The iTEC Technical Artefacts, Architecture and Educational Cloud

This chapter introduces the technical artefacts of the iTEC project in the context of a cloud architecture. The rationale for the technology developed in the iTEC project follows from its overall aim to re-engineer the uptake of ICT in schools. To that end, iTEC focused (a) on some important barriers for the uptake of ICT such the effort that teachers must make in redesigning their teaching and fi nding the right resources for that, and (b) on enablers for the uptake of ICT, such as providing engaging experiences both for the learner and teacher. The technical innovations are centred around three themes: innovations in the support of learning design, innovations by using a-typical resources, and innovations in the integration and management of learning services and resources. Next this chapter presents the cloud architecture adopted by all technology providers, including a shared user management and control system, the shared data models and interoperability solutions. The technical artefacts and then further elaborated in the ensuing chapters

Attributes Enhanced Role-Based Access Control Model

Abstract. Attribute-based access control (ABAC) and role-based access control (RBAC) are currently the two most popular access con-trol models. Yet, they both have known limitations and offer features complimentary to each other. Due to this fact, integration of RBAC and ABAC has recently emerged as an important area of research. In this paper, we propose an access control model that combines the two mod-els in a novel way in order to unify their benefits. Our approach provides a fine-grained access control mechanism that not only takes contextual information into account while making the access control decisions but is also suitable for applications where access to resources is controlled by exploiting contents of the resources in the policy

RALph: A Graphical Notation for Resource Assignments in Business Processes

The business process (BP) resource perspective deals with the management of human as well as non-human resources throughout the process lifecycle. Although it has received increasing attention recently, there exists no graphical notation for it up until now that is both expressive enough to cover well-known resource selection conditions and independent of the BP modelling language. In this paper, we introduce RALph, a graphical notation for the assignment of human resources to BP activities. We define its semantics by mapping this notation to a language that has been formally defined in description logics, which enables its automated analysis. Although we show how RALph can be seamlessly integrated with BPMN, it is noteworthy that the notation is independent of the BP modelling language. Altogether, RALph will foster the visual modelling of the resource perspective in BP

Fog computing security: a review of current applications and security solutions

Fog computing is a new paradigm that extends the Cloud platform model by providing computing resources on the edges of a network. It can be described as a cloud-like platform having similar data, computation, storage and application services, but is fundamentally different in that it is decentralized. In addition, Fog systems are capable of processing large amounts of data locally, operate on-premise, are fully portable, and can be installed on heterogeneous hardware. These features make the Fog platform highly suitable for time and location-sensitive applications. For example, Internet of Things (IoT) devices are required to quickly process a large amount of data. This wide range of functionality driven applications intensifies many security issues regarding data, virtualization, segregation, network, malware and monitoring. This paper surveys existing literature on Fog computing applications to identify common security gaps. Similar technologies like Edge computing, Cloudlets and Micro-data centres have also been included to provide a holistic review process. The majority of Fog applications are motivated by the desire for functionality and end-user requirements, while the security aspects are often ignored or considered as an afterthought. This paper also determines the impact of those security issues and possible solutions, providing future security-relevant directions to those responsible for designing, developing, and maintaining Fog systems

The functionality-based application confinement model

This paper presents the functionality-based application confinement (FBAC) access control model. FBAC is an application-oriented access control model, intended to restrict processes to the behaviour that is authorised by end users, administrators, and processes, in order to limit the damage that can be caused by malicious code, due to software vulnerabilities or malware. FBAC is unique in its ability to limit applications to finely grained access control rules based on high-level easy-to-understand reusable policy abstractions, its ability to simultaneously enforce application-oriented security goals of administrators, programs, and end users, its ability to perform dynamic activation and deactivation of logically grouped portions of a process's authority, its approach to process invocation history and intersection-based privilege propagation, its suitability to policy automation techniques, and in the resulting usability benefits. Central to the model are 'functionalities', hierarchical and parameterised policy abstractions, which can represent features that applications provide; 'confinements', which can model simultaneous enforcement of multiple sets of policies to enforce a diverse range of types of application restrictions; and 'applications', which represent the processes to be confined. The paper defines the model in terms of structure (which is described in five components) and function, and serves as a culmination of our work thus far, reviewing the evaluation of the model that has been conducted to date