340 research outputs found
Rewriting-Based Access Control Policies
In this paper we propose a formalization of access control policies based on term rewriting. The state of the system to which policies are enforced is represented as an algebraic term, what allows to model many aspects of the policy environment. Policies are represented as sets of rewrite rules, whose evaluation produces deterministic authorization decisions. We discuss the relation between properties of \trs and those important for access control, and the impact of composing policies to these properties
Analyzing Remote Server Locations for Personal Data Transfers in Mobile Apps
Abstract
The prevalence of mobile devices and their capability to access high speed internet has transformed them into a portable pocket cloud interface. Being home to a wide range of users' personal data, mobile devices often use cloud servers for storage and processing. The sensitivity of a user's personal data demands adequate level of protection at the back-end servers. In this regard, the European Union Data Protection regulations (e.g., article 25.1) impose restriction on the locations of European users' personal data transfer. The matter of concern, however, is the enforcement of such regulations. The first step in this regard is to analyze mobile apps and identify the location of servers to which personal data is transferred. To this end, we design and implement an app analysis tool, PDTLoc (Personal Data Transfer Location Analyzer), to detect violation of the mentioned regulations. We analyze 1, 498 most popular apps in the EEA using PDTLoc to investigate the data recipient server locations. We found that 16.5% (242) of these apps transfer users' personal data to servers located at places outside Europe without being under the control of a data protection framework. Moreover, we inspect the privacy policies of the apps revealing that 51% of these apps do not provide any privacy policy while almost all of them contact the servers hosted outside Europe
A Cautionary Tale: On the Role of Reference Data in Empirical Privacy Defenses
Within the realm of privacy-preserving machine learning, empirical privacy
defenses have been proposed as a solution to achieve satisfactory levels of
training data privacy without a significant drop in model utility. Most
existing defenses against membership inference attacks assume access to
reference data, defined as an additional dataset coming from the same (or a
similar) underlying distribution as training data. Despite the common use of
reference data, previous works are notably reticent about defining and
evaluating reference data privacy. As gains in model utility and/or training
data privacy may come at the expense of reference data privacy, it is essential
that all three aspects are duly considered. In this paper, we first examine the
availability of reference data and its privacy treatment in previous works and
demonstrate its necessity for fairly comparing defenses. Second, we propose a
baseline defense that enables the utility-privacy tradeoff with respect to both
training and reference data to be easily understood. Our method is formulated
as an empirical risk minimization with a constraint on the generalization
error, which, in practice, can be evaluated as a weighted empirical risk
minimization (WERM) over the training and reference datasets. Although we
conceived of WERM as a simple baseline, our experiments show that,
surprisingly, it outperforms the most well-studied and current state-of-the-art
empirical privacy defenses using reference data for nearly all relative privacy
levels of reference and training data. Our investigation also reveals that
these existing methods are unable to effectively trade off reference data
privacy for model utility and/or training data privacy. Overall, our work
highlights the need for a proper evaluation of the triad model utility /
training data privacy / reference data privacy when comparing privacy defenses
Anchoring modularity in HTML.
Modularity is a key feature at design, programming, proving, testing, and maintenance time, as well as a must for reusability. Most languages and systems provide built-in facilities for encapsulation, importation or parameterization. Nevertheless there exists also languages, like HTML, with poor support for modularization. A natural idea is therefore to provide generic modularization primitives. To extend an existing language with additional and possibly formal capabilities, the notion of \textit{anchorage} and \textit{Formal Island} has been introduced recently. TOM for example, provides generic matching, rewriting and strategy extensions to JAVA and~C. In this paper, we show on the HTML example, how to add modular features by anchoring modularization primitives in HTML. This allows one to write modular HTML descriptions, therefore facilitating their design, reusability, and maintenance, as well as providing an important step towards HTML validity checking
ENTRE POLĂTICAS PĂBLICAS E AĂĂES JUDICIAIS: ATENĂĂO PARA HOMENS AUTORES DE VIOLĂNCIA CONTRA A MULHER NO ESTADO DA BAHIA
Desde o advento da Lei Maria da Penha, os debates sobre serviços de responsabilização e educação para homens autores de violĂȘncia contra mulheres tĂȘm se intensificado no Brasil. Ainda em nĂșmero bastante reduzido, tais serviços encontram uma sĂ©rie de dificuldades para se firmar enquanto polĂtica nacional especĂfica de enfrentamento Ă violĂȘncia contra a mulher, seja pela inexistĂȘncia de recursos contĂnuos, seja pelas controvĂ©rsias acerca dos desenhos metodolĂłgicos que assumem. Neste trabalho, buscamos mapear açÔes desenvolvidas no interior do Estado da Bahia, bem como as repercussĂ”es que tĂȘm provocado entre os/as gestores/as de polĂticas pĂșblicas. Para tanto, valemo-nos de dados produzidos a partir de entrevistas semiestruturadas e semidiretivas aplicadas com representantes de instituiçÔes pĂșblicas voltadas ao enfrentamento da violĂȘncia domĂ©stica e familiar contra a mulher, instaladas em 19 (dezenove) municĂpios do Estado. As entrevistas foram realizadas nos Ășltimos meses de 2015, por ocasiĂŁo da elaboração do Planejamento Integral BĂĄsico â PIB, desenvolvido pela Secretaria de PolĂticas para as Mulheres do Estado da Bahia, cuja finalidade era sistematizar as açÔes do Estado para o Pacto de Enfrentamento Ă ViolĂȘncia contra a Mulher, do qual participamos na condição de pesquisadores. Os resultados apontam para o desenvolvimento de tĂmidas açÔes ligadas ao Tribunal de Justiça e alguns atendimentos no Ăąmbito de serviços especializados para as mulheres em situação de violĂȘncia domĂ©stica e familiar, em total afronta Ă s diretrizes gerais fixadas pela Secretaria de PolĂticas para as Mulheres da PresidĂȘncia da RepĂșblica.
Liquid-phase microextraction (LPME): fundamentals and applications to the analysis of drugs in biological samples
The analysis of drugs and metabolites in biological fluids usually requires extraction procedures to achieve sample clean-up and analyte preconcentration. Commonly, extraction procedures are performed using liquid-liquid extraction or solid-phase extraction. Nevertheless, these extraction techniques are considered to be time-consuming and require a large amount of organic solvents. On this basis, microextraction techniques have been developed. Among them, liquid-phase microextraction has been standing out. This review describes the liquid-phase microextraction technique based on hollow fibers as a novel and promising alternative in sample preparation prior to chromatographic or electrophoretic analysis. The basic concepts related to this technique and its applicability in extraction of drugs are discussed
Public Governance and Intellectual Property Management in Research Funding Agencies
This article aims to analyze the position of the Research Support Foundations (FAPs) regarding the obligation of co-ownership in patent deposits, arising from financial support promoted by them. To this end, a search was proposed in the database of the National Institute of Industrial Property â INPI for FAPs and federal development agencies. For the search of international development agencies, the Orbit Intelligence database was used. The results of this study show that the Foundation for Research Support of the State of Minas Gerais (FAPEMIG) remains the holder with 522 deposits, followed by the Foundation for Research Support of the State of SĂŁo Paulo (FAPESP) with 275 deposits and the other FAPs with rare cases. Although the three federal agencies do not require joint ownership, 522 deposits with joint ownership by the National Council for Scientific and Technological Development (CNPq) and 27 deposits with joint ownership by the Financier of Studies and Projects (FINEP) were found, however, no deposit was found on behalf of the Coordination for the Improvement of Higher Education Personnel (CAPES). And among the 4 main countries analyzed, France is the only one in which there is a concentration of ownership in a central development agency, this can be explained by the fact that France\u27s Intellectual Property Policy makes this type of requirement. In the other countries surveyed, there is no such requirement for participation in co-ownership of patent deposits. In interviews with managers of the FAPs, it was evident that a percentage of them claim that the arguments for participation or not show advantages, and from the point of view of those who do not defend participation, pointing out disadvantages
Modular Formal Islands: Embed theory in your practice
Motivated by the proliferation and usefulness of Domain Specific Languages as well as the demand in enriching well established languages by high level capabilities like modularity, pattern matching or strategic rewriting, we have introduced in previous works the Formal Islands framework. The main idea consists in integrating, in existing programs, formally defined parts called Islands, on which proofs and tests can be meaningfully developed. Then, Formal Islands could be safely dissolved into their hosting language to be transparently integrated in the existing user environment. We present this generic framework and we show that language extensions like Mhtmlâproviding modular constructions for htmlâ or Tomâa Java language extension allowing for pattern matching and rewritingâare indeed Islands and can therefore be used to embed formal software developments into legacy code
Potencial de crescimento de mudas de Mulungu (Erythrina velutina WILLD.) em diferentes substratos
Due to the notorious importance of the mulungu, this work aims to select the substrate that provides better growth traits in mulungu seedlings. For this purpose, the seeds of mulungu were collected in the campus of the Federal Institute of Sciences and Technology - IFBA of the city of Barreiras â BA. The design was completely randomized - DIC with 7 treatments and 5 replicates: A - pure sand; B - pure vermiculite; C - organic compound; D- subsoil land; E - sand with vermiculite; F - vermiculite with manure; G â subsoil land with manure. Data were submitted to analysis of variance by software R (R CORE TEAM, 2017) and the means compared by the Scott-Knott test at 5% probability. The results show that pure vermiculite can be used to produce mulungu seedlings. However, to reduce production costs, pure sand or sand with vermiculite also have satisfactory results.Devido Ă notĂłria importĂąncia do mulungu, este trabalho tem como objetivo selecionar o substrato que propicie melhores caracteres de crescimento em mudas de mulungu. Para isto, as sementes de mulungu foram coletadas no campus do Instituto Federal de CiĂȘncias e Tecnologia â IFBA da cidade de Barreiras â BA. O delineamento utilizado foi o inteiramente ao acaso - DIC com sete tratamentos e cinco repetiçÔes. Sendo estes: A â areia pura; B - vermiculita pura; C - composto orgĂąnico; D- terra de subsolo; E - areia com vermiculita; F - vermiculita com esterco; G â terra de subsolo com esterco. As caracterĂsticas avaliadas foram: Altura, diĂąmetro do caule, nĂșmero de folhas, massa fresca total, e comprimento da raiz. Os dados foram submetidos Ă anĂĄlise de variĂąncia pelo software R (R CORE TEAM, 2017) e as mĂ©dias comparadas pelo teste de Scott-Knott a 5% de probabilidade. Os resultados evidenciam que pode ser utilizado vermiculita pura para a produção de mudas de mulungu, entretanto, para diminuir custos com a produção, areia pura ou areia com vermiculita tambĂ©m apresentam resultados satisfatĂłrios
- âŠ