Service Level Agreement-based GDPR Compliance and Security assurance in (multi)Cloud-based systems

Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679) and security assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security mechanisms definition, enforcement and control, including evidence collection. This paper presents a novel DevOps framework aimed at supporting Cloud consumers in designing, deploying and operating (multi)Cloud systems that include the necessary privacy and security controls for ensuring transparency to end-users, third parties in service provision (if any) and law enforcement authorities. The framework relies on the risk-driven specification at design time of privacy and security level objectives in the system Service Level Agreement (SLA) and in their continuous monitoring and enforcement at runtime.The research leading to these results has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 644429 and No 780351, MUSA project and ENACT project, respectively. We would also like to acknowledge all the members of the MUSA Consortium and ENACT Consortium for their valuable help

Using mobile technology to engage sexual and gender minorities in clinical research.

IntroductionHistorical and current stigmatizing and discriminatory experiences drive sexual and gender minority (SGM) people away from health care and clinical research. Being medically underserved, they face numerous disparities that make them vulnerable to poor health outcomes. Effective methods to engage and recruit SGM people into clinical research studies are needed.ObjectivesTo promote health equity and understand SGM health needs, we sought to design an online, national, longitudinal cohort study entitled The PRIDE (Population Research in Identity and Disparities for Equality) Study that enabled SGM people to safely participate, provide demographic and health data, and generate SGM health-related research ideas.MethodsWe developed an iPhone mobile application ("app") to engage and recruit SGM people to The PRIDE Study-Phase 1. Participants completed demographic and health surveys and joined in asynchronous discussions about SGM health-related topics important to them for future study.ResultsThe PRIDE Study-Phase 1 consented 18,099 participants. Of them, 16,394 provided data. More than 98% identified as a sexual minority, and more than 15% identified as a gender minority. The sample was diverse in terms of sexual orientation, gender identity, age, race, ethnicity, geographic location, education, and individual income. Participants completed 24,022 surveys, provided 3,544 health topics important to them, and cast 60,522 votes indicating their opinion of a particular health topic.ConclusionsWe developed an iPhone app that recruited SGM adults and collected demographic and health data for a new national online cohort study. Digital engagement features empowered participants to become committed stakeholders in the research development process. We believe this is the first time that a mobile app has been used to specifically engage and recruit large numbers of an underrepresented population for clinical research. Similar approaches may be successful, convenient, and cost-effective at engaging and recruiting other vulnerable populations into clinical research studies

Framework for Security Transparency in Cloud Computing

The migration of sensitive data and applications from the on-premise data centre to a cloud environment increases cyber risks to users, mainly because the cloud environment is managed and maintained by a third-party. In particular, the partial surrender of sensitive data and application to a cloud environment creates numerous concerns that are related to a lack of security transparency. Security transparency involves the disclosure of information by cloud service providers about the security measures being put in place to protect assets and meet the expectations of customers. It establishes trust in service relationship between cloud service providers and customers, and without evidence of continuous transparency, trust and confidence are affected and are likely to hinder extensive usage of cloud services. Also, insufficient security transparency is considered as an added level of risk and increases the difficulty of demonstrating conformance to customer requirements and ensuring that the cloud service providers adequately implement security obligations. The research community have acknowledged the pressing need to address security transparency concerns, and although technical aspects for ensuring security and privacy have been researched widely, the focus on security transparency is still scarce. The relatively few literature mostly approach the issue of security transparency from cloud providers’ perspective, while other works have contributed feasible techniques for comparison and selection of cloud service providers using metrics such as transparency and trustworthiness. However, there is still a shortage of research that focuses on improving security transparency from cloud users’ point of view. In particular, there is still a gap in the literature that (i) dissects security transparency from the lens of conceptual knowledge up to implementation from organizational and technical perspectives and; (ii) support continuous transparency by enabling the vetting and probing of cloud service providers’ conformity to specific customer requirements. The significant growth in moving business to the cloud – due to its scalability and perceived effectiveness – underlines the dire need for research in this area. This thesis presents a framework that comprises the core conceptual elements that constitute security transparency in cloud computing. It contributes to the knowledge domain of security transparency in cloud computing by proposing the following. Firstly, the research analyses the basics of cloud security transparency by exploring the notion and foundational concepts that constitute security transparency. Secondly, it proposes a framework which integrates various concepts from requirement engineering domain and an accompanying process that could be followed to implement the framework. The framework and its process provide an essential set of conceptual ideas, activities and steps that can be followed at an organizational level to attain security transparency, which are based on the principles of industry standards and best practices. Thirdly, for ensuring continuous transparency, the thesis proposes an essential tool that supports the collection and assessment of evidence from cloud providers, including the establishment of remedial actions for redressing deficiencies in cloud provider practices. The tool serves as a supplementary component of the proposed framework that enables continuous inspection of how predefined customer requirements are being satisfied. The thesis also validates the proposed security transparency framework and tool in terms of validity, applicability, adaptability, and acceptability using two different case studies. Feedbacks are collected from stakeholders and analysed using essential criteria such as ease of use, relevance, usability, etc. The result of the analysis illustrates the validity and acceptability of both the framework and tool in enhancing security transparency in a real-world environment

The Scholar's Dashboard: Creating a multidisciplinary tool via design and build workshops (OhioLINK)

The Scholar's Dashboard project is a series of three two-day design and build workshops, teaming humanities scholars, librarians, and technologists in innovative application development to optimize use of humanities collections from the OhioLINK Digital Resource Commons (DRC). The DRC is a 500,000 item open access collection from Ohio academic and cultural heritage organizations. Dashboard users will select and combine collections, add descriptions and metadata, and re-visualize and re-present information. DRC collections with relevant information (oral histories, narratives, records, documents, images, e.g.) will form the design base. Design and build workshops allow researchers and scholars to specify features needed to rapidly expand DRC functionality. This model will then be used as a magnet for further digital humanities collections, as scholars, librarians, and archivists contribute collections in order to benefit from the Scholar's Dashboard design and capabilities

Personal data broker instead of blockchain for students’ data privacy assurance

Data logs about learning activities are being recorded at a growing pace due to the adoption and evolution of educational technologies (Edtech). Data analytics has entered the field of education under the name of learning analytics. Data analytics can provide insights that can be used to enhance learning activities for educational stakeholders, as well as helping online learning applications providers to enhance their services. However, despite the goodwill in the use of Edtech, some service providers use it as a means to collect private data about the students for their own interests and benefits. This is showcased in recent cases seen in media of bad use of students’ personal information. This growth in cases is due to the recent tightening in data privacy regulations, especially in the EU. The students or their parents should be the owners of the information about them and their learning activities online. Thus they should have the right tools to control how their information is accessed and for what purposes. Currently, there is no technological solution to prevent leaks or the misuse of data about the students or their activity. It seems appropriate to try to solve it from an automation technology perspective. In this paper, we consider the use of Blockchain technologies as a possible basis for a solution to this problem. Our analysis indicates that the Blockchain is not a suitable solution. Finally, we propose a cloud-based solution with a central personal point of management that we have called Personal Data Broker.Peer ReviewedPostprint (author's final draft

Squaring the circle: a new alternative to alternative-assessment

Many quality assurance systems rely on high-stakes assessment for course certification. Such methods are not as objective as they might appear; they can have detrimental effects on student motivation and may lack relevance to the needs of degree courses increasingly oriented to vocational utility. Alternative assessment methods can show greater formative and motivational value for students but are not well suited to the demands of course certification. The widespread use of virtual learning environments and electronic portfolios generates substantial learner activity data to enable new ways of monitoring and assessing students through Learning Analytics. These emerging practices have the potential to square the circle by generating objective, summative reports for course certification while at the same time providing formative assessment to personalise the student experience. This paper introduces conceptual models of assessment to explore how traditional reliance on numbers and grades might be displaced by new forms of evidence-intensive student profiling and engagement

A new framework for the design and evaluation of a learning institution’s student engagement activities

In this article we explore the potential for attempts to encourage student engagement to be conceptualised as behaviour change activity, and specifically whether a new framework to guide such activity has potential value for the Higher Education (HE) sector. The Behaviour Change Wheel (BCW) (Michie, Susan, Maartje M van Stralen, and Robert West. 2011. “The Behaviour Change Wheel: A New Method for Characterising and Designing Behaviour Change Interventions.” Implementation Science : IS 6 (1): 42. doi:10.1186/1748-5908-6-42) is a framework for the systematic design and development of behaviour change interventions. It has yet to be applied to the domain of student engagement. This article explores its potential, by assessing whether the BCW comprehensively aligns with the state of student engagement as currently presented in the HE literature. This work achieves two things. It firstly allows a prima facie assessment of whether student engagement activity can be readily aligned with the BCW framework. It also highlights omissions and prevalence of activity types in the HE sector, compared with other sectors where behaviour change practice is being successfully applied

Technical Report on Deploying a highly secured OpenStack Cloud Infrastructure using BradStack as a Case Study

Cloud computing has emerged as a popular paradigm and an attractive model for providing a reliable distributed computing model.it is increasing attracting huge attention both in academic research and industrial initiatives. Cloud deployments are paramount for institution and organizations of all scales. The availability of a flexible, free open source cloud platform designed with no propriety software and the ability of its integration with legacy systems and third-party applications are fundamental. Open stack is a free and opensource software released under the terms of Apache license with a fragmented and distributed architecture making it highly flexible. This project was initiated and aimed at designing a secured cloud infrastructure called BradStack, which is built on OpenStack in the Computing Laboratory at the University of Bradford. In this report, we present and discuss the steps required in deploying a secured BradStack Multi-node cloud infrastructure and conducting Penetration testing on OpenStack Services to validate the effectiveness of the security controls on the BradStack platform. This report serves as a practical guideline, focusing on security and practical infrastructure related issues. It also serves as a reference for institutions looking at the possibilities of implementing a secured cloud solution.Comment: 38 pages, 19 figures