An automated model-based test oracle for access control systems

In the context of XACML-based access control systems, an intensive testing activity is among the most adopted means to assure that sensible information or resources are correctly accessed. Unfortunately, it requires a huge effort for manual inspection of results: thus automated verdict derivation is a key aspect for improving the cost-effectiveness of testing. To this purpose, we introduce XACMET, a novel approach for automated model-based oracle definition. XACMET defines a typed graph, called the XAC-Graph, that models the XACML policy evaluation. The expected verdict of a specific request execution can thus be automatically derived by executing the corresponding path in such graph. Our validation of the XACMET prototype implementation confirms the effectiveness of the proposed approach.Comment: 7 page

Desempenho térmico de telhas de fibrocimento reforçadas com polpa de sisal para construções rurais

Roofing provides the main protection against direct solar radiation in animal housing. Appropriate thermal properties of roofing materials tend to improve the thermal comfort in the inner ambient. Nonasbestos fiber-cement roofing components reinforced with cellulose pulp from sisal (Agave sisalana) were produced by slurry and dewatering techniques, with an optional addition of polypropylene fibers. Nonasbestos tiles were evaluated and compared with commercially available asbestos-cement sheets and ceramic tiles (frequently chosen as roofing materials for animal housing). Thermal conductivity and thermal diffusivity of tiles were determined by the parallel hot-wire method, along with the evaluation of the downside surface temperature. Cement-based components reinforced with sisal pulp presented better thermal performance at room temperature (25ºC), while those reinforced with sisal pulp added by polypropylene fibers presented better thermal performance at 60ºC. Non-asbestos cement tiles provided more efficient protection against radiation than asbestos corrugated sheets.O telhado fornece a principal proteção contra a radiação solar direta em galpões para animais. Propriedades térmicas apropriadas dos materiais contribuem para o melhor conforto térmico no interior das construções. Telhas sem amianto reforçadas com polpa de celulose de sisal (Agave sisalana) e com adição opcional de fibras de polipropileno foram produzidas pela técnica de mistura e sucção do excesso de água. Telhas corrugadas de cimento amianto, telhas cerâmicas e telhas à base de cimento reforçadas com polpa de celulose (com ou sem adição de fibras sintéticas) foram comparadas quanto às suas propriedades térmicas. A condutividade térmica e a difusividade térmica foram determinadas pelo método do fio quente paralelo, assim como a temperatura da superfície inferior das telhas foi avaliada em diferentes períodos. Telhas de cimento reforçados com polpa de sisal apresentaram as melhores propriedades térmicas em temperatura ambiente (25ºC), enquanto aquelas reforçadas com polpa de sisal associada a fibras de polipropileno apresentaram melhor desempenho térmico a 60ºC. As telhas sem amianto forneceram proteção mais eficiente contra a radiação térmica do que as telhas corrugadas de amianto.FinepCNPqCoordenacao de Aperfeicoamento de Pessoal de Nivel Superior (CAPES)Fapes

Thermal performance of sisal fiber-cement roofing tiles for rural constructions

O telhado fornece a principal proteção contra a radiação solar direta em galpões para animais. Propriedades térmicas apropriadas dos materiais contribuem para o melhor conforto térmico no interior das construções. Telhas sem amianto reforçadas com polpa de celulose de sisal (Agave sisalana) e com adição opcional de fibras de polipropileno foram produzidas pela técnica de mistura e sucção do excesso de água. Telhas corrugadas de cimento amianto, telhas cerâmicas e telhas à base de cimento reforçadas com polpa de celulose (com ou sem adição de fibras sintéticas) foram comparadas quanto às suas propriedades térmicas. A condutividade térmica e a difusividade térmica foram determinadas pelo método do fio quente paralelo, assim como a temperatura da superfície inferior das telhas foi avaliada em diferentes períodos. Telhas de cimento reforçados com polpa de sisal apresentaram as melhores propriedades térmicas em temperatura ambiente (25ºC), enquanto aquelas reforçadas com polpa de sisal associada a fibras de polipropileno apresentaram melhor desempenho térmico a 60ºC. As telhas sem amianto forneceram proteção mais eficiente contra a radiação térmica do que as telhas corrugadas de amianto.Roofing provides the main protection against direct solar radiation in animal housing. Appropriate thermal properties of roofing materials tend to improve the thermal comfort in the inner ambient. Nonasbestos fiber-cement roofing components reinforced with cellulose pulp from sisal (Agave sisalana) were produced by slurry and dewatering techniques, with an optional addition of polypropylene fibers. Nonasbestos tiles were evaluated and compared with commercially available asbestos-cement sheets and ceramic tiles (frequently chosen as roofing materials for animal housing). Thermal conductivity and thermal diffusivity of tiles were determined by the parallel hot-wire method, along with the evaluation of the downside surface temperature. Cement-based components reinforced with sisal pulp presented better thermal performance at room temperature (25ºC), while those reinforced with sisal pulp added by polypropylene fibers presented better thermal performance at 60ºC. Non-asbestos cement tiles provided more efficient protection against radiation than asbestos corrugated sheets

Access and Usage Control in Grid

Grid is a computational environment where heterogeneous resources are virtualized and outsourced to multiple users across the Internet. The increasing popularity of the resources visualization is explained by the emerging suitability of such technology for automated execution of heavy parts of business and research processes. Efficient and flexible framework for the access and usage control over Grid resources is a prominent challenge. The primary objective of this thesis is to design the novel access and usage control model providing the fine-grained and continuous control over computational Grid resources. The approach takes into account peculiarities of Grid: service-oriented architecture, long-lived interactions, heterogeneity and distribution of resources, openness and high dynamics. We tackle the access and usage control problem in Grid by Usage CONtrol (UCON) model, which presents the continuity of control and mutability of authorization information used to make access decisions. Authorization information is formed by attributes of the resource requestor, the resource provider and the environment where the system operates. Our access and usage control model is considered on three levels of abstraction: policy, enforcement and implementation. The policy level introduces security policies designed to specify the desired granularity of control: coarse-grained policies that manages access and usage of Grid services, and fine-grained policies that monitor the usage of underlying resources allocated for a particular Grid service instance. We introduce U-XACML and exploit POLPA policy languages to specify and formalize security policies. Next, the policy level presents attribute management models. Trust negotiations are applied to collect a set of attributes needed to produce access decisions. In case of mutable attributes, a risk-aware access and usage control model is given to approximate the continuous control and timely acquisition of fresh attribute values. The enforcement level presents the architecture of the state-full reference monitor designed to enforce security policies on coarse- and fine-grained levels of control. The implementation level presents a proof-of-concept realization of our access and usage control model in Globus Toolkit, the most widely used middleware to setup computational Grids

On Usage Control for Data Grids: Models, Architectures, and Specifications

This thesis reasons on usage control in Data Grids, by presenting models, architectures and specifications. This work is a step toward a continuous monitoring and control of the data access and usage in a Data Grid. First, the thesis presents a background on Grids, security, and security for Grids, by making an abstraction to the current Grid implementations. We argue that usage control in Data Grids should be considered as a process composed by two black boxes. We analysed the requirements for Grid security, and propose a distributed usage control model suitable for Grids and distributed systems alike. Then, we apply such model to a Data Grid abstraction, and present a usage control architecture for Data Grids that uses the functional components of the currents Grids. We also present an abstract specification for an enforcing mechanism for usage control policies. To do so, we use a formal requirement engineering methodology with a bottom-up approach, that proves that the specification is sound and complete. With the methodology, we show formally that such abstract specification can enforce all the different typologies of usage control policies. Finally, we consider how existing prototypes can fit in the proposed architecture, and the advantages derived from using Semantic Grid techologies for the specification of policies subjects and objects

A high performance UCON and semantic-based authorization framework for grid computing

Authorization infrastructures are an important and integral part of grid computing which facilitate access control functions to protect resources.This paper presents an authorization framework that combines the usage control (UCON) model with semantic web technology.To our knowledge, an authorization framework that combines both the UCON and semantic web technology in one framework has not yet been previously proposed.As the UCON model combines traditional access control, trust management and digital rights management in a grid authorization infrastructure, its adoption enhances the capability of the authorization. However, UCON-based authorization presents a problem in controlling the policy granularity and minimizing the authorization overhead due to complexity in the policies inherited from the UCON model.The growing number of users and resources in the grid makes this problem even worse.We use the semantic web technology to provide a way to automatically manage the rules in the policies, hence keeping the granularity under control. To minimize the authorization overhead, a new mechanism to reduce the number of policy checks is proposed in this paper. Our simulation result shows that the proposed mechanism provides a 63% reduction in rule checking compared to previous methods

On Usage Control for GRID Systems

This paper introduces a formal model, an architecture and a prototype implementation for usage control on GRID systems. The usage control model (UCON) is a new access control paradigm proposed by Park and Sandhu that encompasses and extends several existing models (e.g. MAC, DAC, Bell-Lapadula, RBAC, etc). Its main novelty is based on continuity of the access monitoring and mutability of attributes of subjects and objects. We identified this model as a perfect candidate for managing access/usage control in GRID systems due to their peculiarities, where continuity of control is a central issue. Here we adapt the original UCON model to develop a full model for usage control in GRID systems. We use as policy specification language a process description language and show how this is suitable to model the usage policy models of the original UCON model. We also describe a possible architecture to implement the usage control model. Moreover, we describe a prototype implementation for usage control of GRID computational services, and we show how our language can be used to define a security policy that regulates the usage of network communications to protect the local computational service from the applications that are executed on behalf of remote GRID users