Rewriting-Based Access Control Policies

In this paper we propose a formalization of access control policies based on term rewriting. The state of the system to which policies are enforced is represented as an algebraic term, what allows to model many aspects of the policy environment. Policies are represented as sets of rewrite rules, whose evaluation produces deterministic authorization decisions. We discuss the relation between properties of \trs and those important for access control, and the impact of composing policies to these properties

Analyzing Remote Server Locations for Personal Data Transfers in Mobile Apps

Abstract The prevalence of mobile devices and their capability to access high speed internet has transformed them into a portable pocket cloud interface. Being home to a wide range of users' personal data, mobile devices often use cloud servers for storage and processing. The sensitivity of a user's personal data demands adequate level of protection at the back-end servers. In this regard, the European Union Data Protection regulations (e.g., article 25.1) impose restriction on the locations of European users' personal data transfer. The matter of concern, however, is the enforcement of such regulations. The first step in this regard is to analyze mobile apps and identify the location of servers to which personal data is transferred. To this end, we design and implement an app analysis tool, PDTLoc (Personal Data Transfer Location Analyzer), to detect violation of the mentioned regulations. We analyze 1, 498 most popular apps in the EEA using PDTLoc to investigate the data recipient server locations. We found that 16.5% (242) of these apps transfer users' personal data to servers located at places outside Europe without being under the control of a data protection framework. Moreover, we inspect the privacy policies of the apps revealing that 51% of these apps do not provide any privacy policy while almost all of them contact the servers hosted outside Europe

A Cautionary Tale: On the Role of Reference Data in Empirical Privacy Defenses

Within the realm of privacy-preserving machine learning, empirical privacy defenses have been proposed as a solution to achieve satisfactory levels of training data privacy without a significant drop in model utility. Most existing defenses against membership inference attacks assume access to reference data, defined as an additional dataset coming from the same (or a similar) underlying distribution as training data. Despite the common use of reference data, previous works are notably reticent about defining and evaluating reference data privacy. As gains in model utility and/or training data privacy may come at the expense of reference data privacy, it is essential that all three aspects are duly considered. In this paper, we first examine the availability of reference data and its privacy treatment in previous works and demonstrate its necessity for fairly comparing defenses. Second, we propose a baseline defense that enables the utility-privacy tradeoff with respect to both training and reference data to be easily understood. Our method is formulated as an empirical risk minimization with a constraint on the generalization error, which, in practice, can be evaluated as a weighted empirical risk minimization (WERM) over the training and reference datasets. Although we conceived of WERM as a simple baseline, our experiments show that, surprisingly, it outperforms the most well-studied and current state-of-the-art empirical privacy defenses using reference data for nearly all relative privacy levels of reference and training data. Our investigation also reveals that these existing methods are unable to effectively trade off reference data privacy for model utility and/or training data privacy. Overall, our work highlights the need for a proper evaluation of the triad model utility / training data privacy / reference data privacy when comparing privacy defenses

Anchoring modularity in HTML.

Modularity is a key feature at design, programming, proving, testing, and maintenance time, as well as a must for reusability. Most languages and systems provide built-in facilities for encapsulation, importation or parameterization. Nevertheless there exists also languages, like HTML, with poor support for modularization. A natural idea is therefore to provide generic modularization primitives. To extend an existing language with additional and possibly formal capabilities, the notion of \textit{anchorage} and \textit{Formal Island} has been introduced recently. TOM for example, provides generic matching, rewriting and strategy extensions to JAVA and~C. In this paper, we show on the HTML example, how to add modular features by anchoring modularization primitives in HTML. This allows one to write modular HTML descriptions, therefore facilitating their design, reusability, and maintenance, as well as providing an important step towards HTML validity checking

ENTRE POLÍTICAS PÚBLICAS E AÇÕES JUDICIAIS: ATENÇÃO PARA HOMENS AUTORES DE VIOLÊNCIA CONTRA A MULHER NO ESTADO DA BAHIA

Desde o advento da Lei Maria da Penha, os debates sobre serviços de responsabilização e educação para homens autores de violência contra mulheres têm se intensificado no Brasil. Ainda em número bastante reduzido, tais serviços encontram uma série de dificuldades para se firmar enquanto política nacional específica de enfrentamento à violência contra a mulher, seja pela inexistência de recursos contínuos, seja pelas controvérsias acerca dos desenhos metodológicos que assumem. Neste trabalho, buscamos mapear ações desenvolvidas no interior do Estado da Bahia, bem como as repercussões que têm provocado entre os/as gestores/as de políticas públicas. Para tanto, valemo-nos de dados produzidos a partir de entrevistas semiestruturadas e semidiretivas aplicadas com representantes de instituições públicas voltadas ao enfrentamento da violência doméstica e familiar contra a mulher, instaladas em 19 (dezenove) municípios do Estado. As entrevistas foram realizadas nos últimos meses de 2015, por ocasião da elaboração do Planejamento Integral Básico – PIB, desenvolvido pela Secretaria de Políticas para as Mulheres do Estado da Bahia, cuja finalidade era sistematizar as ações do Estado para o Pacto de Enfrentamento à Violência contra a Mulher, do qual participamos na condição de pesquisadores. Os resultados apontam para o desenvolvimento de tímidas ações ligadas ao Tribunal de Justiça e alguns atendimentos no âmbito de serviços especializados para as mulheres em situação de violência doméstica e familiar, em total afronta às diretrizes gerais fixadas pela Secretaria de Políticas para as Mulheres da Presidência da República.

Liquid-phase microextraction (LPME): fundamentals and applications to the analysis of drugs in biological samples

The analysis of drugs and metabolites in biological fluids usually requires extraction procedures to achieve sample clean-up and analyte preconcentration. Commonly, extraction procedures are performed using liquid-liquid extraction or solid-phase extraction. Nevertheless, these extraction techniques are considered to be time-consuming and require a large amount of organic solvents. On this basis, microextraction techniques have been developed. Among them, liquid-phase microextraction has been standing out. This review describes the liquid-phase microextraction technique based on hollow fibers as a novel and promising alternative in sample preparation prior to chromatographic or electrophoretic analysis. The basic concepts related to this technique and its applicability in extraction of drugs are discussed

Public Governance and Intellectual Property Management in Research Funding Agencies

This article aims to analyze the position of the Research Support Foundations (FAPs) regarding the obligation of co-ownership in patent deposits, arising from financial support promoted by them. To this end, a search was proposed in the database of the National Institute of Industrial Property – INPI for FAPs and federal development agencies. For the search of international development agencies, the Orbit Intelligence database was used. The results of this study show that the Foundation for Research Support of the State of Minas Gerais (FAPEMIG) remains the holder with 522 deposits, followed by the Foundation for Research Support of the State of São Paulo (FAPESP) with 275 deposits and the other FAPs with rare cases. Although the three federal agencies do not require joint ownership, 522 deposits with joint ownership by the National Council for Scientific and Technological Development (CNPq) and 27 deposits with joint ownership by the Financier of Studies and Projects (FINEP) were found, however, no deposit was found on behalf of the Coordination for the Improvement of Higher Education Personnel (CAPES). And among the 4 main countries analyzed, France is the only one in which there is a concentration of ownership in a central development agency, this can be explained by the fact that France\u27s Intellectual Property Policy makes this type of requirement. In the other countries surveyed, there is no such requirement for participation in co-ownership of patent deposits. In interviews with managers of the FAPs, it was evident that a percentage of them claim that the arguments for participation or not show advantages, and from the point of view of those who do not defend participation, pointing out disadvantages

Modular Formal Islands: Embed theory in your practice

Motivated by the proliferation and usefulness of Domain Specific Languages as well as the demand in enriching well established languages by high level capabilities like modularity, pattern matching or strategic rewriting, we have introduced in previous works the Formal Islands framework. The main idea consists in integrating, in existing programs, formally defined parts called Islands, on which proofs and tests can be meaningfully developed. Then, Formal Islands could be safely dissolved into their hosting language to be transparently integrated in the existing user environment. We present this generic framework and we show that language extensions like Mhtml—providing modular constructions for html— or Tom—a Java language extension allowing for pattern matching and rewriting—are indeed Islands and can therefore be used to embed formal software developments into legacy code

Potencial de crescimento de mudas de Mulungu (Erythrina velutina WILLD.) em diferentes substratos

Due to the notorious importance of the mulungu, this work aims to select the substrate that provides better growth traits in mulungu seedlings. For this purpose, the seeds of mulungu were collected in the campus of the Federal Institute of Sciences and Technology - IFBA of the city of Barreiras – BA. The design was completely randomized - DIC with 7 treatments and 5 replicates: A - pure sand; B - pure vermiculite; C - organic compound; D- subsoil land; E - sand with vermiculite; F - vermiculite with manure; G – subsoil land with manure. Data were submitted to analysis of variance by software R (R CORE TEAM, 2017) and the means compared by the Scott-Knott test at 5% probability. The results show that pure vermiculite can be used to produce mulungu seedlings. However, to reduce production costs, pure sand or sand with vermiculite also have satisfactory results.Devido à notória importância do mulungu, este trabalho tem como objetivo selecionar o substrato que propicie melhores caracteres de crescimento em mudas de mulungu. Para isto, as sementes de mulungu foram coletadas no campus do Instituto Federal de Ciências e Tecnologia – IFBA da cidade de Barreiras – BA. O delineamento utilizado foi o inteiramente ao acaso - DIC com sete tratamentos e cinco repetições.  Sendo estes: A – areia pura; B - vermiculita pura; C - composto orgânico; D- terra de subsolo; E - areia com vermiculita; F - vermiculita com esterco; G – terra de subsolo com esterco. As características avaliadas foram: Altura, diâmetro do caule, número de folhas, massa fresca total, e comprimento da raiz. Os dados foram submetidos à análise de variância pelo software R (R CORE TEAM, 2017) e as médias comparadas pelo teste de Scott-Knott a 5% de probabilidade. Os resultados evidenciam que pode ser utilizado vermiculita pura para a produção de mudas de mulungu, entretanto, para diminuir custos com a produção, areia pura ou areia com vermiculita também apresentam resultados satisfatórios