Common Representation of Information Flows for Dynamic Coalitions

We propose a formal foundation for reasoning about access control policies within a Dynamic Coalition, defining an abstraction over existing access control models and providing mechanisms for translation of those models into information-flow domain. The abstracted information-flow domain model, called a Common Representation, can then be used for defining a way to control the evolution of Dynamic Coalitions with respect to information flow

Closing the loop of SIEM analysis to Secure Critical Infrastructures

Critical Infrastructure Protection is one of the main challenges of last years. Security Information and Event Management (SIEM) systems are widely used for coping with this challenge. However, they currently present several limitations that have to be overcome. In this paper we propose an enhanced SIEM system in which we have introduced novel components to i) enable multiple layer data analysis; ii) resolve conflicts among security policies, and discover unauthorized data paths in such a way to be able to reconfigure network devices. Furthermore, the system is enriched by a Resilient Event Storage that ensures integrity and unforgeability of events stored.Comment: EDCC-2014, BIG4CIP-2014, Security Information and Event Management, Decision Support System, Hydroelectric Da

A User-Focused Reference Model for Wireless Systems Beyond 3G

This whitepaper describes a proposal from Working Group 1, the Human Perspective of the Wireless World, for a user-focused reference model for systems beyond 3G. The general structure of the proposed model involves two "planes": the Value Plane and the Capability Plane. The characteristics of these planes are discussed in detail and an example application of the model to a specific scenario for the wireless world is provided

On Properties of Policy-Based Specifications

The advent of large-scale, complex computing systems has dramatically increased the difficulties of securing accesses to systems' resources. To ensure confidentiality and integrity, the exploitation of access control mechanisms has thus become a crucial issue in the design of modern computing systems. Among the different access control approaches proposed in the last decades, the policy-based one permits to capture, by resorting to the concept of attribute, all systems' security-relevant information and to be, at the same time, sufficiently flexible and expressive to represent the other approaches. In this paper, we move a step further to understand the effectiveness of policy-based specifications by studying how they permit to enforce traditional security properties. To support system designers in developing and maintaining policy-based specifications, we formalise also some relevant properties regarding the structure of policies. By means of a case study from the banking domain, we present real instances of such properties and outline an approach towards their automatised verification.Comment: In Proceedings WWV 2015, arXiv:1508.0338

Practitioners' views about equity within prenatal services

The British National Health Service (NHS) is based on principles of equal access, treatment and outcomes. This article reviews health professionals' aims to provide equitable prenatal services and their views on whether women could be equal in their access to services, understanding during choice-making, and satisfaction about their care. Inequalities which compromise equity, conflicting meanings of equity, and the contribution of in-hospital ethics seminars to ethical health services are considered. Qualitative research, combining sociological and philosophical methods, investigated the experiences of health care staff attempting to provide equitable services and their practical and ethical problems. A total of 70 staff at a teaching hospital and a district general hospital took part in semi-structured interviews, followed by 11 innovative in-hospital ethics seminars based on themes derived from the interviews. The 56 seminar participants usually began with clear statements of their equitable aims, but, encouraged by the health care ethicist, they went on to discuss their many concerns about obstacles which complicated the achievement of these aims. The sociological-ethics seminars provided unique opportunities for multi-disciplinary discussion of these inequalities and their impact on equitable intentions in health care. Analysis of the contradictions revealed during the seminars is guided by sociological theories that seek to explain the persistence of inequalities in health, and how NHS policies appear to perpetuate and increase them, despite practitioners' stated intentions to promote equality