On Usage Control for GRID Systems

This paper introduces a formal model, an architecture and a prototype implementation for usage control on GRID systems. The usage control model (UCON) is a new access control paradigm proposed by Park and Sandhu that encompasses and extends several existing models (e.g. MAC, DAC, Bell-Lapadula, RBAC, etc). Its main novelty is based on continuity of the access monitoring and mutability of attributes of subjects and objects. We identified this model as a perfect candidate for managing access/usage control in GRID systems due to their peculiarities, where continuity of control is a central issue. Here we adapt the original UCON model to develop a full model for usage control in GRID systems. We use as policy specification language a process description language and show how this is suitable to model the usage policy models of the original UCON model. We also describe a possible architecture to implement the usage control model. Moreover, we describe a prototype implementation for usage control of GRID computational services, and we show how our language can be used to define a security policy that regulates the usage of network communications to protect the local computational service from the applications that are executed on behalf of remote GRID users

Usage control in SIP-based multimedia delivery

The Session Initiation Protocol (SIP) is an application layer signaling protocol for the creation, modification and termination of multimedia sessions and VoIP calls with one or more participants.SIP is widely accepted as the protocol that will dominate multimedia communications in the future and one of the reasons is that it can inherently support multidomain heterogeneous networks.While SIP operates in highly dynamic environments, in the current version its authorization support is based on traditional access control models.The main problem these models face is that they were designed many years ago, and under some circumstances tend to be inadequate in modern highly dynamic environments.Usage Control (UCON), instead, is a model that supports the same operations as traditional access control models do, but it further enhances them with novel ones.In previous work, an architecture supporting continuous authorizations on SIP, based on the UCON model, was presented.In this paper, an authorization support implementing the whole UCON model, including authorizations, obligations and conditions, has been integrated in a SIP system.Moreover, a testbed has been set up to experimentally evaluate the performance of the proposed security mechanism

Fine Grained Access Control for Computational Services

Grid environment concerns the sharing of a large set of resources among entities that belong to Virtual Organizations. To this aim, the environment instantiates interactions among entities that belong to distinct administrative domains, that are potentially unknown, and among which no trust relationships exist a priori. For instance, a grid user that provides a computational service, executes unknown applications on its local computational resources on behalf on unknown grid users. In this context, the environment must provide an adequate support to guarantee security in these interactions. To improve the security of the grid environment, this paper proposes to adopt a continuous usage control model to monitor accesses to grid computational services, i.e. to monitor the behaviour of the applications executed on these services on behalf of grid users. This approach requires the definition of a security policy that describes the admitted application behaviour, and the integration in the grid security infrastructure of a component that monitors the application behaviour and that enforces this security policy. This paper also presents the architecture of the prototype of computational service monitor we have developed, along with some performance figures and its integration into the Globus framework

Muography applied to nuclear waste storage sites

Legacy storage sites for nuclear waste can pose a serious environmental problem. In fact, since certain sites date from the middle of the last century when safety protocols had not been properly established and strict bookkeeping was not enforced, a situation has evolved where the content of storage silos is basically known only with a large uncertainty both on quantity and quality. At the same time maintenance work on old storage structures is becoming ever more urgent and yet this work requires exactly that information which is now lacking on the type of waste that was stored inside. Because of the difficulty in accessing the storage silos and the near impossibility of making visual inspections inside, techniques have to be developed which can determine the presence or absence of heavy elements (i.e. uranium) within the structures. Muography is a very promising technique which could allow the survey of previously inaccessible structures. We have begun an evaluation performing feasibility studies using simulations based on real case scenarios. This paper will outline the storage site scenarios and then present some of the results obtained from the Monte Carlo simulations

Association between a genetic variant of type-1 cannabinoid receptor and inflammatory neurodegeneration in multiple sclerosis

Genetic ablation of type-1 cannabinoid receptors (CB1Rs) exacerbates the neurodegenerative damage of experimental autoimmune encephalomyelitis, the rodent model of multiple sclerosis (MS). To address the role on CB1Rs in the pathophysiology of human MS, we first investigated the impact of AAT trinucleotide short tandem repeat polymorphism of CNR1 gene on CB1R cell expression, and secondly on the inflammatory neurodegeneration process responsible for irreversible disability in MS patients. We found that MS patients with long AAT repeats within the CNR1 gene (≥12 in both alleles) had more pronounced neuronal degeneration in response to inflammatory white matter damage both in the optic nerve and in the cortex. Optical Coherence Tomography (OCT), in fact, showed more severe alterations of the retinal nerve fiber layer (RNFL) thickness and of the macular volume (MV) after an episode of optic neuritis in MS patients carrying the long AAT genotype of CNR1. MS patients with long AAT repeats also had magnetic resonance imaging (MRI) evidence of increased gray matter damage in response to inflammatory lesions of the white matter, especially in areas with a major role in cognition. In parallel, visual abilities evaluated at the low contrast acuity test, and cognitive performances were negatively influenced by the long AAT CNR1 genotype in our sample of MS patients. Our results demonstrate the biological relevance of the (AAT)n CNR1 repeats in the inflammatory neurodegenerative damage of MS