Modularity for Security-Sensitive Workflows

An established trend in software engineering insists on using components (sometimes also called services or packages) to encapsulate a set of related functionalities or data. By defining interfaces specifying what functionalities they provide or use, components can be combined with others to form more complex components. In this way, IT systems can be designed by mostly re-using existing components and developing new ones to provide new functionalities. In this paper, we introduce a notion of component and a combination mechanism for an important class of software artifacts, called security-sensitive workflows. These are business processes in which execution constraints on the tasks are complemented with authorization constraints (e.g., Separation of Duty) and authorization policies (constraining which users can execute which tasks). We show how well-known workflow execution patterns can be simulated by our combination mechanism and how authorization constraints can also be imposed across components. Then, we demonstrate the usefulness of our notion of component by showing (i) the scalability of a technique for the synthesis of run-time monitors for security-sensitive workflows and (ii) the design of a plug-in for the re-use of workflows and related run-time monitors inside an editor for security-sensitive workflows

Uma arquitetura de controle de acesso dinâmico baseado em risco para computação em nuvem

Dissertação (mestrado) - Universidade Federal de Santa Catarina, Centro Tecnológico, Programa de Pós-Graduação em Ciência da Computação, Florianópolis, 2013Computação em nuvem é um modelo para computação distribuída que ainda enfrenta problemas. Novas ideias surgem para aproveitar ainda mais suas características e entre os desafios de pesquisa encontrados na computação em nuvem destaca-se a gerência de identidades e controle de acesso. Os principais problemas da aplicação de controle de acesso em computação em nuvem são a necessária flexibilidade e escalabilidade para suportar um grande número de usuários e recursos em um ambiente dinâmico e heterogêneo, com as necessidades de colaboração e compartilhamento de recursos e informações. Esse trabalho de pesquisa propõe o uso de controle de acesso dinâmico baseado em risco para computação em nuvem. A proposta é apresentada na forma de um modelo para controle de acesso, baseado em uma extensão do padrão XACML com três novos componentes principais: o Risk Engine, os Risk Quantification Web Services e as políticas de risco. As políticas de risco apresentam um método para descrever métricas de risco e sua quantificação, que pode ser através de funções locais ou remotas. O uso de políticas de risco permite que usuários e provedores de serviços de nuvens definam como desejam tratar o controle de acesso baseado em risco para seus recursos, utilizando métodos de quantificação e agregação de risco apresentados em trabalhos relacionados. O modelo atinge a decisão de acesso baseado em uma combinação de decisões XACML e análise de risco. Uma especificação das políticas de risco utilizando XML é apresentada e um estudo de caso utilizando federações de nuvens é descrito. Um protótipo do modelo é implementado, mostrando que tem expressividade suficiente para descrever os modelos de trabalhos relacionados. Nos resultados experimentais o protótipo atinge decisões de acesso com o uso de políticas de trabalhos relacionados com um tempo entre 2 e 6 milissegundos. Uma discussão sobre os aspectos de segurança do modelo também é apresentada Abstract: Cloud computing is a distributed computing model that still faces problems. New ideas emerge to take advantage of its features and among the research challenges found in cloud computing, we can highlight Identity and Access Management. The main problems of the application of access control in the cloud are the necessary ?exibility and scalability to support a large number of users and resources in a dynamic and heterogeneous environment, with collaboration and information sharing needs. This research work proposes the use of risk-based dynamic access control for cloud computing. The proposal is presented as an access control model based on an extension of the XACML standard with three new main components: the Risk Engine, the Risk Quanti?cation Web Services and the Risk Policies. The risk policies present a method to describe risk metrics and their quanti?cation, using local or remote functions. The use of risk policies allows users and cloud service providers to de?ne how they wish to handle risk-based access control for their resources, using quanti?cation and aggregation methods presented in related works. The model reaches the access decision based on a combination of XACML decisions and risk analysis. A speci?cation of the risk policies using XML is presented and a case study using cloud federations isdescribed. A prototype of the model is implemented, showing it has enough expressivity to describe the models of related works. In the experimental results, the prototype reaches access decisions using policies based on related works with a time between 2 and 6 milliseconds. A discussion on the security aspects of the model is also presented

Estudo, dimensionamento, cálculo e desenho de projetos de engenharia no ramo das estruturas

O estágio formal serve de apoio à transição da vida académica para a vida profissional e permite complementar os conhecimentos adquiridos no instituto politécnico e respetiva aplicação prática. Sistematizando, o objetivo do estágio passa pela assimilação da realidade do exercício da profissão, admitindo a existência de condicionantes que obrigam a um conjunto de ações restritivas e optimizadoras, com a finalidade de atingir um nível de concretização com qualidade, tendo em conta aspetos técnicos, económicos, legais, éticos, ambientais e de segurança, respeitando a sociedade e respetivos valores na qual nos inserimos.The formal stage serves to support the transition from student life to professional life and to complement the knowledge acquired in polytechnic and their practical application. Systematizing, the objective of the internship goes through the assimilation of the reality of the profession, admitting the existence of conditions which require a set of restrictive actions and optimizers, in order to reach a level of achievement with quality, taking into account technical, economic, legal, ethical, environmental and safety aspects, while respecting the respective values and society in which we operate

Constructive Characterization of Pombaline Buildings and Simplified Pushover Analysis of Frontal Walls

Lisbon’s downtown is the proof of the profound rehabilitation effort done by Sebastião José Carvalho e Melo, Marquês de Pombal, in the 18th century. The main objective was to prepare Lisbon for another event like the 1st November, 1755, preventing a massive destruction from happening again in a up growth European city. However, and despite the imperious demand to rehabilitate these downtown historical buildings, the level of structural knowledge is not yet considerably solid. It was with the purpose of expanding the structural behaviour knowledge in these structures, that the present research was based. It started with a historical overview of Lisbon before 1755 earthquake followed by a brief description of the tragedy and its consequences. Coupled with, was the description of the actions taken by Marquês de Pombal and his engineer’s team. Here, not only the laws to re-establish the order were described but also the major measures implemented in the building’s reconstruction process. The description of the typical Pombaline building from its foundation to the roof followed the initial part, with special attention to the gaiola pombalina and its connections, introducing therefore the ensuing structural analysis of a common frontal wall. Considering a typical Pombaline building as an interconnection of numerous structural individual members, it was considered that the most relevant one is the wall, thus proceeding for a wall structural model. At last and following the previous analysis, it was presented a methodology for a fast obtaining process of the structural behaviour of this type of walls. Thus, obtaining the response of these walls when submitted to horizontal forces is far more prompt, simplifying in the future the seismic analysis of an entire Pombaline building

New records of Helicina schereri (Gastropoda: Helicinidae) from the states of Bahia, Minas Gerais, and Mato Grosso do Sul, Brazil

New records for Helicina schereri Baker, 1913, are reported. It was a species previously restricted to the states of Ceará, Rio Grande do Norte, Paraíba, Alagoas and Tocantins in Northeastern Brazil, and State of Santa Catarina, much further south. The new occurrences reported herein fill distribution gaps and also significantly expand the range of the species ca. 970 km westwards. The new records are from the following locations: Bahia State (Ituaçu and Itaquara municipalities) in Northeast Brazil; Mato Grosso do Sul State (Bonito Municipality) in the Midwest; and Minas Gerais (Lagoa Santa municipality) in the Southeast

New records of Helicina schereri (Gastropoda: Helicinidae) from the states of Bahia, Minas Gerais, and Mato Grosso do Sul, Brazil

New records for Helicina schereri Baker, 1913, are reported. It was a species previously restricted to the states of Ceará, Rio Grande do Norte, Paraíba, Alagoas and Tocantins in Northeastern Brazil, and State of Santa Catarina, much further south. The new occurrences reported herein fill distribution gaps and also significantly expand the range of the species ca. 970 km westwards. The new records are from the following locations: Bahia State (Ituaçu and Itaquara municipalities) in Northeast Brazil; Mato Grosso do Sul State (Bonito Municipality) in the Midwest; and Minas Gerais (Lagoa Santa municipality) in the Southeast