The iTEC Technical Artefacts, Architecture and Educational Cloud

This chapter introduces the technical artefacts of the iTEC project in the context of a cloud architecture. The rationale for the technology developed in the iTEC project follows from its overall aim to re-engineer the uptake of ICT in schools. To that end, iTEC focused (a) on some important barriers for the uptake of ICT such the effort that teachers must make in redesigning their teaching and fi nding the right resources for that, and (b) on enablers for the uptake of ICT, such as providing engaging experiences both for the learner and teacher. The technical innovations are centred around three themes: innovations in the support of learning design, innovations by using a-typical resources, and innovations in the integration and management of learning services and resources. Next this chapter presents the cloud architecture adopted by all technology providers, including a shared user management and control system, the shared data models and interoperability solutions. The technical artefacts and then further elaborated in the ensuing chapters

Comprehensive Life Cycle Support for Access Rules in Information Systems: The CEOSIS Project

The definition and management of access rules (e.g., to control access to business documents and business functions) is a fundamental task in any enterprise information system (EIS). While there exists considerable work on how to specify and represent access rules, only little research has been spent on access rule changes. Examples include the evolution of organizational models with need for subsequent adaptation of related access rules as well as direct access rule modifications (e.g., to state a previously defined rule more precisely). This paper presents a comprehensive change framework for the controlled evolution of role-based access rules in EIS. First, we consider changes of organizational models and elaborate how they affect existing access rules. Second, we define change operations which enable direct adaptations of access rules. In the latter context, we define the formal semantics of access rule changes based on operator trees. Particularly, this enables their unambiguous application; i.e., we can precisely determine which effects are caused by respective rule changes. This is important, for example, to be able to efficiently and correctly adapt user worklists in process-aware information systems. Altogether this paper contributes to comprehensive life cycle support for access rules in (adaptive) EIS

Fog computing security: a review of current applications and security solutions

Fog computing is a new paradigm that extends the Cloud platform model by providing computing resources on the edges of a network. It can be described as a cloud-like platform having similar data, computation, storage and application services, but is fundamentally different in that it is decentralized. In addition, Fog systems are capable of processing large amounts of data locally, operate on-premise, are fully portable, and can be installed on heterogeneous hardware. These features make the Fog platform highly suitable for time and location-sensitive applications. For example, Internet of Things (IoT) devices are required to quickly process a large amount of data. This wide range of functionality driven applications intensifies many security issues regarding data, virtualization, segregation, network, malware and monitoring. This paper surveys existing literature on Fog computing applications to identify common security gaps. Similar technologies like Edge computing, Cloudlets and Micro-data centres have also been included to provide a holistic review process. The majority of Fog applications are motivated by the desire for functionality and end-user requirements, while the security aspects are often ignored or considered as an afterthought. This paper also determines the impact of those security issues and possible solutions, providing future security-relevant directions to those responsible for designing, developing, and maintaining Fog systems

Processos de democracia direta: sim ou não? Os argumentos clássicos à luz da teoria e da prática

Regularmente surgem controvérsias sobre os processos de democracia direta, dos quais os mecanismos mais frequentes são a iniciativa popular, o plebiscito e o referendo. Por um lado, há autores que defendem a posição de que essas instituições tornam o jogo político mais lento, caro, confuso e ilegítimo; outros defendem a posição contrária e argumentam que processos de democracia direta são fundamentais para os cidadãos e a qualidade da democracia. O presente estudo analisa esse tema em torno de sete questões, baseadas em considerações teóricas e pesquisas empíricas: 1. A questão entre o minimalismo e o maximalismo democrático; 2. A concorrência entre maioria e minoria; 3. A concorrência entre as instituições representativas e os processos de democracia direta; 4. A questão da competência dos cidadãos; 5. A questão dos efeitos colaterais dos processos de democracia direta; 6. A questão do tamanho do eleitorado; 7. A questão dos custos dos processos de democracia direta. As sete questões são analisadas a partir de uma revisão bibliográfica que considera tanto fontes nacionais como internacionais. O estudo mostra que os processos de democracia direta podem ser um complemento para as instituições representativas em um sistema democrático. O bom desempenho dos plebiscitos, referendos e iniciativas populares depende tanto da regulamentação destes como também do desempenho das outras instituições políticas e da situação socioeconômica de um país. O estudo permite ampliar e aprofundar o debate sobre processos de democracia direta no Brasil

Managing conflict of interest in service composition

Web services can be composed of other services in a highly dynamic manner. The existing role based authorization approaches have not adequately taken component services into account when managing access control for composite services. In this paper, we propose a service oriented conceptual model as an extension of role based access control that can facilitate the administration and management of access for service consumers as well as component services in composite web services. Various types of conflict of interest are identified due to the complicated relationships among service consumers and component services. A set of authorization rules are developed to prevent the conflict of interest. This research is a step forward to addressing the challenge in authorization in the context of composite web services

A role-based access control model and reference implementation within a corporate intranet

This paper describes NIST’s enhanced RBAC model and our approach to designing and implementing RBAC features for networked Web servers. The RBAC model formalized in this paper is based on the properties that were first described in Ferraiolo and Kuhn [1992] and Ferraiolo et al. [1995], with adjustments resulting from experience gained by prototype implementations, market analysis, and observations made by Jansen [1988] and Hoffman [1996]. The implementation of RBAC for the web (RBAC/Web) provides an alternative to the conventional means of administering and enforcing authorization policy on a server-by-server basis. RBAC/Web provides administrators with a means of managing authorization data at the enterprise level, in a manner consistent with the current set of laws, regulations, and practices

SecureUML: A UML-Based Modeling Language for Model-Driven Security

We present a modeling language for the model-driven development of secure, distributed systems based on the Unified Modeling Language (UML)