An interaction-based access control model (IBAC) for collaborative services

A collaboration is a collection of services that work together to achieve a common goal. Although collaborations help when tackling difficult problems, they lead to security issues. First, a collaboration is often performed by services that are drawn from different security domains. Second, a service interacts with multiple peer services during the collaboration. These interactions are not isolated from one another--e.g., data may flow through a sequence of different services. As a result, a service is exposed to multiple peer services in varying degrees, leading to different security threats. We identify the types of interactions that can be present in collaborations, and discuss the security threats due to each type. We propose a model for representing the collaboration context so that a service can be made aware of the existing interactions. We provide an access control model for a service participating in a collaboration. We couple our access control model with a policy model, so that the access requirements from collaborations can be expressed and evaluated

New science on the Open Science Grid

The Open Science Grid (OSG) includes work to enable new science, new scientists, and new modalities in support of computationally based research. There are frequently significant sociological and organizational changes required in transformation from the existing to the new. OSG leverages its deliverables to the large-scale physics experiment member communities to benefit new communities at all scales through activities in education, engagement, and the distributed facility. This paper gives both a brief general description and specific examples of new science enabled on the OSG. More information is available at the OSG web site: www.opensciencegrid.org

2011 Report of NSF Workshop Series on Scientific Software Security Innovation Institute

Over the period of 2010-2011, a series of two workshops were held in response to NSF Dear Colleague Letter NSF 10-050 calling for exploratory workshops to consider requirements for Scientific Software Innovation Institutes (S2I2s). The specific topic of the workshop series was the potential benefits of a security-focused software institute that would serve the entire NSF research and development community. The first workshop was held on August 6th, 2010 in Arlington, VA and represented an initial exploration of the topic. The second workshop was held on October 26th, 2011 in Chicago, IL and its goals were to 1) Extend our understanding of relevant needs of MREFC and large NSF Projects, 2) refine outcome from first workshop with broader community input, and 3) vet concepts for a trusted cyberinfrastructure institute. Towards those goals, the participants other 2011workshop included greater representation from MREFC and large NSF projects, and, for the most part, did not overlap with the participants from the 2010 workshop. A highlight of the second workshop was, at the invitation of the organizers, a presentation by Scott Koranda of the LIGO project on the history of LIGO’s identity management activities and how those could have benefited from a security institute. A key analysis he presented is that, by his estimation, LIGO could have saved 2 senior FTE-years of effort by following suitable expert guidance had it existed. The overarching finding from the workshops is that security is a critical crosscutting issue for the NSF software infrastructure and recommended a security focused activity to address this issue broadly, for example a security software institute (S2I2) under the SI2 program. Additionally, the 2010 workshop participants agreed to 15 key additional findings, which the 2011 workshop confirmed, with some refinement as discussed in this report.NSF Grant # 1043843Ope

Psikiyatri kliniğine başvuran hastaların kullandığı bitkisel ürünlerin belirlenmesi

Psikiyatri Kliniğine Başvuran Hastaların Kullandığı Bitkisel Ürünlerin Belirlenmesi Psikiyatri kliniğine başvuran hastalarda bitkisel ürün kullanımını belirlemek amacıyla yapılan tanımlayıcı araştırma 303 birey ile gerçekleştirilmiştir. Bireylere yüz yüze görüşme ile anket formu uygulanmıştır. Katılımcıların yarıdan fazlası kadın (n=194, %64) ve evlidir (%54.5) ve %38.9'u lise mezunudur. Araştırmaya katılan bireylerin yaş ortalaması 40.14±15.15'tir. Erkeklerin yarısından fazlası çalışmamaktadır (n=66). Bitkisel ürünlerin en çok rutin kullanımı (günlük çaylar) bulunmaktadır (%60,7). Bu kullanımı sırası ile obezite (%17.2) ve uykusuzluk (14.8) takip etmektedir. En çok kullanılan form bitki çayıdır (%96,6). En çok bitkisel ürün temin edilen yer aktarlardır (%68). Hastalar en çok yakınlarının tavsiyesi ile bitkisel ürün kullanmaktadır (%54). Hastaların yarısından fazlası kullandığı bitkisel ürünü araştırmamıştır (%59,1). En fazla akraba/arkadaştan (%39,5) ve internetten (%34,7) bilgi edinilmiştir. Katılımcıların %41,5'i bitkisel ürünü her gün kullanmaktadır. Katılımcıların %79'unun kullandığı bitkisel ürünlerin aylık maaliyeti 25 TL'yi geçmemektedir. Çoğunluk, kullandığı bitkisel ürün bilgisini doktoru ile paylaşmamıştır (%81). Taze bitki olarak en çok kullanılan ürün cevizdir (%73.6). Kuru bitki olarak tarçın (%29.7) ve bitki çayı olarak ıhlamur (%50.2) en sık kullanılan bitkilerdir. Aloe vera bitkisinin jeli kullanılmaktadır (%8.9). Sarı kantaron bitkisi, yağda bekletilerek kullanılmaktadır (%22.8).Determination of Usage of Herbal Products of Patients Who Applied to Psychiatry Clinic In order to determine the use of herbal products in the patients who applied to the psychiatry clinic, the descriptive research was performed with 303 individuals. A questionnaire was directed to individuals by face-to-face interview. Among the participants, 54.5% were married and 38.9% of them were high school graduates. The mean age of the participants was 40.14 ± 15.15. More than half of the males do not work (n = 66). Herbal products have the most routine use. Routine use was followed by obesity (17.2%) and insomnia (14.8%), respectively. The most commonly used form is herbal tea (96.6%). Most of the herbal products was supplied from herbalists. Patients mostly use herbal products with the recommendation of their relatives (54%). More than half of the patients had not investigated the herbal product before (59.1%). Information was obtained from the relatives / friends (39.5%) and from the internet (34.7%). The ratio of 41.5% of the participants use herbal product daily every day. The monthly cost of the herbal products used by 79% of the participants does not exceed 25 TL. The majority of the participants did not share the knowledge of the herbal product they used with the doctor (81%). The most widely used fresh product is walnut (73.6%). Cinnamon (29.7%), as a dry plant and linden (50.2%) as herbal tea are the most commonly used plants. The gel of Aloe vera has been used (8.9%). St. John's Wort has been used following maceration in oil (22.8%

Secure Command Line Solution for Token-based Authentication

The WLCG is modernizing its security infrastructure, replacing X.509 client authentication with the newer industry standard of JSON Web Tokens (JWTs) obtained through the Open ID Connect (OIDC) protocol. There is a wide variety of software available using the standards, but most of it is for Web browser-based applications and doesn’t adapt well to the command line-based software used heavily in High Throughput Computing (HTC). OIDC command line client software did exist, but it did not meet our requirements for security and convenience. This paper discusses a command line solution we have made based on the popular existing secrets management software from Hashicorp called vault. We made a package called htvault-config to easily configure a vault service and another called htgettoken to be the vault client. In addition, we have integrated use of the tools into the HTCondor workload management system, although they also work well independent of HTCondor. All of the software is open source, under active development, and ready for use

Mining Likely Properties of Access Control Policies via Association Rule Mining

Abstract. Access control mechanisms are used to control which principals (such as users or processes) have access to which resources based on access control policies. To ensure the correctness of access control policies, policy authors conduct policy verification to check whether certain properties are satisfied by a policy. However, these properties are often not written in practice. To facilitate property verification, we present an approach that automatically mines likely properties from a policy via the technique of association rule mining. In our approach, mined likely properties may not be true for all the policy behaviors but are true for most of the policy behaviors. The policy behaviors that do not satisfy likely properties could be faulty. Therefore, our approach then conducts likelyproperty verification to produce counterexamples, which are used to help policy authors identify faulty rules in the policy. To show the effectiveness of our approach, we conduct evaluation on four XACML policies. Our evaluation results show that our approach achieves more than 30% higher fault-detection capability than that of an existing approach. Our approach includes additional techniques such as basic and prioritization techniques that help reduce a significant percentage of counterexamples for inspection compared to the existing approach.

ACPT: A Tool for Modeling and Verifying Access Control Policies

Access control mechanisms are a widely adopted technology for information security. Since access decisions (i.e., permit or deny) on requests are dependent on access control policies, ensuring the correct modeling and implementation of access control policies is crucial for adopting access control mechanisms. To address this issue, we develop a tool, called ACPT (Access Control Policy Testing), that helps to model and implement policies correctly during policy modeling, implementation, and verification.