215,168 research outputs found
InviCloak: An End-to-End Approach to Privacy and Performance in Web Content Distribution
In today's web ecosystem, a website that uses a Content Delivery Network
(CDN) shares its Transport Layer Security (TLS) private key or session key with
the CDN. In this paper, we present the design and implementation of InviCloak,
a system that protects the confidentiality and integrity of a user and a
website's private communications without changing TLS or upgrading a CDN.
InviCloak builds a lightweight but secure and practical key distribution
mechanism using the existing DNS infrastructure to distribute a new public key
associated with a website's domain name. A web client and a website can use the
new key pair to build an encryption channel inside TLS. InviCloak accommodates
the current web ecosystem. A website can deploy InviCloak unilaterally without
a client's involvement to prevent a passive attacker inside a CDN from
eavesdropping on their communications. If a client also installs InviCloak's
browser extension, the client and the website can achieve end-to-end
confidential and untampered communications in the presence of an active
attacker inside a CDN. Our evaluation shows that InviCloak increases the median
page load times (PLTs) of realistic web pages from 2.0s to 2.1s, which is
smaller than the median PLTs (2.8s) of a state-of-the-art TEE-based solution
PDFS: Practical Data Feed Service for Smart Contracts
Smart contracts are a new paradigm that emerged with the rise of the
blockchain technology. They allow untrusting parties to arrange agreements.
These agreements are encoded as a programming language code and deployed on a
blockchain platform, where all participants execute them and maintain their
state. Smart contracts are promising since they are automated and
decentralized, thus limiting the involvement of third trusted parties, and can
contain monetary transfers. Due to these features, many people believe that
smart contracts will revolutionize the way we think of distributed
applications, information sharing, financial services, and infrastructures.
To release the potential of smart contracts, it is necessary to connect the
contracts with the outside world, such that they can understand and use
information from other infrastructures. For instance, smart contracts would
greatly benefit when they have access to web content. However, there are many
challenges associated with realizing such a system, and despite the existence
of many proposals, no solution is secure, provides easily-parsable data,
introduces small overheads, and is easy to deploy.
In this paper we propose PDFS, a practical system for data feeds that
combines the advantages of the previous schemes and introduces new
functionalities. PDFS extends content providers by including new features for
data transparency and consistency validations. This combination provides
multiple benefits like content which is easy to parse and efficient
authenticity verification without breaking natural trust chains. PDFS keeps
content providers auditable, mitigates their malicious activities (like data
modification or censorship), and allows them to create a new business model. We
show how PDFS is integrated with existing web services, report on a PDFS
implementation and present results from conducted case studies and experiments.Comment: Blockchain; Smart Contracts; Data Authentication; Ethereu
Academic Integrity Resources - links and guides
an online tutorial, a pdf version, a powerpoint presentation, links to regulations
Utilizing RxNorm to Support Practical Computing Applications: Capturing Medication History in Live Electronic Health Records
RxNorm was utilized as the basis for direct-capture of medication history
data in a live EHR system deployed in a large, multi-state outpatient
behavioral healthcare provider in the United States serving over 75,000
distinct patients each year across 130 clinical locations. This tool
incorporated auto-complete search functionality for medications and proper
dosage identification assistance. The overarching goal was to understand if and
how standardized terminologies like RxNorm can be used to support practical
computing applications in live EHR systems. We describe the stages of
implementation, approaches used to adapt RxNorm's data structure for the
intended EHR application, and the challenges faced. We evaluate the
implementation using a four-factor framework addressing flexibility, speed,
data integrity, and medication coverage. RxNorm proved to be functional for the
intended application, given appropriate adaptations to address high-speed
input/output (I/O) requirements of a live EHR and the flexibility required for
data entry in multiple potential clinical scenarios. Future research around
search optimization for medication entry, user profiling, and linking RxNorm to
drug classification schemes holds great potential for improving the user
experience and utility of medication data in EHRs.Comment: Appendix (including SQL/DDL Code) available by author request.
Keywords: RxNorm; Electronic Health Record; Medication History;
Interoperability; Unified Medical Language System; Search Optimizatio
SafeWeb: A Middleware for Securing Ruby-Based Web Applications
Web applications in many domains such as healthcare and finance must process sensitive data, while complying with legal policies regarding the release of different classes of data to different parties. Currently, software bugs may lead to irreversible disclosure of confidential data in multi-tier web applications. An open challenge is how developers can guarantee these web applications only ever release sensitive data to authorised users without costly, recurring security audits.
Our solution is to provide a trusted middleware that acts as a “safety net” to event-based enterprise web applications by preventing harmful data disclosure before it happens. We describe the design and implementation of SafeWeb, a Ruby-based middleware that associates data with security labels and transparently tracks their propagation at different granularities across a multi-tier web architecture with storage and complex event processing. For efficiency, maintainability and ease-of-use, SafeWeb exploits the dynamic features of the Ruby programming language to achieve label propagation and data flow enforcement. We evaluate SafeWeb by reporting our experience of implementing a web-based cancer treatment application and deploying it as part of the UK National Health Service (NHS)
Web development evolution: the assimilation of web engineering security
In today’s e-commerce environment, information is an incredibly valuable asset. Surveys indicate that companies are suffering staggering financial losses due to web security issues. Analyzing the underlying causes of these security breaches shows that a significant proportion of them are caused by straightforward design errors in systems and not by failures in security mechanisms. There is significant research into security mechanisms but there is little research into the integration of these into software design processes, even those processes specifically designed for Web Engineering. Security should be designed into the application development process upfront through an independent flexible methodology that contains customizable components
Web development evolution: the assimilation of web engineering security
In today’s e-commerce environment, information is an incredibly valuable asset. Surveys indicate that companies are suffering staggering financial losses due to web security issues. Analyzing the underlying causes of these security breaches shows that a significant proportion of them are caused by straightforward design errors in systems and not by failures in security mechanisms. There is significant research into security mechanisms but there is little research into the integration of these into software design processes, even those processes specifically designed for Web Engineering. Security should be designed into the application development process upfront through an independent flexible methodology that contains customizable components
Reinvigorating Journalism Education: A Review of News21, 2005-2011
Examines the impact on students and direction of the Carnegie-Knight Initiative for the Future of Journalism Education's fellowship program for investigative reporting projects. Includes industry leaders' views on journalism schools and recommendations
- …