Machine-Readable Privacy Certificates for Services

Privacy-aware processing of personal data on the web of services requires managing a number of issues arising both from the technical and the legal domain. Several approaches have been proposed to matching privacy requirements (on the clients side) and privacy guarantees (on the service provider side). Still, the assurance of effective data protection (when possible) relies on substantial human effort and exposes organizations to significant (non-)compliance risks. In this paper we put forward the idea that a privacy certification scheme producing and managing machine-readable artifacts in the form of privacy certificates can play an important role towards the solution of this problem. Digital privacy certificates represent the reasons why a privacy property holds for a service and describe the privacy measures supporting it. Also, privacy certificates can be used to automatically select services whose certificates match the client policies (privacy requirements). Our proposal relies on an evolution of the conceptual model developed in the Assert4Soa project and on a certificate format specifically tailored to represent privacy properties. To validate our approach, we present a worked-out instance showing how privacy property Retention-based unlinkability can be certified for a banking financial service.Comment: 20 pages, 6 figure

AUTSEG: Automatic Test Set Generator for Embedded Reactive Systems

Part 2: Tools and FrameworksInternational audienceOne of the biggest challenges in hardware and software design is to ensure that a system is error-free. Small errors in reactive embedded systems can have disastrous and costly consequences for a project. Preventing such errors by identifying the most probable cases of erratic system behavior is quite challenging. In this paper, we introduce an automatic test set generator called AUTSEG. Its input is a generic model of the target system, generated using the synchronous approach. Our tool finds the optimal preconditions for restricting the state space of the model. It only works locally on significant subspaces. Our approach exhibits a simpler and efficient quasi-flattening algorithm than existing techniques and a useful compiled form to check security properties and reduce the combinatorial explosion problem of state space. To illustrate our approach, AUTSEG was applied to the case of a transportation contactless card

Venous thromboembolism risk and prophylaxis in hospitalised medically ill patients The ENDORSE Global Survey

Limited data are available regarding the risk for venous thromboembolism (VIE) and VIE prophylaxis use in hospitalised medically ill patients. We analysed data from the global ENDORSE survey to evaluate VTE risk and prophylaxis use in this population according to diagnosis, baseline characteristics, and country. Data on patient characteristics, VIE risk, and prophylaxis use were abstracted from hospital charts. VTE risk and prophylaxis use were evaluated according to the 2004 American College of Chest Physicians (ACCP) guidelines. Multivariable analysis was performed to identify factors associated with use of ACCP-recommended prophylaxis. Data were evaluated for 37,356 hospitalised medical patients across 32 countries. VIE risk varied according to medical diagnosis, from 31.2% of patients with gastrointestinal/hepatobiliary diseases to 100% of patients with acute heart failure, active noninfectious respiratory disease, or pulmonary infection (global rate, 41.5%). Among those at risk for VTE, ACCP-recommended prophylaxis was used in 24.4% haemorrhagic stroke patients and 40-45% of cardiopulmonary disease patients (global rate, 39.5%). Large differences in prophylaxis use were observed among countries. Markers of disease severity, including central venous catheters, mechanical ventilation, and admission to intensive care units, were strongly associated with use of ACCP-recommended prophylaxis. In conclusion, VIE risk varies according to medical diagnosis. Less than 40% of at-risk hospitalised medical patients receive ACCP-recommended prophylaxis. Prophylaxis use appears to be associated with disease severity rather than medical diagnosis. These data support the necessity to improve implementation of available guidelines for evaluating VIE risk and providing prophylaxis to hospitalised medical patients

Venous Thromboembolism Risk and Prophylaxis in the Acute Care Hospital Setting (ENDORSE Survey) Findings in Surgical Patients

Objective: To evaluate venous thromboembolism (VTE) risk in patients who underwent a major operation, including the use of, and factors influencing, American College of Chest Physicians-recommended types of VTE prophylaxis