Supporting personalization in a web-based course through the definition of role-based access policies

Role-based access policies model the users domain by means of complex structures where roles, which represent jobs or responsibilities assumed by users, are specialized into more concrete subroles which inherit properties and authorizations from their parents. Such an approach can be applied within the context of educational applications, where different roles are easily identified each of which has different views of the same information items and different capabilities to modify them. Moreover, even though this approach, has only been oriented towards modeling security requirements, it can be extended to support personalized access to the information. In this paper, we describe how to combine the basic principles of RBAC policies and adaptation with a view of providing personalized access to the different types of users of a web-based course. Moreover, we also present Courba, a platform to generate personalized web-based courses using XML to support the definition of access policies.Role-based access policies model the users domain by means of complex structures where roles, which represent jobs or responsibilities assumed by users, are specialized into more concrete subroles which inherit properties and authorizations from their parents. Such an approach can be applied within the context of educational applications, where different roles are easily identified each of which has different views of the same information items and different capabilities to modify them. Moreover, even though this approach, has only been oriented towards modeling security requirements, it can be extended to support personalized access to the information. In this paper, we describe how to combine the basic principles of RBAC policies and adaptation with a view of providing personalized access to the different types of users of a web-based course. Moreover, we also present Courba, a platform to generate personalized web-based courses using XML to support the definition of access policies

Supporting personalization in a web-based course through the definition of role-based access policies

Role-based access policies model the users domain by means of complex structures where roles, which represent jobs or responsibilities assumed by users, are specialized into more concrete subroles which inherit properties and authorizations from their parents. Such an approach can be applied within the context of educational applications, where different roles are easily identified each of which has different views of the same information items and different capabilities to modify them. Moreover, even though this approach, has only been oriented towards modeling security requirements, it can be extended to support personalized access to the information. In this paper, we describe how to combine the basic principles of RBAC policies and adaptation with a view of providing personalized access to the different types of users of a web-based course. Moreover, we also present Courba, a platform to generate personalized web-based courses using XML to support the definition of access policies.Role-based access policies model the users domain by means of complex structures where roles, which represent jobs or responsibilities assumed by users, are specialized into more concrete subroles which inherit properties and authorizations from their parents. Such an approach can be applied within the context of educational applications, where different roles are easily identified each of which has different views of the same information items and different capabilities to modify them. Moreover, even though this approach, has only been oriented towards modeling security requirements, it can be extended to support personalized access to the information. In this paper, we describe how to combine the basic principles of RBAC policies and adaptation with a view of providing personalized access to the different types of users of a web-based course. Moreover, we also present Courba, a platform to generate personalized web-based courses using XML to support the definition of access policies

‘Enhanced Encryption and Fine-Grained Authorization for Database Systems

The aim of this research is to enhance fine-grained authorization and encryption so that database systems are equipped with the controls necessary to help enterprises adhere to zero-trust security more effectively. For fine-grained authorization, this thesis has extended database systems with three new concepts: Row permissions, column masks and trusted contexts. Row permissions and column masks provide data-centric security so the security policy cannot be bypassed as with database views, for example. They also coexist in harmony with the rest of the database core tenets so that enterprises are not forced to compromise neither security nor database functionality. Trusted contexts provide applications in multitiered environments with a secure and controlled manner to propagate user identities to the database and therefore enable such applications to delegate the security policy to the database system where it is enforced more effectively. Trusted contexts also protect against application bypass so the application credentials cannot be abused to make database changes outside the scope of the application’s business logic. For encryption, this thesis has introduced a holistic database encryption solution to address the limitations of traditional database encryption methods. It too coexists in harmony with the rest of the database core tenets so that enterprises are not forced to choose between security and performance as with column encryption, for example. Lastly, row permissions, column masks, trusted contexts and holistic database encryption have all been implemented IBM DB2, where they are relied upon by thousands of organizations from around the world to protect critical data and adhere to zero-trust security more effectively

Steps towards adaptive situation and context-aware access: a contribution to the extension of access control mechanisms within pervasive information systems

L'évolution des systèmes pervasives a ouvert de nouveaux horizons aux systèmes d'information classiques qui ont intégré des nouvelles technologies et des services qui assurent la transparence d'accès aux resources d'information à n'importe quand, n'importe où et n'importe comment. En même temps, cette évolution a relevé des nouveaux défis à la sécurité de données et à la modélisation du contrôle d'accès. Afin de confronter ces challenges, differents travaux de recherche se sont dirigés vers l'extension des modèles de contrôles d'accès (en particulier le modèle RBAC) afin de prendre en compte la sensibilité au contexte dans le processus de prise de décision. Mais la liaison d'une décision d'accès aux contraintes contextuelles dynamiques d'un utilisateur mobile va non seulement ajouter plus de complexité au processus de prise de décision mais pourra aussi augmenter les possibilités de refus d'accès. Sachant que l'accessibilité est un élément clé dans les systèmes pervasifs et prenant en compte l'importance d'assurer l'accéssibilité en situations du temps réel, nombreux travaux de recherche ont proposé d'appliquer des mécanismes flexibles de contrôle d'accès avec des solutions parfois extrêmes qui depassent les frontières de sécurité telle que l'option de "Bris-de-Glace". Dans cette thèse, nous introduisons une solution modérée qui se positionne entre la rigidité des modèles de contrôle d'accès et la flexibilité qui expose des risques appliquées pendant des situations du temps réel. Notre contribution comprend deux volets : au niveau de conception, nous proposons PS-RBAC - un modèle RBAC sensible au contexte et à la situation. Le modèle réalise des attributions des permissions adaptatives et de solution de rechange à base de prise de décision basée sur la similarité face à une situation importanteÀ la phase d'exécution, nous introduisons PSQRS - un système de réécriture des requêtes sensible au contexte et à la situation et qui confronte les refus d'accès en reformulant la requête XACML de l'utilisateur et en lui proposant une liste des resources alternatives similaires qu'il peut accéder. L'objectif est de fournir un niveau de sécurité adaptative qui répond aux besoins de l'utilisateur tout en prenant en compte son rôle, ses contraintes contextuelles (localisation, réseau, dispositif, etc.) et sa situation. Notre proposition a été validé dans trois domaines d'application qui sont riches des contextes pervasifs et des scénarii du temps réel: (i) les Équipes Mobiles Gériatriques, (ii) les systèmes avioniques et (iii) les systèmes de vidéo surveillance.The evolution of pervasive computing has opened new horizons to classical information systems by integrating new technologies and services that enable seamless access to information sources at anytime, anyhow and anywhere. Meanwhile this evolution has opened new threats to information security and new challenges to access control modeling. In order to meet these challenges, many research works went towards extending traditional access control models (especially the RBAC model) in order to add context awareness within the decision-making process. Meanwhile, tying access decisions to the dynamic contextual constraints of mobile users would not only add more complexity to decision-making but could also increase the possibilities of access denial. Knowing that accessibility is a key feature for pervasive systems and taking into account the importance of providing access within real-time situations, many research works have proposed applying flexible access control mechanisms with sometimes extreme solutions that depass security boundaries such as the Break-Glass option. In this thesis, we introduce a moderate solution that stands between the rigidity of access control models and the riskful flexibility applied during real-time situations. Our contribution is twofold: on the design phase, we propose PS-RBAC - a Pervasive Situation-aware RBAC model that realizes adaptive permission assignments and alternative-based decision-making based on similarity when facing an important situation. On the implementation phase, we introduce PSQRS - a Pervasive Situation-aware Query Rewriting System architecture that confronts access denials by reformulating the user's XACML access request and proposing to him a list of alternative similar solutions that he can access. The objective is to provide a level of adaptive security that would meet the user needs while taking into consideration his role, contextual constraints (location, network, device, etc.) and his situation. Our proposal has been validated in three application domains that are rich in pervasive contexts and real-time scenarios: (i) Mobile Geriatric Teams, (ii) Avionic Systems and (iii) Video Surveillance Systems

E-Document Management Based on Web services and XML

Document management plays an important role in R&D project management for government funding agencies, universities, and research institutions. The advent of Web services and XML presents new opportunities for e-document management. This paper describes a novel solution for processing large quantities of electronic documents in multiple formats within a short timeframe. The solution is based on Web services for integrating two-tiered distributed processing. It also involves a document extraction process for handling multiple document formats, with XML as the intermediate for information exchange. The application of the solution at the National Natural Science Foundation of China (NSFC) proved successful, and the general approach may be applied to a broad range of e-document management settings

A System For Visual Role-Based Policy Modelling

The definition of security policies in information systems and programming applications is often accomplished through traditional low level languages that are difficult to use. This is a remarkable drawback if we consider that security policies are often specified and maintained by top level enterprise managers who would probably prefer to use simplified, metaphor oriented policy management tools. To support all the different kinds of users we propose a suite of visual languages to specify access and security policies according to the role based access control (RBAC) model. Moreover, a system implementing the proposed visual languages is proposed. The system provides a set of tools to enable a user to visually edit security policies and to successively translate them into (eXtensible Access Control Markup Language) code, which can be managed by a Policy Based Management System supporting such policy language. The system and the visual approach have been assessed by means of usability studies and of several case studies. The one presented in this paper regards the configuration of access policies for a multimedia content management platform providing video streaming services also accessible through mobile devices

A survey of RDB to RDF translation approaches and tools

ISRN I3S/RR 2013-04-FR 24 pagesRelational databases scattered over the web are generally opaque to regular web crawling tools. To address this concern, many RDB-to-RDF approaches have been proposed over the last years. In this paper, we propose a detailed review of seventeen RDB-to-RDF initiatives, considering end-to-end projects that delivered operational tools. The different tools are classified along three major axes: mapping description language, mapping implementation and data retrieval method. We analyse the motivations, commonalities and differences between existing approaches. The expressiveness of existing mapping languages is not always sufficient to produce semantically rich data and make it usable, interoperable and linkable. We therefore briefly present various strategies investigated in the literature to produce additional knowledge. Finally, we show that R2RML, the W3C recommendation for describing RDB to RDF mappings, may not apply to all needs in the wide scope of RDB to RDF translation applications, leaving space for future extensions

Approaches to creating anonymous patient database

Health care providers, health plans and health care clearinghouses collect patient medical data derived from their normal operations every day. These patient data can greatly benefit the health care organization if data mining techniques are applied upon these data sets. However, individual identifiable patient information needs to be protected in accordance with Health Insurance Portability and Accountability Act (HIPAA), and the quality of patient data also needs to be ensured in order for data mining tasks achieve accurate results. This thesis describes a patient data transformation system which transforms patient data into high quality and anonymous patient records that is suitable for data mining purposes.;This document discusses the underlying technologies, features implemented in the prototype, and the methodologies used in developing the software. The prototype emphasizes the patient privacy and quality of the patient data as well as software scalability and portability. Preliminary experience of its use is presented. A performance analysis of the system\u27s behavior has also been done

Towards Safer Information Sharing in the Cloud

Web interactions usually require the exchange of personal and confidential information for a variety of purposes, including enabling business transactions and the provisioning of services. A key issue affecting these interactions is the lack of trust and control on how data is going to be used and processed by the entities that receive it. In the traditional world, this problem is addressed by using contractual agreements, those are signed by the involved parties, and law enforcement. This could be done electronically as well but, in ad- dition to the trust issue, there is currently a major gap between the definition of legal contracts regulat- ing the sharing of data, and the software infrastructure required to support and enforce them. How to enable organisations to provide more automation in this pro- cess? How to ensure that legal contracts can be actually enforced by the underlying IT infrastructure? How to enable end-users to express their preferences and con- straints within these contracts? This article describes our R&D work to make progress towards addressing this gap via the usage of electronic Data Sharing Agree- ments (e-DSA). The aim is to share our vision, discuss the involved challenges and stimulate further research and development in this space. We specifically focus on a cloud scenario because it provides a rich set of?use cases involving interactions and information shar- ing among multiple stakeholders, including users and service providers.?