Hierarchical Group and Attribute-Based Access Control: Incorporating Hierarchical Groups and Delegation into Attribute-Based Access Control

Attribute-Based Access Control (ABAC) is a promising alternative to traditional models of access control (i.e. Discretionary Access Control (DAC), Mandatory Access Control (MAC) and Role-Based Access control (RBAC)) that has drawn attention in both recent academic literature and industry application. However, formalization of a foundational model of ABAC and large-scale adoption is still in its infancy. The relatively recent popularity of ABAC still leaves a number of problems unexplored. Issues like delegation, administration, auditability, scalability, hierarchical representations, etc. have been largely ignored or left to future work. This thesis seeks to aid in the adoption of ABAC by filling in several of these gaps. The core contribution of this work is the Hierarchical Group and Attribute-Based Access Control (HGABAC) model, a novel formal model of ABAC which introduces the concept of hierarchical user and object attribute groups to ABAC. It is shown that HGABAC is capable of representing the traditional models of access control (MAC, DAC and RBAC) using this group hierarchy and that in many cases it’s use simplifies both attribute and policy administration. HGABAC serves as the basis upon which extensions are built to incorporate delegation into ABAC. Several potential strategies for introducing delegation into ABAC are proposed, categorized into families and the trade-offs of each are examined. One such strategy is formalized into a new User-to-User Attribute Delegation model, built as an extension to the HGABAC model. Attribute Delegation enables users to delegate a subset of their attributes to other users in an off-line manner (not requiring connecting to a third party). Finally, a supporting architecture for HGABAC is detailed including descriptions of services, high-level communication protocols and a new low-level attribute certificate format for exchanging user and connection attributes between independent services. Particular emphasis is placed on ensuring support for federated and distributed systems. Critical components of the architecture are implemented and evaluated with promising preliminary results. It is hoped that the contributions in this research will further the acceptance of ABAC in both academia and industry by solving the problem of delegation as well as simplifying administration and policy authoring through the introduction of hierarchical user groups

A role and attribute based encryption approach to privacy and security in cloud based health services

Cloud computing is a rapidly emerging computing paradigm which replaces static and expensive data centers, network and software infrastructure with dynamically scalable “cloud based” services offered by third party providers on an on-demand basis. However, with the potential for seemingly limitless scalability and reduced infrastructure costs comes new issues regarding security and privacy as processing and storage tasks are delegated to potentially untrustworthy cloud providers. For the eHealth industry this loss of control makes adopting the cloud problematic when compliance with privacy laws (such HIPAA, PIPEDA and PHIPA) is required and limits third party access to patient records. This thesis presents a RBAC enabled solution to cloud privacy and security issues resulting from this loss of control to a potentially untrustworthy third party cloud provider, which remains both scalable and distributed. This is accomplished through four major components presented, implemented and evaluated within this thesis; the DOSGi based Health Cloud eXchange (HCX) architecture for managing and exchanging EHRs between authorized users, the Role Based Access Control as a Service (RBACaaS) model and web service providing RBAC policy enforcement and services to cloud applications, the Role Based Single Sign On (RBSSO) protocol, and the Distributed Multi-Authority Ciphertext-Policy Shared Attribute-Based Encryption (DMACPSABE) scheme for limiting access to sensitive records dependent on attributes (or roles) assigned to users. We show that when these components are combined the resulting system is both scalable (scaling at least linearly with users, request, records and attributes), secure and provides a level of protection from the cloud provider which preserves the privacy of user’s records from any third party. Additionally, potential use cases are presented for each component as well as the overall system

Pharmaceuticals and personal care products in the environment: What are the big questions?

Background: Over the past 10-15 years, a substantial amount of work has been done by the scientific, regulatory, and business communities to elucidate the effects and risks of pharmaceuticals and personal care products (PPCPs) in the environment. Objective: This review was undertaken to identify key outstanding issues regarding the effects of PPCPs on human and ecological health in order to ensure that future resources will be focused on the most important areas. Data sources: To better understand and manage the risks of PPCPs in the environment, we used the "key question" approach to identify the principle issues that need to be addressed. Initially, questions were solicited from academic, government, and business communities around the world. A list of 101 questions was then discussed at an international expert workshop, and a top-20 list was developed. Following the workshop, workshop attendees ranked the 20 questions by importance. Data synthesis: The top 20 priority questions fell into seven categories: a) prioritization of substances for assessment, b) pathways of exposure, c) bioavailability and uptake, d) effects characterization, e) risk and relative risk, f) antibiotic resistance, and g) risk management. Conclusions: A large body of information is now available on PPCPs in the environment. This exercise prioritized the most critical questions to aid in development of future research programs on the topic.Centro de Investigaciones del Medioambient

Surface Science of DNA Adsorption onto Citrate-Capped Gold Nanoparticles

This document is the Accepted Manuscript version of a Published Work that appeared in final form in Langmuir copyright © American Chemical Society after peer review and technical editing by publisher. To access the final edited and published work see Zhang, X., Servos, M. R., & Liu, J. (2012). Surface Science of DNA Adsorption onto Citrate-Capped Gold Nanoparticles. Langmuir, 28(8), 3896–3902. https://doi.org/10.1021/la205036pSingle-stranded DNA can be adsorbed by citrate capped gold nanoparticles (AuNPs), resulting in increased AuNP stability, which forms the basis of a number of biochemical and analytical applications, but the fundamental interaction of this adsorption reaction remains unclear. In this study, we measured DNA adsorption kinetics, capacity, and isotherms, demonstrating that the adsorption process is governed by electrostatic forces. The charge repulsion among DNA strands and between DNA and AuNPs can be reduced by adding salt, reducing pH or by using noncharged peptide nucleic acid (PNA). Langmuir adsorption isotherms are obtained, indicating the presence of both adsorption and desorption of DNA from AuNPs. While increasing salt concentration facilitates DNA adsorption, the desorption rate is also enhanced in higher salt due to DNA compaction. DNA adsorption capacity is determined by DNA oligomer length, DNA concentration, and salt. Previous studies indicated faster adsorption of short DNA oligomers by AuNPs, we find that once adsorbed, longer DNAs are much more effective in protecting AuNPs from aggregation. DNA adsorption is also facilitated by using low pH buffers and high alcohol concentrations. A model based on electrostatic repulsion on AuNPs is proposed to rationalize the DNA adsorption/desorption behavior.University of Waterloo || Canadian Foundation for Innovation || Ontario Ministry of Research & Innovation || Canadian Institutes of Health Research || Natural Sciences and Engineering Research Council |

Rainbow trout exposed to benzo[a]pyrene yields conserved microRNA binding sites in DNA methyltransferases across 500 million years of evolution

Abstract The objective of this study was to examine the regulation of DNA methylation following acute (24 h) and prolonged (14 d) exposure to low (1 ng/L) and high (10 ng/L) benzo[a]pyrene. However, with the recent release of the rainbow trout genome, we were able to conduct a more detailed analysis regarding the regulation of the enzymes involved in DNA methylation; DNA methyltransferases (DNMTs). Bioinformatic approaches were used to identify candidate microRNA (miRNA) that potentially bind to the DNMT1 and DNMT3a 3′UTR. Results indicated a significant decrease in global methylation in both liver and muscle, with an associated decrease in DNA methyltransferase activity and DNMT3a transcript abundance. There was a significant increase in one specific candidate miRNA (miR29a) that was predicted to bind to DNMT3a. Taking a comparative genomics approach, the binding sites of miR29a to the DNMT3a 3′UTR was compared across species, spanning fish to mammals, and revealed a highly conserved binding motif that has been maintained since the vertebrate ancestor, approximately 500 million years ago. This research establishes that miRNA act as an essential mediator between the environment and DNA methylation patterns via DNMTs, which is further confirmed by a genomic regulatory mechanism that has been deeply conserved throughout evolution