The Role of Synthesis Constraints in Role Modeling

To reuse existing specifications and increase the speed of development, modern development methods widely use design patterns and collaborations. Both, design patterns and collaborations, use the concept of role as a basic modeling concept. To specify models where one object may play several roles, a synthesis operation (the composition of two base roles in a third role) has to be specified. All role-based approaches have difficulties specifying role synthesis. As a consequence, synthesis is never specified without the description of the actual implementation of the synthesis. To specify synthesis at a higher level of abstraction, independent of implementation, requires the proper understanding of relationships between roles, when they are put together in one common context. In this paper we define the concept of synthesis constraints that shows relations between roles. We show how synthesis constraints can be used to specify the role synthesis operation. Using synthesis constraints allows a designer to make explicit his decisions about how the synthesis is done in an abstract and implementation independent way. Specifying synthesis with synthesis constraints is a powerful technique that can be used in many different domains, especially in business engineering. The use of roles allows a developer to specify separately certain concerns of a business system. This enables the discovery of new business models for a business system by means of different disassembling and assembling of roles

RBAC Attack Exposure Auditor. Tracking User Risk Exposure per Role-Based Access Control Permissions

Access control models and implementation guidelines for determining, provisioning, and de-provisioning user permissions are challenging due to the differing approaches, unique for each organization, the lack of information provided by case studies concerning the organization’s security policies, and no standard means of implementation procedures or best practices. Although there are multiple access control models, one stands out, role-based access control (RBAC). RBAC simplifies maintenance by enabling administrators to group users with similar permissions. This approach to managing user permissions supports the principle of least privilege and separation of duties, which are needed to ensure an organization maintains acceptable user access security requirements. However, if not properly maintained, RBAC produces the problem of role explosion. What happens when security administrations cannot maintain the increasing number of roles and their assigned permissions provisioned to the organization users? This paper attempts to solve this problem by implementing a scalable RBAC system and assigning each permission a risk value score determined by the severity of risk it would expose the organization to if someone had unauthorized access to that permission. Using RBAC’s role and permission design, each user will be assigned a risk value score determined by the summation of their roles’ risk based on permission values. This method allows security administrators to view the users and roles with the highest level of risk, therefore prioritizing the highest risk users and roles when maintaining user roles and permissions

On-Demand Composition of Smart Service Systems in Decentralized Environments

The increasing number of smart systems inevitably leads to a huge number of systems that potentially provide independently designed, autonomously operating services. In near-future smart computing systems, such as smart cities, smart grids or smart mobility, independently developed and heterogeneous services need to be dynamically interconnected in order to develop their full potential in a rather complex collaboration with others. Since the services are developed independently, it is challenging to integrate them on-the-fly at run time. Due to the increasing degree of distribution, such systems operate in a decentralized and volatile environment, where central management is infeasible. Conversely, the increasing computational power of such systems also supersedes the need for central management. The four identified key problems of adaptable, collaborative Smart Service Systems are on-demand composition of complex service structures in decentralized environments, the absence of a comprehensive, serendipity-aware specification, a discontinuity from design-time specification to run-time execution, and the lack of a development methodology that separates the development of a service from that of its role essential to a collaboration. This approach utilizes role-based models, which have a collaborative nature, for automated, on-demand service composition. A rigorous two-phase development methodology is proposed in order to demarcate the development of the services from that of their role essential to a collaboration. Therein, a collaboration designer specifies the collaboration including its abstract functionality using the proposed role-based collaboration specification for Smart Service Systems. Thereof, a partial implementation is derived, which is complemented by services developed in the second phase. The proposed middleware architecture provides run-time support and bridges the gap between design and run time. It implements a protocol for coordinated, role-based composition and adaptation of Smart Service Systems. The approach is quantitatively and qualitatively evaluated by means of a case study and a performance evaluation in order to identify limitations of complex service structures and the trade-off of employing the concept of roles for composition and adaptation of Smart Service Systems.:1 Introduction 1.1 Motivation 1.2 Terminology 1.3 Problem Statement 1.4 Requirements Analysis 1.5 Research Questions and Hypothesis 1.6 Focus and Limitations 1.7 Outline 2 The Role Concept in Computer Science 2.1 What is a Role in Computer Science? 2.2 Roles in RoleDiSCo 3 State of the Art & Related Work 3.1 Role-based Modeling Abstractions for Software Systems 3.1.1 Classification 3.1.2 Approaches 3.1.3 Summary 3.2 Role-based Run-Time Systems 3.2.1 Classification 3.2.2 Approaches 3.2.3 Summary 3.3 Spontaneously Collaborating Run-Time Systems 3.3.1 Classification 3.3.2 Approaches 3.3.3 Summary 3.4 Summary 4 On-Demand Composition and Adaptation of Smart Service Systems 4.1 RoleDiSCo Development Methodology 4.1.1 Role-based Collaboration Specification for Smart Service Systems 4.1.2 Derived Partial Implementation 4.1.3 Player & Context Provision 4.2 RoleDiSCo Middleware Architecture for Smart Service Systems 4.2.1 Infrastructure Abstraction Layer 4.2.2 Context Management 4.2.3 Local Repositories & Knowledge 4.2.4 Discovery 4.2.5 Dispatcher 4.3 Coordinated Composition and Subsequent Adaptation 4.3.1 Initialization and Planning 4.3.2 Composition: Coordinating Subsystem 4.3.3 Composition: Non-Coordinating Subsystem 4.3.4 Competing Collaborations & Negotiation 4.3.5 Subsequent Adaptation 4.3.6 Terminating a Pervasive Collaboration 4.4 Summary 5 Implementing RoleDiSCo 5.1 RoleDiSCo Development Support 5.2 RoleDiSCo Middleware 5.2.1 Infrastructure Abstraction Layer 5.2.2 Knowledge Repositories and Local Class Discovery 5.2.3 Planner 6 Evaluation 6.1 Case Study: Distributed Slideshow 6.1.1 Scenario 6.1.2 Phase 1: Collaboration Design 6.1.3 Phase 2: Player Complementation 6.1.4 Coordinated Composition and Adaptation at Run Time 6.2 Runtime Evaluation 6.2.1 General Testbed Setup and Scenarios 6.2.2 Discovery Time 6.2.3 Composition Time 6.2.4 Discussion 6.3 The ›Role‹ of Roles 6.4 Summary 7 Conclusion 7.1 Summary 7.2 Research Results 7.3 Future Wor

‘Maybe we can turn the tide’ : an explanatory mixed-methods study to understand how knowledge brokers mobilise health evidence in low- and middle-income countries

Background: Little is known about how knowledge brokers (KBs) operate in low- and middle-income countries (LMICs) to translate evidence for health policy and practice. These intermediaries facilitate relationships between evidence producers and users to address public health issues. Aims and objectives: To increase understanding, a mixed-methods study collected data from KBs who had acted on evidence from the 2015 Global Maternal Newborn Health Conference in Mexico. Methods: Of the 1000 in-person participants, 252 plus 72 online participants (n=324) from 56 countries completed an online survey, and 20 participants from 15 countries were interviewed. Thematic analysis and application of knowledge translation (KT) theory explored factors influencing KB actions leading to evidence uptake. Descriptive statistics of respondent characteristics were used for cross-case comparison. Findings: Results suggest factors supporting the KB role in evidence uptake, which include active relationships with evidence users through embedded KB roles, targeted and tailored evidence communication to fit the context, user receptiveness to evidence from a similar country setting, adaptability in the KB role, and action orientation of KBs. Discussion and conclusions: Initiatives to increase evidence uptake in LMICs should work to establish supportive structures for embedded KT, identify processes for ongoing cross-country learning, and strengthen KBs already showing effectiveness in their roles

Model-driven design, simulation and implementation of service compositions in COSMO

The success of software development projects to a large extent depends on the quality of the models that are produced in the development process, which in turn depends on the conceptual and practical support that is available for modelling, design and analysis. This paper focuses on model-driven support for service-oriented software development. In particular, it addresses how services and compositions of services can be designed, simulated and implemented. The support presented is part of a larger framework, called COSMO (COnceptual Service MOdelling). Whereas in previous work we reported on the conceptual support provided by COSMO, in this paper we proceed with a discussion of the practical support that has been developed. We show how reference models (model types) and guidelines (design steps) can be iteratively applied to design service compositions at a platform independent level and discuss what tool support is available for the design and analysis during this phase. Next, we present some techniques to transform a platform independent service composition model to an implementation in terms of BPEL and WSDL. We use the mediation scenario of the SWS challenge (concerning the establishment of a purchase order between two companies) to illustrate our application of the COSMO framework

Identity and Access Management System: a Web-Based Approach for an Enterprise

Managing digital identities and access control for enterprise users and applications remains one of the greatest challenges facing computing today. An attempt to address this issue led to the proposed security paradigm called Identity and Access Management (IAM) service based on IAM standards. Current approaches such as Lightweight Directory Access Protocol (LDAP), Central Authentication Service (CAS) and Security Assertion Markup Language (SAML) lack comprehensive analysis from conception to physical implementation to incorporate these solutions thereby resulting in impractical and fractured solutions. In this paper, we have implemented Identity and Access Management System (IAMSys) using the Lightweight Directory Access Protocol (LDAP) which focuses on authentication, authorization, administration of identities and audit reporting. Its primary concern is verification of the identity of the entity and granting correct level of access for resources which are protected in either the cloud environment or on-premise systems. A phased approach methodology was used in the research where it requires any enterprise or organization willing to adopt this must carry out a careful planning and demonstrated a good understanding of the technologies involved. The results of the experimental evaluation indicated that the average rating score is 72.0 % for the participants involved in this study. This implies that the idea of IAMSys is a way to mitigating security challenges associated with authentication, authorization, data protection and accountability if properly deployed

Towards Model-Driven Development of Access Control Policies for Web Applications

We introduce a UML-based notation for graphically modeling systems’ security aspects in a simple and intuitive way and a model-driven process that transforms graphical specifications of access control policies in XACML. These XACML policies are then translated in FACPL, a policy language with a formal semantics, and the resulting policies are evaluated by means of a Java-based software tool