10141 Abstracts Collection -- Distributed Usage Control

From 06.04. to 09.04.2010, the Dagstuhl Seminar 10141 ``Distributed Usage Control \u27\u27 was held in Schloss Dagstuhl~--~Leibniz Center for Informatics. During the seminar, several participants presented their current research, and ongoing work and open problems were discussed. Abstracts of the presentations given during the seminar as well as abstracts of seminar results and ideas are put together in this paper. The first section describes the seminar topics and goals in general. Links to extended abstracts or full papers are provided, if available

Common Representation of Information Flows for Dynamic Coalitions

We propose a formal foundation for reasoning about access control policies within a Dynamic Coalition, defining an abstraction over existing access control models and providing mechanisms for translation of those models into information-flow domain. The abstracted information-flow domain model, called a Common Representation, can then be used for defining a way to control the evolution of Dynamic Coalitions with respect to information flow

Isolated Protein S Deficiency

Isolated protein S deficiency is an inherited condition having proven association with venous thromboembolism. There is controversy regarding clear association between protein S deficiency and arterial thrombosis. It is therefore necessary to bring focus to this uncommon clinical condition and highlight the probable association with arterial thrombosis facilitating timely diagnosis of this condition. We describe a 48-year-old male with stroke and pulmonary thromboembolism with chronic deep vein thrombosis secondary to isolated protein S deficiency, managed with thrombolysis and long-term anticoagulation.

The Parkes Pulsar Timing Array Project

A "pulsar timing array" (PTA), in which observations of a large sample of pulsars spread across the celestial sphere are combined, allows investigation of "global" phenomena such as a background of gravitational waves or instabilities in atomic timescales that produce correlated timing residuals in the pulsars of the array. The Parkes Pulsar Timing Array (PPTA) is an implementation of the PTA concept based on observations with the Parkes 64-m radio telescope. A sample of 20 millisecond pulsars is being observed at three radio-frequency bands, 50cm (~700 MHz), 20cm (~1400 MHz) and 10cm (~3100 MHz), with observations at intervals of 2 - 3 weeks. Regular observations commenced in early 2005. This paper describes the systems used for the PPTA observations and data processing, including calibration and timing analysis. The strategy behind the choice of pulsars, observing parameters and analysis methods is discussed. Results are presented for PPTA data in the three bands taken between 2005 March and 2011 March. For ten of the 20 pulsars, rms timing residuals are less than 1 microsec for the best band after fitting for pulse frequency and its first time derivative. Significant "red" timing noise is detected in about half of the sample. We discuss the implications of these results on future projects including the International Pulsar Timing Array (IPTA) and a PTA based on the Square Kilometre Array. We also present an "extended PPTA" data set that combines PPTA data with earlier Parkes timing data for these pulsars

Prognostic model to predict postoperative acute kidney injury in patients undergoing major gastrointestinal surgery based on a national prospective observational cohort study.

Background: Acute illness, existing co-morbidities and surgical stress response can all contribute to postoperative acute kidney injury (AKI) in patients undergoing major gastrointestinal surgery. The aim of this study was prospectively to develop a pragmatic prognostic model to stratify patients according to risk of developing AKI after major gastrointestinal surgery. Methods: This prospective multicentre cohort study included consecutive adults undergoing elective or emergency gastrointestinal resection, liver resection or stoma reversal in 2-week blocks over a continuous 3-month period. The primary outcome was the rate of AKI within 7 days of surgery. Bootstrap stability was used to select clinically plausible risk factors into the model. Internal model validation was carried out by bootstrap validation. Results: A total of 4544 patients were included across 173 centres in the UK and Ireland. The overall rate of AKI was 14·2 per cent (646 of 4544) and the 30-day mortality rate was 1·8 per cent (84 of 4544). Stage 1 AKI was significantly associated with 30-day mortality (unadjusted odds ratio 7·61, 95 per cent c.i. 4·49 to 12·90; P < 0·001), with increasing odds of death with each AKI stage. Six variables were selected for inclusion in the prognostic model: age, sex, ASA grade, preoperative estimated glomerular filtration rate, planned open surgery and preoperative use of either an angiotensin-converting enzyme inhibitor or an angiotensin receptor blocker. Internal validation demonstrated good model discrimination (c-statistic 0·65). Discussion: Following major gastrointestinal surgery, AKI occurred in one in seven patients. This preoperative prognostic model identified patients at high risk of postoperative AKI. Validation in an independent data set is required to ensure generalizability

Trace elements in hemodialysis patients: a systematic review and meta-analysis

<p>Abstract</p> <p>Background</p> <p>Hemodialysis patients are at risk for deficiency of essential trace elements and excess of toxic trace elements, both of which can affect health. We conducted a systematic review to summarize existing literature on trace element status in hemodialysis patients.</p> <p>Methods</p> <p>All studies which reported relevant data for chronic hemodialysis patients and a healthy control population were eligible, regardless of language or publication status. We included studies which measured at least one of the following elements in whole blood, serum, or plasma: antimony, arsenic, boron, cadmium, chromium, cobalt, copper, fluorine, iodine, lead, manganese, mercury, molybdenum, nickel, selenium, tellurium, thallium, vanadium, and zinc. We calculated differences between hemodialysis patients and controls using the differences in mean trace element level, divided by the pooled standard deviation.</p> <p>Results</p> <p>We identified 128 eligible studies. Available data suggested that levels of cadmium, chromium, copper, lead, and vanadium were higher and that levels of selenium, zinc and manganese were lower in hemodialysis patients, compared with controls. Pooled standard mean differences exceeded 0.8 standard deviation units (a large difference) higher than controls for cadmium, chromium, vanadium, and lower than controls for selenium, zinc, and manganese. No studies reported data on antimony, iodine, tellurium, and thallium concentrations.</p> <p>Conclusion</p> <p>Average blood levels of biologically important trace elements were substantially different in hemodialysis patients, compared with healthy controls. Since both deficiency and excess of trace elements are potentially harmful yet amenable to therapy, the hypothesis that trace element status influences the risk of adverse clinical outcomes is worthy of investigation.</p

Lattice-Based Access Control Models

The objective of this article is to give a tutorial on lattice-based access control models for computer security. The paper begins with a review of Denning&apos;s axioms for information flow policies, which provide a theoretical foundation for these models. The structure of security labels in the military and government sectors, and the resulting lattice is discussed. This is followed by a review of the Bell-LaPadula model, which enforces information flow policies by means of its simple-security and *-properties. It is noted that information flow through covert channels is beyond the scope of such access controls. Variations of the Bell-LaPadula model are considered. The paper next discusses the Biba integrity model, examining its relationship to the Bell-LaPadula model. The paper then reviews the Chinese Wall policy, which arises in a segment of the commercial sector. It is shown how this policy can be enforced in a lattice framework

Expressive Power of the Schematic Protection Model

In this paper we show that the Schematic Protection Model (SPM) subsumes several well-known protection models as particular instances. We show this for a diverse collection of models including the Bell-LaPadula multi-level security model, take-grant models, and grammatical protection systems. Remarkably SPM subsumes these models within its known e#ciently decidable cases for safety analysis (i.e., the determination or whether or not a given privilege can possibly be acquired by a particular subject). Therefore SPM subsumes these models not only in terms of its expressive power but also in terms of safety analysis. This is in sharp contrast to the Harrison-Ruzzo-Ullman (HRU) access-matrix model. HRU does subsume all the models discussed in this paper in terms of expressive power. However, all known constructions of these models in HRU require multi-conditional commands (i.e., commands whose conditions have two or more terms), whereas safety is undecidable in HRU even for bi-conditional ..

How to do Discretionary Access Control Using Roles

Role-based access control (RBAC) is a promising alternative to traditional discretionary access control (DAC) and mandatory access control (MAC). The central idea of RBAC is that permissions are associated with roles, and users are made members of appropriate roles thereby acquiring the roles&apos; permissions. RBAC is policy neutral in that the precise policy being enforced is a consequence of howvarious components of RBAC -- such as role hierarchies, constraints and administration of user-role and role-permission assignment -- are configured. This raises the important question as to whether RBAC is sufficiently powerful to simulate DAC and MAC. Simulation of MAC in RBAC has been demonstrated earlier by Nyanchama and Osborn and by Sandhu. In this paper we demonstrate how to simulate several variations of DAC in RBAC, using the wellknown RBAC96 model of Sandhu et al. In combination with earlier work we conclude that RBAC encompasses both MAC and DAC

RBAC on the Web by Smart Certificates

We have described in another paper how to develop and use smart certificates by extending X.509 with several sophisticated features for secure attribute services on the Web. In this paper, we describe an implementation of RBAC (Role-Based Access Control) with role hierarchies on the Web as one possible application of smart certificates. To support RBAC, we issued smart certificates - which hold the subjects&apos; role information - and configured a Web server to use the role information in the certificate instead of identities for its access control mechanism. Since the subjects&apos; role information is provided integrity, the Web server can trust the role information after authentication and certificate verification by SSL, and uses it for role-based access control. To maintain compatibility with existing technologies, such as SSL, we used a bundled (containing the subject&apos;s identity and role information) smart certificate in the user-pull model