Enabling the Internet White Pages Service -- the Directory Guardian

The Internet White Pages Service (IWPS) has been slow to materialise for many reasons. One of them is the security concerns that organisations have, over allowing the public to gain access to either their Intranet or their directory database. The Directory Guardian is a firewall application proxy for X.500 and LDAP protocols that is designed to alleviate these fears. Sitting in the firewall system, it filters directory protocol messages passing into and out of the Intranet, allowing security administrators to carefully control the amount of directory information that is released to the outside world. This paper describes the design of our Guardian system, and shows how relatively easy it is to configure its filtering capabilities. Finally the paper describes the working demonstration of the Guardian that was built for the 1997 World Electronic Messaging Association directory challenge. This linked the WEMA directory to the NameFLOWParadise Internet directory, and demonstrated some of the powerful filtering capabilities of the Guardian

Coping with Poorly Understood Domains: the Example of Internet Trust

The notion of trust, as required for secure operations over the Internet, is important for ascertaining the source of received messages. How can we measure the degree of trust in authenticating the source? Knowledge in the domain is not established, so knowledge engineering becomes knowledge generation rather than mere acquisition. Special techniques are required, and special features of KBS software become more important than in conventional domains. This paper generalizes from experience with Internet trust to discuss some techniques and software features that are important for poorly understood domains

Providing secure remote access to legacy applications

While the widespread adoption of Internet and Intranet technology has been one of the exciting developments of recent years, many hospitals are finding that their data and legacy applications do not naturally fit into the new methods of dissemination. Existing applications often rely on isolation or trusted networks for their access control or security, whereas untrusted wide area networks pay little attention to the authenticity, integrity or confidentiality of the data they transport. Many hospitals do not have the resources to develop new ''network-ready'' versions of existing centralised applications. In this paper, we examine the issues that must be considered when providing network access to an existing health care application, and we describe how we have implemented the proposed solution in one healthcare application namely the diabetic register at Hope Hospital. We describe the architecture that allows remote access to the legacy application, providing it with encrypted communications and strongly authenticated access control but without requiring any modifications to the underlying application. As well as comparing alternative ways of implementing such a system, we also consider issues relating to usability and manageability, such as password management

Merging and Extending the PGP and PEM Trust Models - the ICE-TEL Trust Model

The ICE-TEL project is a pan-European project that is building an Internet X.509 based certification infrastructure throughout Europe, plus several secure applications that will use it. This paper describes the trust model that is being implemented by the project. A trust model specifies the means by which a user may build trust in the assertion that a remote user is really who he purports to be (authentication) and that he does in fact have a right to access the service or information that he is requesting (authorization). The ICE-TEL trust model is based on a merging of and extensions to the existing Pretty Good Privacy (PGP) web of trust and Privacy Enhanced Mail (PEM) hierarchy of trust models, and is called a web of hierarchies trust model. The web of hierarchies model has significant advantages over both of the previous models, and these are highlighted here. The paper further describes the way that the trust model is enforced through some of the new extensions in the X.509 V3 certificates, and gives examples of its use in different scenarios

Initial Experiences of Building Secure Access to Patient Confidential Data via the Internet

A project to enable health care professionals (GPs, practice nurses and diabetes nurse specialists) to access, via the Internet, confidential patient data held on a secondary care (hospital) diabetes information system, has been implemented. We describe the application that we chose to distribute (a diabetes register); the security mechanisms we used to protect the data (a public key infrastructure with strong encryption and digitally signed messages, plus a firewall); the reasons for the implementation decisions we made; the validation testing that we performed and the preliminary results of the pilot implementation

Heterogeneous Convergence

We use U.S. county-level data containing 3,058 cross-sectional observations and 41 conditioning variables to study economic growth and explore possible heterogeneity in growth determination across 32 individual states. Using a 3SLS-IV estimation method, we find that all statistically significant convergence rates (for 32 individual states) are above 2 percent, with an average of 8.1 percent. For 7 states the convergence rate can be rejected as identical to at least one other state’s convergence rate with 95 percent confidence. Convergence rates are negatively correlated with initial income. The size of government at all levels of decentralization is either unproductive or negatively correlated with growth. Educational attainment has a non-linear relationship with growth. The size of the finance, insurance and real estate, and entertainment industries are positively correlated with growth, while the size of the education industry is negatively correlated with growth. Heterogeneity in the effects of balanced growth path determinants across individual states is harder to detect than in convergence rates.Economic Growth, Conditional Convergence, County Level Data

X-ray observations of the galaxy cluster PKS 0745-191: To the virial radius, and beyond

We measure X-ray emission from the outskirts of the cluster of galaxies PKS 0745-191 with Suzaku, determining radial profiles of density, temperature, entropy, gas fraction, and mass. These measurements extend beyond the virial radius for the first time, providing new information about cluster assembly and the diffuse intracluster medium out to ~1.5 r_200, (r_200 ~ 1.7 Mpc ~ 15'). The temperature is found to decrease by roughly 70 per cent from 0.3-1 r_200. We also see a flattening of the entropy profile near the virial radius and consider the implications this has for the assumption of hydrostatic equilibrium when deriving mass estimates. We place these observations in the context of simulations and analytical models to develop a better understanding of non-gravitational physics in the outskirts of the cluster.Comment: 10 pages, 11 figures, accepted to MNRAS; expanded discussion of analysis and uncertainties, results qualitatively unchange