On the Use of XML in Medical Imaging Web-Based Applications

The rapid growth of digital technology in medical fields over recent years has increased the need for applications able to manage patient medical records, imaging data, and chart information. Web-based applications are implemented with the purpose to link digital databases, storage and transmission protocols, management of large volumes of data and security concepts, allowing the possibility to read, analyze, and even diagnose remotely from the medical center where the information was acquired. The objective of this paper is to analyze the use of the Extensible Markup Language (XML) language in web-based applications that aid in diagnosis or treatment of patients, considering how this protocol allows indexing and exchanging the huge amount of information associated with each medical case. The purpose of this paper is to point out the main advantages and drawbacks of the XML technology in order to provide key ideas for future web-based applicationsPeer ReviewedPostprint (author's final draft

An Empirical Study of Security Issues Posted in Open Source Projects

When developers gain thorough understanding and knowledge of software security, they can produce more secure software. This study aims at empirically identifying and understanding the security issues posted on a random sample of GitHub repositories. We tried to understand the presence of security issues and their key themes and topics. We applied a mixed-methods approach, combining topic modeling techniques and qualitative analysis. Our findings have revealed that a) the rate of security-related issues was rather small (approx. 3% of all issues), b) the majority of the security issues were related to identity management and cryptography topics. We present 7 high-level themes of problems that developers face in implementing security features

Quire: Lightweight Provenance for Smart Phone Operating Systems

Smartphone apps often run with full privileges to access the network and sensitive local resources, making it difficult for remote systems to have any trust in the provenance of network connections they receive. Even within the phone, different apps with different privileges can communicate with one another, allowing one app to trick another into improperly exercising its privileges (a Confused Deputy attack). In Quire, we engineered two new security mechanisms into Android to address these issues. First, we track the call chain of IPCs, allowing an app the choice of operating with the diminished privileges of its callers or to act explicitly on its own behalf. Second, a lightweight signature scheme allows any app to create a signed statement that can be verified anywhere inside the phone. Both of these mechanisms are reflected in network RPCs, allowing remote systems visibility into the state of the phone when an RPC is made. We demonstrate the usefulness of Quire with two example applications. We built an advertising service, running distinctly from the app which wants to display ads, which can validate clicks passed to it from its host. We also built a payment service, allowing an app to issue a request which the payment service validates with the user. An app cannot not forge a payment request by directly connecting to the remote server, nor can the local payment service tamper with the request

Security Implementation of Mission Control System for ESTCube-1 Satellite

Lühikokkuvõte ESTCube-1 on Eesti esimene satelliit ja ühtlasi onta ehitatud tervenisti üliõpilaste poolt. ESTCube-1 paljudestallsüsteemidest on üks osa missioonijuhtimissüsteemist (ingl. k.Mission Control System- MCS). Missioonijuhtimise tarkvara on modulaarne, moodulid võivad asuda erinevates serverites. Praeguses seadistusestöötab enamik moodulitest vaikimisi konfiguratsiooniseadetes ja mõnel juhul ei ole andmed piisavalt kaitstud – näiteks suhtlevad osad komponendidilma turvalise võrguühenduseta. Käesoleva töö eesmärk on süstemaatiliselt läheneda missioonijuhtimise süsteemi kui terviku turvalisusele ja leida lahendus senisest paremini turvatud süsteemi seadistamiseks. Töö koosneb järgnevatest sammudest:kirjeldada ESTCube-1 missioonijuhtimissüsteemi arhitektuuri, analüüsida kõikide süsteemi moodulite turvalahenduste võimalusi, rakendada leitud terviklahendus missioonijuhtimissüsteemi turvalahendustetestkeskkonnas, katsetadaja kontrollida süsteemi tööd uues seadistuses. Töös valitud lahendus võimaldab turvalisiühendusi erinevate moodulite vahel ja krüpteerib salvestatud andmed. Andmetele juurdepääsu saab piirata ka kasutajapõhiselt. Kokkuvõttes võib missioonijuhtimissüsteemi tarkvara panna tööle avatud ligipääsuga üle Interneti. Seni kasutatud lahendus tugines VPN ja SSH tunnelitele, mis on küll sobiliksüsteemi arenduseks, aga käesolev lahendus võimaldab süsteemile turvalise ligipääsu satelliidi opereerimise igapäevatöös. Võtmesõnad: ESTCube-1, Mission Control System, CubeSat, Hummingbird, Atlassian Crowd, Mongodb, Oracle 11g, Apache ActiveMQ, Jetty Web ServerAbstract: ESTCube-1 is Estonia’s first satellite project built by university students. ESTCube-1 Mission Control System (MCS) software is also developed as part of this educational project. Mission Control System is a modular system, comprised of various components in multiple servers, of which most of them are running on default or basic security configuration settings and in some cases, data is not protected well enough in the present state. Some of the components communicate over unsecured network thereby making its data vulnerable. As this thesis title “Security Implementation of Mission Control System for ESTCube-1 Satellite” implies, there is need for a systematic approach about the entire data security of the mission and my aim is to improve the security of ESTCube-1 Mission Control System. The following steps are taken in the thesis: establish a good understanding ESTCube-1 MCS architecture, understand the possibilities of security configurations of all used technologies, analyse the effect of a possible selection of security methods, implement the chosen solutions in a sandbox environment, test and verify the operating of the complete MCS with the implemented solution. The results shows security implementations done on the various components allows the connection between components are secure and data in motion are encrypted. Access to the data at rest are restricted, some are encrypted and only privileged users can gain access. Mission Control System accessibility over the Internet is more secure and access to the hardware tightened. In conclusion, the Mission Control System can certainly be accessed via the Internet securely as long as the user has valid certificates. Other access means are through other means like VPN and SSH Tunnelling. The original system configuration providedESTCube-1 MCS with just adequate security that would be befitting for a production environment, with the security solution found in current thesis, the system could be elevated for enterprise-level usage. Keywords: ESTCube-1, Mission Control System, CubeSat, Hummingbird, Atlassian Crowd, Mongodb, Oracle 11g, Apache ActiveMQ, Jetty Web Serve

Contextualised security operation deployment through [email protected] architecture

International audienceThe fast development of Cloud-based services and applications have a significant impact on Service Oriented Computing as it provides an efficient support to share data and processes. The de-perimeterised vision involved by these Intelligent Service Clouds lead to new security challenges: providing a consistent protection depending on the business environment conditions and on the deployment platform specific threats and vulnerabilities. To fit this context aware protection deployment challenge, we propose a [email protected] architecture, coupling Model Driven Security (MDS) and [email protected] approaches. By this way, security policies (that can be generated via a MDS process) are interpreted at runtime by a security mediator depending on the context. This proposition is illustrated thanks to a proof of concept prototype plugged on top of the FraSCAti middleware

A National Collaboratory to Advance the Science of High Temperature Plasma Physics for Magnetic Fusion

This report summarizes the work of the National Fusion Collaboratory (NFC) Project to develop a persistent infrastructure to enable scientific collaboration for magnetic fusion research. The original objective of the NFC project was to develop and deploy a national FES Grid (FusionGrid) that would be a system for secure sharing of computation, visualization, and data resources over the Internet. The goal of FusionGrid was to allow scientists at remote sites to participate as fully in experiments and computational activities as if they were working on site thereby creating a unified virtual organization of the geographically dispersed U.S. fusion community. The vision for FusionGrid was that experimental and simulation data, computer codes, analysis routines, visualization tools, and remote collaboration tools are to be thought of as network services. In this model, an application service provider (ASP provides and maintains software resources as well as the necessary hardware resources. The project would create a robust, user-friendly collaborative software environment and make it available to the US FES community. This Grid's resources would be protected by a shared security infrastructure including strong authentication to identify users and authorization to allow stakeholders to control their own resources. In this environment, access to services is stressed rather than data or software portability