Authorization schema for electronic health-care records: for Uganda

This thesis discusses how to design an authorization schema focused on ensuring each patient's data privacy within a hospital information system

Semantic-Based Access Control Mechanisms in Dynamic Environments

The appearance of dynamic distributed networks in early eighties of the last century has evoked technologies like pervasive systems, ubiquitous computing, ambient intelligence, and more recently, Internet of Things (IoT) to be developed. Moreover, sensing capabil- ities embedded in computing devices offer users the ability to share, retrieve, and update resources on anytime and anywhere basis. These resources (or data) constitute what is widely known as contextual information. In these systems, there is an association between a system and its environment and the system should always adapt to its ever-changing environment. This situation makes the Context-Based Access Control (CBAC) the method of choice for such environments. However, most traditional policy models do not address the issue of dynamic nature of dynamic distributed systems and are limited in addressing issues like adaptability, extensibility, and reasoning over security policies. We propose a security framework for dynamic distributed network domain that is based on semantic technologies. This framework presents a flexible and adaptable context-based access control authoriza- tion model for protecting dynamic distributed networks’ resources. We extend our secu- rity model to incorporate context delegation in context-based access control environments. We show that security mechanisms provided by the framework are sound and adhere to the least-privilege principle. We develop a prototype implementation of our framework and present the results to show that our framework correctly derives Context-Based au- thorization decision. Furthermore, we provide complexity analysis for the authorization framework in its response to the requests and contrast the complexity against possible op- timization that can be applied on the framework. Finally, we incorporate semantic-based obligation into our security framework. In phase I of our research, we design two lightweight Web Ontology Language (OWL) ontologies CTX-Lite and CBAC. CTX-Lite ontology serves as a core ontology for context handling, while CBAC ontology is used for modeling access control policy requirements. Based on the two OWL ontologies, we develop access authorization approach in which access decision is solely made based on the context of the request. We separate context operations from access authorization operations to reduce processing time for distributed networks’ devices. In phase II, we present two novel ontology-based context delegation ap- proaches. Monotonic context delegation, which adopts GRANT version of delegation, and non-monotonic for TRANSFER version of delegation. Our goal is to present context del- egation mechanisms that can be adopted by existing CBAC systems which do not provide delegation services. Phase III has two sub-phases, the first is to provide complexity anal- ysis of the authorization framework. The second sub-phase is dedicated to incorporating semantic-based obligation

Ambient-aware continuous care through semantic context dissemination

Background: The ultimate ambient-intelligent care room contains numerous sensors and devices to monitor the patient, sense and adjust the environment and support the staff. This sensor-based approach results in a large amount of data, which can be processed by current and future applications, e. g., task management and alerting systems. Today, nurses are responsible for coordinating all these applications and supplied information, which reduces the added value and slows down the adoption rate. The aim of the presented research is the design of a pervasive and scalable framework that is able to optimize continuous care processes by intelligently reasoning on the large amount of heterogeneous care data. Methods: The developed Ontology-based Care Platform (OCarePlatform) consists of modular components that perform a specific reasoning task. Consequently, they can easily be replicated and distributed. Complex reasoning is achieved by combining the results of different components. To ensure that the components only receive information, which is of interest to them at that time, they are able to dynamically generate and register filter rules with a Semantic Communication Bus (SCB). This SCB semantically filters all the heterogeneous care data according to the registered rules by using a continuous care ontology. The SCB can be distributed and a cache can be employed to ensure scalability. Results: A prototype implementation is presented consisting of a new-generation nurse call system supported by a localization and a home automation component. The amount of data that is filtered and the performance of the SCB are evaluated by testing the prototype in a living lab. The delay introduced by processing the filter rules is negligible when 10 or fewer rules are registered. Conclusions: The OCarePlatform allows disseminating relevant care data for the different applications and additionally supports composing complex applications from a set of smaller independent components. This way, the platform significantly reduces the amount of information that needs to be processed by the nurses. The delay resulting from processing the filter rules is linear in the amount of rules. Distributed deployment of the SCB and using a cache allows further improvement of these performance results

A SEMANTIC BASED POLICY MANAGEMENT FRAMEWORK FOR CLOUD COMPUTING ENVIRONMENTS

Cloud computing paradigm has gained tremendous momentum and generated intensive interest. Although security issues are delaying its fast adoption, cloud computing is an unstoppable force and we need to provide security mechanisms to ensure its secure adoption. In this dissertation, we mainly focus on issues related to policy management and access control in the cloud. Currently, users have to use diverse access control mechanisms to protect their data when stored on the cloud service providers (CSPs). Access control policies may be specified in different policy languages and heterogeneity of access policies pose significant problems.An ideal policy management system should be able to work with all data regardless of where they are stored. Semantic Web technologies when used for policy management, can help address the crucial issues of interoperability of heterogeneous CSPs. In this dissertation, we propose a semantic based policy management framework for cloud computing environments which consists of two main components, namely policy management and specification component and policy evolution component. In the policy management and specification component, we first introduce policy management as a service (PMaaS), a cloud based policy management framework that give cloud users a unified control point for specifying authorization policies, regardless of where the data is stored. Then, we present semantic based policy management framework which enables users to specify access control policies using semantic web technologies and helps address heterogeneity issues of cloud computing environments. We also model temporal constraints and restrictions in GTRBAC using OWL and show how ontologies can be used to specify temporal constraints. We present a proof of concept implementation of the proposed framework and provide some performance evaluation. In the policy evolution component, we propose to use role mining techniques to deal with policy evolution issues and present StateMiner, a heuristic algorithm to find an RBAC state as close as possible to both the deployed RBAC state and the optimal state. We also implement the proposed algorithm and perform some experiments to demonstrate its effectiveness

Privacy Issues in Web Services: An Ontology Based Solution

AbstractPrivacy is the right of a person to specify that when, how and to what amount information about him is disclosed to others. Due to the tremendous use and popularity of web services, the likelihood of intentional and unintentional privacy disclosures is also increasing. The web services users generate a rich amount of information when they browse the websites of the service providers, access social networking sites to post their comments & product reviews, and store their data in the cloud. The data such generated is a voluminous and valuable treasure for the marketers as well as advertisers. The emerging technologies and fast increasing online activities of users are posing new threats to user's privacy and digital life. While accessing the web services, users unknowingly agree to the privacy policy of the service provider through which they authorize the service providers to collect and share their personally identifiable information. Most of the users think that while accepting the privacy policy of the service provider, they are protecting their privacy but actually they are signing the policy which informs them about the privacy rights they are surrendering to the service providers. In this paper, we aim to minimise the privacy related information disclosure of the user through various prevalent semantic web based technologies

SWARMs Ontology: A Common Information Model for the Cooperation of Underwater Robots

In order to facilitate cooperation between underwater robots, it is a must for robots to exchange information with unambiguous meaning. However, heterogeneity, existing in information pertaining to different robots, is a major obstruction. Therefore, this paper presents a networked ontology, named the Smart and Networking Underwater Robots in Cooperation Meshes (SWARMs) ontology, to address information heterogeneity and enable robots to have the same understanding of exchanged information. The SWARMs ontology uses a core ontology to interrelate a set of domain-specific ontologies, including the mission and planning, the robotic vehicle, the communication and networking, and the environment recognition and sensing ontology. In addition, the SWARMs ontology utilizes ontology constructs defined in the PR-OWL ontology to annotate context uncertainty based on the Multi-Entity Bayesian Network (MEBN) theory. Thus, the SWARMs ontology can provide both a formal specification for information that is necessarily exchanged between robots and a command and control entity, and also support for uncertainty reasoning. A scenario on chemical pollution monitoring is described and used to showcase how the SWARMs ontology can be instantiated, be extended, represent context uncertainty, and support uncertainty reasoning.Eurpean Commission, H2020, 66210

Modular norm models: practical representation and analysis of contractual rights and obligations

Compliance analysis requires legal counsel but is generally unavailable in many software projects. Analysis of legal text using logic-based models can help developers understand requirements for the development and use of software-intensive systems throughout its lifecycle. We outline a practical modeling process for norms in legally binding agreements that include contractual rights and obligations. A computational norm model analyzes available rights and required duties based on the satisfiability of situations, a state of affairs, in a given scenario. Our method enables modular norm model extraction, representation, and reasoning. For norm extraction, using the theory of frame semantics, we construct two foundational norm templates for linguistic guidance. These templates correspond to Hohfeld’s concepts of claim-right and its jural correlative, duty. Each template instantiation results in a norm model, encapsulated in a modular unit which we call a super-situation that corresponds to an atomic fragment of law. For hierarchical modularity, super-situations contain a primary norm that participates in relationships with other norm models. Norm compliance values are logically derived from its related situations and propagated to the norm’s containing super-situation, which in turn participates in other super-situations. This modularity allows on-demand incremental modeling and reasoning using simpler model primitives than previous approaches. While we demonstrate the usefulness of our norm models through empirical studies with contractual statements in open source software and privacy domains, its grounding in theories of law and linguistics allows wide applicability

Coping with collaborative and competitive episodes within collaborative remote laboratories

International audienceIn this paper, we provide an original approach to the support of group awareness within collaborative remote laboratories. Computer Supported Collaborative Learning sessions present successively collaborative and emulation episodes. The idea developed here is the elaboration of an architecture for dealing with those two aspects of collaborative sessions for practical remote hands-on approaches. Our purpose is to manage and enhance the learning experience brought to the students who are using collaborative remote laboratories by managing several synchronous accesses made on the remote laboratories platform itself. This contribution relies on an original domain ontology and the associated knowledge management system