Security Provisioning in Cloud Environments using Dynamic Expiration Enabled Role based Access Control Model

In cloud environment the role based access control (RBAC) system model has come up with certain promising facilities for security communities. This system has established itself as highly robust, powerful and generalized framework for providing access control for security management. There are numerous practical applications and circumstances where the users might be prohibited to consider respective roles only at certain defined time periods. Additionally, these roles can be invoked only on after pre-defined time intervals which depend on the permission of certain action or event. In order to incarcerate this kind of dynamic aspects of a role, numerous models like temporal RBAC (TRBAC) was proposed, then while this approach could not deliver anything else except the constraints of role enabling. Here in this paper, we have proposed robust and an optimum scheme called Dynamic expiration enabled role based access control (DEERBAC) model which is efficient for expressing a broad range of temporal constraints. Specifically, in this approach we permit the expressions periodically as well as at certain defined time constraints on roles, user-role assignments as well as assignment of role-permission. According to DEERBAC model, in certain time duration the roles can be further restricted as a consequence of numerous activation constraints and highest possible active duration constraints. The dominant contributions of DEERBAC model can the extension and optimization in the existing TRBAC framework and its event and triggering expressions. The predominant uniqueness of this model is that this system inherits the expression of role hierarchies and Separation of Duty (SoD) constraints that specifies the fine-grained temporal semantics. The results obtained illustrates that the DEERBAC system provides optimum solution for efficient user-creation, role assignment and security management framework in cloud environment with higher user count and the simultaneous rolepermission,

Dynamic deployment of context-aware access control policies for constrained security devices

Securing the access to a server, guaranteeing a certain level of protection over an encrypted communication channel, executing particular counter measures when attacks are detected are examples of security requirements. Such requirements are identi ed based on organizational purposes and expectations in terms of resource access and availability and also on system vulnerabilities and threats. All these requirements belong to the so-called security policy. Deploying the policy means enforcing, i.e., con guring, those security components and mechanisms so that the system behavior be nally the one speci ed by the policy. The deployment issue becomes more di cult as the growing organizational requirements and expectations generally leave behind the integration of new security functionalities in the information system: the information system will not always embed the necessary security functionalities for the proper deployment of contextual security requirements. To overcome this issue, our solution is based on a central entity approach which takes in charge unmanaged contextual requirements and dynamically redeploys the policy when context changes are detected by this central entity. We also present an improvement over the OrBAC (Organization-Based Access Control) model. Up to now, a controller based on a contextual OrBAC policy is passive, in the sense that it assumes policy evaluation triggered by access requests. Therefore, it does not allow reasoning about policy state evolution when actions occur. The modi cations introduced by our work overcome this limitation and provide a proactive version of the model by integrating concepts from action speci cation languages

Hierarchical Role-Based Access Control with Homomorphic Encryption for Database as a Service

Database as a service provides services for accessing and managing customers data which provides ease of access, and the cost is less for these services. There is a possibility that the DBaaS service provider may not be trusted, and data may be stored on untrusted server. The access control mechanism can restrict users from unauthorized access, but in cloud environment access control policies are more flexible. However, an attacker can gather sensitive information for a malicious purpose by abusing the privileges as another user and so database security is compromised. The other problems associated with the DBaaS are to manage role hierarchy and secure session management for query transaction in the database. In this paper, a role-based access control for the multitenant database with role hierarchy is proposed. The query is granted with least access privileges, and a session key is used for session management. The proposed work protects data from privilege escalation and SQL injection. It uses the partial homomorphic encryption (Paillier Encryption) for the encrypting the sensitive data. If a query is to perform any operation on sensitive data, then extra permissions are required for accessing sensitive data. Data confidentiality and integrity are achieved using the role-based access control with partial homomorphic encryption.Comment: 11 Pages,4 figures, Proceedings of International Conference on ICT for Sustainable Developmen

ESPOONERBAC_{{ERBAC}}: Enforcing Security Policies In Outsourced Environments

Data outsourcing is a growing business model offering services to individuals and enterprises for processing and storing a huge amount of data. It is not only economical but also promises higher availability, scalability, and more effective quality of service than in-house solutions. Despite all its benefits, data outsourcing raises serious security concerns for preserving data confidentiality. There are solutions for preserving confidentiality of data while supporting search on the data stored in outsourced environments. However, such solutions do not support access policies to regulate access to a particular subset of the stored data. For complex user management, large enterprises employ Role-Based Access Controls (RBAC) models for making access decisions based on the role in which a user is active in. However, RBAC models cannot be deployed in outsourced environments as they rely on trusted infrastructure in order to regulate access to the data. The deployment of RBAC models may reveal private information about sensitive data they aim to protect. In this paper, we aim at filling this gap by proposing \textbf{$\mathit{ESPOON_{ERBAC}}$} for enforcing RBAC policies in outsourced environments. $\mathit{ESPOON_{ERBAC}}$ enforces RBAC policies in an encrypted manner where a curious service provider may learn a very limited information about RBAC policies. We have implemented $\mathit{ESPOON_{ERBAC}}$ and provided its performance evaluation showing a limited overhead, thus confirming viability of our approach.Comment: The final version of this paper has been accepted for publication in Elsevier Computers & Security 2013. arXiv admin note: text overlap with arXiv:1306.482

The Role of Transportation in Campus Emergency Planning, MTI Report 08-06

In 2005, Hurricane Katrina created the greatest natural disaster in American history. The states of Louisiana, Mississippi and Alabama sustained significant damage, including 31 colleges and universities. Other institutions of higher education, most notably Louisiana State University (LSU), became resources to the disaster area. This is just one of the many examples of disaster impacts on institutions of higher education. The Federal Department of Homeland Security, under Homeland Security Presidential Directive–5, requires all public agencies that want to receive federal preparedness assistance to comply with the National Incident Management System (NIMS), which includes the creation of an Emergency Operations Plan (EOP). Universities, which may be victims or resources during disasters, must write NIMS–compliant emergency plans. While most university emergency plans address public safety and logistics management, few adequately address the transportation aspects of disaster response and recovery. This MTI report describes the value of integrating transportation infrastructure into the campus emergency plan, including planning for helicopter operations. It offers a list of materials that can be used to educate and inform campus leadership on campus emergency impacts, including books about the Katrina response by LSU and Tulane Hospital, contained in the report´s bibliography. It provides a complete set of Emergency Operations Plan checklists and organization charts updated to acknowledge lessons learned from Katrina, 9/11 and other wide–scale emergencies. Campus emergency planners can quickly update their existing emergency management documents by integrating selected annexes and elements, or create new NIMS–compliant plans by adapting the complete set of annexes to their university´s structures

Jefferson Digital Commons quarterly report: April-June 2019

This quarterly report includes: Articles CREATE Day Presentations Dissertations From the Archives Grand Rounds and Lectures House Staff Quality Improvement and Patient Safety Posters JCIPE Student Hotspotting Posters Journals and Newsletters MPH Capstone Presentations Posters Sigma Xi Research Day What People are Saying About the Jefferson Digital Common

Validation of the Patient Activation Measure in a Multiple Sclerosis Clinic Sample and Implications for Care

Purpose. Patient engagement in multiple sclerosis (MS) care can be challenging at times given the unpredictable disease course, wide range of symptoms, variable therapeutic response to treatment and high rates of patient depression. Patient activation, a model for conceptualising patients’ involvement in their health care, has been found useful for discerning patient differences in chronic illness management. The purpose of this study was to validate the patient activation measure (PAM-13) in an MS clinic sample. Methods. This was a survey study of 199 MS clinic patients. Participants completed the PAM-13 along with measures of MS medication adherence, self-efficacy, depression and quality of life. Results. Results from Rasch and correlation analyses indicate that the PAM-13 is reliable and valid for the MS population. Activation was associated with MS self-efficacy, depression and quality of life but not with self-reported medication adherence. Also, participants with relapse-remitting MS, current employment, or high levels of education were more activated than other subgroups. Conclusions. The PAM-13 is a useful tool for understanding health behaviours in MS. The findings of this study support further clinical consideration and investigation into developing interventions to increase patient activation and improve health outcomes in MS