On Usage Control for GRID Systems

This paper introduces a formal model, an architecture and a prototype implementation for usage control on GRID systems. The usage control model (UCON) is a new access control paradigm proposed by Park and Sandhu that encompasses and extends several existing models (e.g. MAC, DAC, Bell-Lapadula, RBAC, etc). Its main novelty is based on continuity of the access monitoring and mutability of attributes of subjects and objects. We identified this model as a perfect candidate for managing access/usage control in GRID systems due to their peculiarities, where continuity of control is a central issue. Here we adapt the original UCON model to develop a full model for usage control in GRID systems. We use as policy specification language a process description language and show how this is suitable to model the usage policy models of the original UCON model. We also describe a possible architecture to implement the usage control model. Moreover, we describe a prototype implementation for usage control of GRID computational services, and we show how our language can be used to define a security policy that regulates the usage of network communications to protect the local computational service from the applications that are executed on behalf of remote GRID users

1st International Workshop on TEchnical and LEgal aspects of data pRIvacy and Security (TELERISE 2015)

This paper is the report on the 1st International Workshop on TEchnical and LEgal aspects of data pRIvacy and SEcurity (TELERISE 2015) at the 37th International Conference on Software Engineering (ICSE 2015). TELERISE investigates privacy and security issues in data sharing from a technical and legal perspective. Keynote speech as well as selected papers presented at the event fit the topics of the workshop. This report gives the rationale of TELERISE and it provides a provisional program

Usage control in SIP-based multimedia delivery

The Session Initiation Protocol (SIP) is an application layer signaling protocol for the creation, modification and termination of multimedia sessions and VoIP calls with one or more participants.SIP is widely accepted as the protocol that will dominate multimedia communications in the future and one of the reasons is that it can inherently support multidomain heterogeneous networks.While SIP operates in highly dynamic environments, in the current version its authorization support is based on traditional access control models.The main problem these models face is that they were designed many years ago, and under some circumstances tend to be inadequate in modern highly dynamic environments.Usage Control (UCON), instead, is a model that supports the same operations as traditional access control models do, but it further enhances them with novel ones.In previous work, an architecture supporting continuous authorizations on SIP, based on the UCON model, was presented.In this paper, an authorization support implementing the whole UCON model, including authorizations, obligations and conditions, has been integrated in a SIP system.Moreover, a testbed has been set up to experimentally evaluate the performance of the proposed security mechanism

A Privacy-Aware Framework for Decentralized Online Social Networks

Online social networks based on a single service provider suffer several drawbacks, first of all the privacy issues arising from the delegation of user data to a single entity. Distributed online social networks (DOSN) have been recently proposed as an alternative solution allowing users to keep control of theirprivate data. However, the lack of a centralized entity introduces new problems, like the need of defining proper privacy policies for data access and of guaranteeing the availability of user\u27s data when the user disconnects from the social network. This paper introduces a privacy-aware support for DOSN enabling users to define a set of privacy policies which describe who is entitled to access the data in their social profile. These policies are exploited by the DOSN support to decide the re-allocation of the profile when the user disconnects from the socialnetwork.The proposed approach is validated through a set of simulations performed on real traces logged from Facebook

1st International Workshop on TEchnical and LEgal aspects of data pRIvacy and Security (TELERISE 2015) - ICSE 2015

This paper is the report on the 1st International Workshop on TEchnical and LEgal aspects of data pRIvacy and SEcurity (TELERISE 2015) at the 37th International Conference on Software Engineering (ICSE 2015). TELERISE investigates privacy and security issues in data sharing from a technical and legal perspective. Keynote speech as well as selected papers presented at the event fit the topics of the workshop. This report gives the rationale of TELERISE and it provides a provisional program

Fine Grained Access Control for Computational Services

Grid environment concerns the sharing of a large set of resources among entities that belong to Virtual Organizations. To this aim, the environment instantiates interactions among entities that belong to distinct administrative domains, that are potentially unknown, and among which no trust relationships exist a priori. For instance, a grid user that provides a computational service, executes unknown applications on its local computational resources on behalf on unknown grid users. In this context, the environment must provide an adequate support to guarantee security in these interactions. To improve the security of the grid environment, this paper proposes to adopt a continuous usage control model to monitor accesses to grid computational services, i.e. to monitor the behaviour of the applications executed on these services on behalf of grid users. This approach requires the definition of a security policy that describes the admitted application behaviour, and the integration in the grid security infrastructure of a component that monitors the application behaviour and that enforces this security policy. This paper also presents the architecture of the prototype of computational service monitor we have developed, along with some performance figures and its integration into the Globus framework

Distributed Access Control through Blockchain Technology

We defined a distributed access control system on top of blockchain technology. The underlying idea is to properly represent the access rights of the subjects in the blockchain in order to easily allow their enforcement at access request time. By leveraging blockchain advantages we can add new desired properties, such as auditability, to the access control system. To prove the feasibility and validate the proposed approach we developed a proof of concept implementation and performed some relevant experiments

Ciclo político presupuestal y gobiernos con y sin mayoría en México, 1994 y 2006

En este documento se analiza el gasto público federal ejercido antes y después de las elecciones presidenciales de 1994 y 2006 en México, para identificar la existencia de un ciclo político presupuestal (cpp). Se extienden los estudios previos al incorporar los efectos de la existencia o no de mayoría del partido del presidente en la Cámara de Diputados en la determinación del presupuesto de egresos. Específicamente, se examinan las reasignaciones que la Cámara de Diputados ha realizado al proyecto de presupuesto enviado por el Ejecutivo federal, así como la presencia de ciclos presupuestales en el gasto propuesto y ejercido por el Ejecutivo y aprobado por la misma Cámara. Se encontró que en un gobierno con mayoría, la composición de la Cámara de Diputados facilita la configuración de un cpp, en tanto que uno sin mayoría no puede evitarlo plenamente

An Expertise-driven Authoring Tool of Privacy Policies for e-Health

Data sharing on the Internet is crucial in manyaspects of nowadays life, from economy to leisure, from public administration to healthcare. However, it implies several privacy issues that have to be managed. Definition of appropriate policies helps to safeguard the data privacy. This paper describes an authoring tool for privacy policies to be applied to the healthcare scenario. The tool exhibits two different interfaces, designed according to specific expertise of the policy authors. It is part of a general framework for editing, analysis, and enforcement of privacy policies. Furthermore, this serves as a first brick for a usability study on such tools