Self-Adaptive Role-Based Access Control for Business Processes

© 2017 IEEE. We present an approach for dynamically reconfiguring the role-based access control (RBAC) of information systems running business processes, to protect them against insider threats. The new approach uses business process execution traces and stochastic model checking to establish confidence intervals for key measurable attributes of user behaviour, and thus to identify and adaptively demote users who misuse their access permissions maliciously or accidentally. We implemented and evaluated the approach and its policy specification formalism for a real IT support business process, showing their ability to express and apply a broad range of self-adaptive RBAC policies

Estimating the employer size-wage premium in a panel data model with comparative advantage and non-random selection

This paper considers the estimation of the employer-size wage e?ect using a panel of employer-employee matched data. We test for the possibility of different returns to observable human capital variables as well as examine the role played by unmeasured skills in driving the allocation of workers across firms of di?erent sizes. Our results show that some of the observed skills; namely, education, age, and tenure have high returns in large firms, while the opposite is true for high skilled occupations and for the gender gap. On the other hand, the price of non-observed skills is reduced as firm size increases. This finding is consistent with explanations based on the premise that large employers have more difficulty monitoring workers, which therefore leads them to monitor less closely.firm size, wages, non-random selection.

PEP4Django - A Policy Enforcement Point for Python Web Applications

Traditionally, access control mechanisms have been hard-coded into application components. Such approach is error-prone, mixing business logic with access control concerns, and affecting the flexibility of security policies, as is the case with IFRN SUAP Django-based system. The externalization of access control rules allows their decoupling from business logic, through the use of authorization servers where access control policies are stored and queried for computing access decisions. In this context, this paper presents an approach that allows a Django Web application to delegate access control decisions to an external authorization server. The approach has been integrated into an enterprise level system, which has been used for experimentation. The results obtained indicate a negligible overhead, while allowing the modification of access control policies without interrupting the system

Prospective Lifetables: Life Insurance Pricing and Hedging in a Stochastic Mortality Environment

In life insurance, actuaries have traditionally calculated premiums and reserves using a deterministic mortality intensity, which is a function of the age of the insured only. Over the course of the 20th century, the population of the industrialized world underwent a major mortality transition, with a dramatic decline in mortality rates. The mortality decline has been dominated by two major trends: a reduction in mortality due to infectious diseases affecting mainly young ages, and a decrease in mortality at old ages. These mortality improvements have to be taken into account to price long-term life insurance products and to analyse the sustainability of social security systems. In this paper, we argue that pricing and reserving for pension and life insurance products requires dynamic (or prospective) lifetables. We briefly review classic and recent projection methods and adopt a Poisson log-bilinear approach to estimate Portuguese Prospective Lifetables. The advantages of using dynamic lifetables are twofold. Firstly, it provides more realistic premiums and reserves, and secondly, it quantifies the risk of the insurance companies associated with the underlying longevity risks. Finally, we discuss possible ways of transferring the systematic mortality risk to other parties.

Disposition effect and gender

Investors seem to hold on to their losing stocks to a greater extent than they hold on to their winning stocks. This well-document behavioral regularity is termed disposition effect (Shefrin and Statman 1985). We set an experiment to replicate results from a previous study of the disposition effect (Weber and Camerer 1998), and further show that a subject’s gender may interfere with the effect’s detection.

Subjective Expectations Equilibrium in Economies with Uncertain Delivery

In economies with uncertain delivery, agents trade their endowments for lists instead of bundles. A list specifies a set of bundles such that the agent has the right to receive one of them. In this paper, with continuity conditions on private beliefs about the bundle that will be delivered, we establish existence of a subjective expectations equilibrium.Private information, Uncertain delivery, Subjective expectations equilibrium, General equilibrium, Incomplete information, Real options.

Private Information: Similarity as Compatibility

We investigate the continuity of equilibrium in differential information economies with a finite number of agents. In this setting, agents can make contingent contracts based on events that are commonly observed. With private information modelled as finite partitions of a compact and metrizable space of states of nature, we introduce a topology on information that takes into account the compatibility of information fields in assessing similarity between private information fields. This topology allows us to establish upper semicontinuity of the private core correspondence.Differential Information Economy, Asymmetric Information, Radner Equilibrium, Private Core, Topologies on Information.

Existence and generic efficiency of equilibrium in two-period economies with private state-verification

Private state-verification is introduced in a two-period economy with spot markets in both periods and complete futures markets for contingent delivery in the second period. Existence of equilibrium is established, under standard assumptions. The equilibrium allocation is shown to be generically efficient if the number of states is not greater than the number of goods.General equilibrium, Differential information, Private state-verification, Two-period economies, Existence of equilibrium, Generic efficiency