Experiences and Recommendation as described in [22] were used for the Trust Modelling. Future works proposed include the development of a formal model for revocation after delegation and integration of appropriate authorization policy with the model.Facultad de Informátic

    Security-Driven Model-Based Dynamic Adaptation

    Get PDF
    International audienceSecurity is a key-challenge for software engineering, especially when considering access control and software evolutions. No satisfying solution exists for maintaining the alignment of access control policies with the business logic. Current implementations of access control rely on the separation between the policy and the application code. In practice, this separation is not so strict and some rules are hard-coded within the application, making the evolution of the policy difficult. We propose a new methodology for implementing security-driven applications. From a policy defined by a security expert, we generate an architectural model, reflecting the access control policy. We leverage the advances in the models@runtime domain to keep this model synchronized with the running system. When the policy is updated, the architectural model is updated, which in turn reconfigures the running system. As a proof of concept, we apply the approach to the development of a library management system

    New risks and opportunities for food security: scenario analyses for 2015 and 2050

    Get PDF
    "Given the number of undernourished people in the developing world and the increasingly complex risks to food security, policymakers are faced with an enormous agenda. Freeing people from hunger will require more and better-targeted investments, innovations, and policy actions, driven by a keen understanding of the dynamic risks and forces that shape the factors affecting people's access to food and the links with nutrition. The International Food Policy Research Institute's (IFPRI's) International Model for Policy Analysis of Agricultural Commodities and Trade (IMPACT) provides insight into the management of these risks through appropriate policy actions. By projecting future global food scenarios to 2050, IMPACT explores the potential implications of policy action and inaction in several main risk areas as well as the effects on child malnutrition in the developing world, commodity prices, demand, cereal yields, production, and net trade. In the progressive policy actions scenario, which assumes increased investment in rural development, health, education, and agricultural research and development, developing country governments and the international community are able to dramatically reduce the number of food-insecure people, leading to a worldwide decline in hunger. Under these conditions, Latin America and China are able to virtually eliminate child malnutrition by 2050. Bolstered by the development and dissemination of improved technologies and better infrastructure, crop production and yields increase in developing countries. Notably, the bulk of the growth in production is driven by yield increases rather than by expanding land area. Spurred by growth in the agricultural sector, average incomes in developing countries increase. Rising incomes bolster demand for high-value agricultural products, such as meat, dairy, and fruits and vegetables; global livestock production more than doubles, for example. Average per capita calorie supplies for developing countries exceed 3,400 per day, well in excess of minimum requirements. The policy failure scenario assumes greater political discord and more extensive agricultural protectionism, together with the failure of policies to deal with food emergencies related to conflict. Slow growth and trade restrictions lead to stagnation in average per capita calorie availability, which remains only slightly above minimum requirements until after 2030, when availability increases. In addition, crucial investments in agriculture, rural development, and poverty reduction are forgone or displaced. Because of limited investment in agricultural research and technology, this scenario has a high level of crop area expansion as a result of relatively rapid population growth and slim yield improvements in developing countries. This scenario also results in flat maize prices, declining per capita cereal demand, falling beef prices, and relatively flat meat demand. As a result of the policies in this scenario, the number of malnourished children in developing countries rises between 1997 and 2015, after which there are only modest declines. In the technology and natural resource management failure scenario, yield growth falls even more than under the preceding scenario, forcing farmers to move into marginal producing areas, which causes a more rapid expansion of cereal area into less productive land that does not compensate for the yield shortfalls (and causes environmental degradation). As a result, cereal prices rise substantially through 2030 and then fall off only gradually. Beef and other meat prices, which are affected by the price of feed, follow a similar pattern. Developing-country per capita calorie availability is essentially unchanged over 1997–2050 and remains at a barely adequate average level. Given unequal access to the food that is available, millions of people actually consume less than the minimum. The occurrence of child undernourishment is even higher than under the policy failure scenario in all developing-country regions. Overall, the technology and natural resource management failure scenario results in the worst impact on food security and child malnourishment in the developing world. The progressive policy scenario outlines several of the most crucial positive steps. National governments and the international community must assume a new focus on agricultural growth and rural development, along with increasing their investments in education, social services, and health. Policies to encourage synergistic growth in the nonfarm sectors are also needed to spur broad-based economic growth. Underpinning these strategies and research agendas must be a firm commitment to reducing hunger and improving the welfare of the world's undernourished people." From Authors' Executive SummaryImpact model, Caloric intake, Safety nets,

    Supporting Management lnteraction and Composition of Self-Managed Cells

    No full text
    Management in ubiquitous systems cannot rely on human intervention or centralised decision-making functions because systems are complex and devices are inherently mobile and cannot refer to centralised management applications for reconfiguration and adaptation directives. Management must be devolved, based on local decision-making and feedback control-loops embedded in autonomous components. Previous work has introduced a Self-Managed Cell (SMC) as an infrastructure for building ubiquitous applications. An SMC consists of a set of hardware and software components that implement a policy-driven feedback control-loop. This allows SMCs to adapt continually to changes in their environment or in their usage requirements. Typical applications include body-area networks for healthcare monitoring, and communities of unmanned autonomous vehicles (UAVs) for surveillance and reconnaissance operations. Ubiquitous applications are typically formed from multiple interacting autonomous components, which establish peer-to-peer collaborations, federate and compose into larger structures. Components must interact to distribute management tasks and to enforce communication strategies. This thesis presents an integrated framework which supports the design and the rapid establishment of policy-based SMC interactions by systematically composing simpler abstractions as building elements of a more complex collaboration. Policy-based interactions are realised – subject to an extensible set of security functions – through the exchanges of interfaces, policies and events, and our framework was designed to support the specification, instantiation and reuse of patterns of interaction that prescribe the manner in which these exchanges are achieved. We have defined a library of patterns that provide reusable abstractions for the structure, task-allocation and communication aspects of an interaction, which can be individually combined for building larger policy-based systems in a methodical manner. We have specified a formal model to ensure the rigorous verification of SMC interactions before policies are deployed in physical devices. A prototype has been implemented that demonstrates the practical feasibility of our framework in constrained resources

    XRound : A reversible template language and its application in model-based security analysis

    Get PDF
    Successful analysis of the models used in Model-Driven Development requires the ability to synthesise the results of analysis and automatically integrate these results with the models themselves. This paper presents a reversible template language called XRound which supports round-trip transformations between models and the logic used to encode system properties. A template processor that supports the language is described, and the use of the template language is illustrated by its application in an analysis workbench, designed to support analysis of security properties of UML and MOF-based models. As a result of using reversible templates, it is possible to seamlessly and automatically integrate the results of a security analysis with a model. (C) 2008 Elsevier B.V. All rights reserved

    A JSON Token-Based Authentication and Access Management Schema for Cloud SaaS Applications

    Full text link
    Cloud computing is significantly reshaping the computing industry built around core concepts such as virtualization, processing power, connectivity and elasticity to store and share IT resources via a broad network. It has emerged as the key technology that unleashes the potency of Big Data, Internet of Things, Mobile and Web Applications, and other related technologies, but it also comes with its challenges - such as governance, security, and privacy. This paper is focused on the security and privacy challenges of cloud computing with specific reference to user authentication and access management for cloud SaaS applications. The suggested model uses a framework that harnesses the stateless and secure nature of JWT for client authentication and session management. Furthermore, authorized access to protected cloud SaaS resources have been efficiently managed. Accordingly, a Policy Match Gate (PMG) component and a Policy Activity Monitor (PAM) component have been introduced. In addition, other subcomponents such as a Policy Validation Unit (PVU) and a Policy Proxy DB (PPDB) have also been established for optimized service delivery. A theoretical analysis of the proposed model portrays a system that is secure, lightweight and highly scalable for improved cloud resource security and management.Comment: 6 Page
    corecore