Classifying Usage Control and Data Provenance Architectures

Given the ubiquity of data acquisition and processing in our everyday life,protecting data sovereignty in distributed systems is a significant topic ofresearch. Usage control and provenance tracking systems are very promisingsteps towards a technical solution for the problem of data sovereignty. However,due to their complexity and diversity these systems are still not fully understood.In this work we investigate the functionality of usage control and provenancetracking systems. We classify them into three different categories based on theirsecurity goals and properties. Furthermore we identify generic use cases forthese systems that help to understand what attack vectors system operators haveto be mindful of

Conceptualization of a Trust Dashboard for Distributed Usage Control Systems

Achieving data protection and privacy in modern data processing systems is a prominent topic of academic research today. The goal of retaining comprehensive informational sovereignty requires new and innovative solutions, both technological and methodological in nature. Distributed usage control is a popular technology that can give data providers the ability to actively govern the usage of their personal information even in remote systems. However, the architecture of distributed usage control systems is rather complex and often highly dynamic. This makes the assessment of the system’s soundness and trustworthiness difficult, especially for untrained laypersons. In this work we present the concept of a trust dashboard for distributed usage control systems that are backed by trusted computing technologies. The trust dashboard is intended to give users a visual intuition about the current state of the usage control system and its trustworthiness. We achieve this by using a formal model to describe relevant trust dependencies and the actually conducted remote attestations between usage control components, as well as a-priori trust levels for system operators. Based on this we propose a visualization concept that illustrates the current system state and estimates the overall trustworthiness of the system. Ultimately the trust dashboard aids system operators in the assessment of dynamic and distributed usage control architectures

Towards a Formal Model for Quantifying Trust in Distributed Usage Control Systems

Distributed usage control is a form of usage control that spans over multiple domains and computer systems. As a result, usage control components responsible for evaluating policies, gathering information, executing actions and enforcing decisions are operated in the vicinity of different stakeholders with conflicting interests. In order to prevent malicious stakeholders from manipulating these components, remote attestation can be used to verify the integrity of their code base. However, in a distributed case it is not always apparent what sequence of attestations is necessary and which verifier should conduct them. Furthermore, it is unclear what impact a failed attestation has on the trustworthiness of the whole usage control system. To solve these questions, it is necessary to identify which agents need to trust each other in order to securely execute a certain usage control function. Then the sequence of remote attestations that occur across the distributed usage control system can be examined accordingly. In this work we develop a formal model that represents the trust relationships of distributed usage control systems with multiple collaborating actors. Based on the conducted attestations we define simple binary and non-binary trust metrics that quantify the trust level a data owner can expect at a certain point in time. Finally we show how the model can be used to determine the level of trust reached in a real-world scenario

Comparison of water balance method and alternative evaporation methods applied to the Aswan High Dam Reservoir

Aswan High Dam Reservoir (AHDR) is a large human-made reservoir situated in southern Egypt and northern Sudan. The reservoir is located in a typical arid zone so that evaporation results in a significant water loss from the reservoir. To quantify these evaporation water losses, different methods can  be applied. The water balance method was used to estimate water losses of the AHDR during 43 open-water seasons. Compared to earlier publications, this study used longer time series data and more evaporation approaches. Moreover, we evaluated the deviation between evaporation rates as derived from the water balance method and as calculated using 16 evaporation/evapotranspiration formulas. Five approaches are not well suited for use at the AHDR because they underestimated evaporation rates (e.g. Stephens-Stewart model), or overestimated evaporation rates (e.g. de Bruin model). Annual evaporation rates obtained by the Bowen ratio energy balance method at the three floating stations Raft, Allaqi and Abu Simbel were estimated at 7.9, 6.9 and 6.7 mm d-1, respectively. The monthly water losses of the years 1978 to 1984, a period with reasonable evaporation rates, are used to estimate the evaporation losses. The results of the study show a systematic deviation between the monthly average values determined using the water balance method through the period 1978 to 1984 and the monthly mean values determined by the 16 evaporation calculation approaches at three floating stations. This deviation is particularly clear in the months of May, June and September (primarily lower estimates) as well as in July (primarily higher estimates). The deviation can be attributed to the simplicity of the water balance method as well as to its limited suitability for large reservoirs as the AHDR over short periods like a month. Among the 16 evaporation calculation approaches the mass transfer method provided the most reasonable results under the given site conditions

Identity Management and Protection Motivated by the General Data Protection Regulation of the European Union-A Conceptual Framework Based on State-of-the-Art Software Technologies

In times of strongly (personal) data-driven economy, the inception of the European General Data Protection Regulation (GDPR) recently reinforced the call for transparency and informational self-determination—not only due to the penalties for data protection violations becoming significantly more severe. This paper recaps the GDPR articles that should be noticed by software designers and developers and explains how, from the perspective of computer scientists, the summarized requirements can be implemented based on state-of-the-art technologies, such as data provenance tracking, distributed usage control, and remote attestation protocols. For this, the challenges for data controllers, i.e., the service providers, as well as for the data subjects, i.e., the users whose personal data are being processed by the services, are worked out. As a result, this paper proposes the ideal functionality of a next-generation privacy dashboard interacting with data provenance and usage control infrastructure implemented at the service providers to operationalize the legal rights of the data subject granted by the GDPR. Finally, it briefly outlines the options for establishing trust in data provenance tracking and usage control infrastructures operated by the service providers themselves

Secure and privacy-respecting documentation for interactive manufacturing and quality assurance

The automated documentation of work steps is a requirement of many modern manufacturing processes. Especially when it comes to important procedures such as safety critical screw connections or weld seams, the correct and complete execution of certain manufacturing steps needs to be properly supervised, e.g., by capturing video snippets of the worker to be checked in hindsight. Without proper technical and organizational safeguards, such documentation data carries the potential for covert performance monitoring to the disadvantage of employees. Naïve documentation architectures interfere with data protection requirements, and thus cannot expect acceptance of employees. In this paper we outline use cases for automated documentation and describe an exemplary system architecture of a workflow recognition and documentation system. We derive privacy protection goals that we address with a suitable security architecture based on hybrid encryption, secret-sharing among multiple parties and remote attestation of the system to prevent manipulation. We finally contribute an outlook towards problems and possible solutions with regards to information that can leak through accessible metadata and with regard to more modular system architectures, where more sophisticated remote attestation approaches are needed to ensure the integrity of distributed components

Trauma management incorporating focused assessment with computed tomography in trauma (FACTT) - potential effect on survival

Background Immediate recognition of life-threatening conditions and injuries is the key to trauma management. To date, the impact of focused assessment with computed tomography in trauma (FACTT) has not been formally assessed. We aimed to find out whether the concept of using FACTT during primary trauma survey has a negative or positive effect on survival. Methods In a retrospective, multicentre study, we compared our time management and probability of survival (Ps) in major trauma patients who received FACTT during trauma resuscitation with the trauma registry of the German Trauma Society (DGU). FACTT is defined as whole-body computed tomography (WBCT) during primary trauma survey. We determined the probability of survival according to the Trauma and Injury Severity Score (TRISS), the Revised Injury Severity Classification score (RISC) and the standardized mortality ratio (SMR). Results We analysed 4.817 patients from the DGU database from 2002 until 2004, 160 (3.3%) were from our trauma centre at the Ludwig-Maximilians-University (LMU) and 4.657 (96.7%) from the DGU group. 73.2% were male with a mean age of 42.5 years, a mean ISS of 29.8. 96.2% had suffered from blunt trauma. Time from admission to FAST (focused assessment with sonography for trauma)(4.3 vs. 8.7 min), chest x-ray (8.1 vs. 16.0 min) and whole-body CT (20.7 vs. 36.6 min) was shorter at the LMU compared to the other trauma centres (p < 0.001). SMR calculated by TRISS was 0.74 (CI95% 0.40-1.08) for the LMU (p = 0.24) and 0.92 (CI95% 0.84-1.01) for the DGU group (p = 0.10). RISC methodology revealed a SMR of 0.69 (95%CI 0.47-0.92) for the LMU (p = 0.043) and 1.00 (95%CI 0.94-1.06) for the DGU group (p = 0.88). Conclusion Trauma management incorporating FACTT enhances a rapid response to life-threatening problems and enables a comprehensive assessment of the severity of each relevant injury. Due to its speed and accuracy, FACTT during primary trauma survey supports rapid decision-making and may increase survival

Polygenic risk scores and breast and epithelial ovarian cancer risks for carriers of BRCA1 and BRCA2 pathogenic variants

Purpose We assessed the associations between population-based polygenic risk scores (PRS) for breast (BC) or epithelial ovarian cancer (EOC) with cancer risks forBRCA1andBRCA2pathogenic variant carriers. Methods Retrospective cohort data on 18,935BRCA1and 12,339BRCA2female pathogenic variant carriers of European ancestry were available. Three versions of a 313 single-nucleotide polymorphism (SNP) BC PRS were evaluated based on whether they predict overall, estrogen receptor (ER)-negative, or ER-positive BC, and two PRS for overall or high-grade serous EOC. Associations were validated in a prospective cohort. Results The ER-negative PRS showed the strongest association with BC risk forBRCA1carriers (hazard ratio [HR] per standard deviation = 1.29 [95% CI 1.25-1.33],P = 3x10(-72)). ForBRCA2, the strongest association was with overall BC PRS (HR = 1.31 [95% CI 1.27-1.36],P = 7x10(-50)). HR estimates decreased significantly with age and there was evidence for differences in associations by predicted variant effects on protein expression. The HR estimates were smaller than general population estimates. The high-grade serous PRS yielded the strongest associations with EOC risk forBRCA1(HR = 1.32 [95% CI 1.25-1.40],P = 3x10(-22)) andBRCA2(HR = 1.44 [95% CI 1.30-1.60],P = 4x10(-12)) carriers. The associations in the prospective cohort were similar. Conclusion Population-based PRS are strongly associated with BC and EOC risks forBRCA1/2carriers and predict substantial absolute risk differences for women at PRS distribution extremes.Peer reviewe

The genetics of blood pressure regulation and its target organs from association studies in 342,415 individuals

To dissect the genetic architecture of blood pressure and assess effects on target-organ damage, we analyzed 128,272 SNPs from targeted and genome-wide arrays in 201,529 individuals of European ancestry and genotypes from an additional 140,886 individuals were used for validation. We identified 66 blood pressure loci, of which 17 were novel and 15 harbored multiple distinct association signals. The 66 index SNPs were enriched for cis-regulatory elements, particularly in vascular endothelial cells, consistent with a primary role in blood pressure control through modulation of vascular tone across multiple tissues. The 66 index SNPs combined in a risk score showed comparable effects in 64,421 individuals of non-European descent. The 66-SNP blood pressure risk score was significantly associated with target-organ damage in multiple tissues, with minor effects in the kidney. Our findings expand current knowledge of blood pressure pathways and highlight tissues beyond the classic renal system in blood pressure regulation

Genome-wide analysis identifies 12 loci influencing human reproductive behavior.

The genetic architecture of human reproductive behavior-age at first birth (AFB) and number of children ever born (NEB)-has a strong relationship with fitness, human development, infertility and risk of neuropsychiatric disorders. However, very few genetic loci have been identified, and the underlying mechanisms of AFB and NEB are poorly understood. We report a large genome-wide association study of both sexes including 251,151 individuals for AFB and 343,072 individuals for NEB. We identified 12 independent loci that are significantly associated with AFB and/or NEB in a SNP-based genome-wide association study and 4 additional loci associated in a gene-based effort. These loci harbor genes that are likely to have a role, either directly or by affecting non-local gene expression, in human reproduction and infertility, thereby increasing understanding of these complex traits