Sample records for access control security

  1. CAS. Controlled Access Security

    DOE Office of Scientific and Technical Information (OSTI.GOV)

    Martinez, B.; Pomeroy, G.

    1989-12-01

    The Security Alarm System is a data acquisition and control system which collects data from intrusion sensors and displays the information in a real-time environment for operators. The Access Control System monitors and controls the movement of personnel with the use of card readers and biometrics hand readers.

  2. 36 CFR 1256.70 - What controls access to national security-classified information?

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... national security-classified information? 1256.70 Section 1256.70 Parks, Forests, and Public Property... HISTORICAL MATERIALS Access to Materials Containing National Security-Classified Information § 1256.70 What controls access to national security-classified information? (a) The declassification of and public access...

  3. 75 FR 80886 - Third Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-12-23

    ... 224: Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), DOT. ACTION: Notice of RTCA Special Committee 224 meeting: Airport Security Access Control Systems (Update to... Committee 224: Airport Security Access Control Systems. DATES: The meeting will be held January 13, 2011...

  4. 75 FR 61819 - First Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-10-06

    ... 224: Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), DOT. ACTION: Notice of RTCA Special Committee 224 meeting: Airport Security Access Control Systems (Update to... Committee 224: Airport Security Access Control Systems. DATES: The meeting will be held November 2, 2010...

  5. 75 FR 71790 - Second Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-11-24

    ... Committee 224: Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), DOT. ACTION: Notice of RTCA Special Committee 224 meeting: Airport Security Access Control Systems (Update to... Committee 224: Airport Security Access Control Systems. DATES: The meeting will be held December 9, 2010...

  6. 76 FR 9632 - Fifth Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-02-18

    ... 224: Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), DOT. ACTION: Notice of RTCA Special Committee 224 meeting: Airport Security Access Control Systems (Update to... Committee 224: Airport Security Access Control Systems. DATES: The meeting will be held March 10, 2011, from...

  7. 76 FR 3931 - Fourth Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-01-21

    ... Committee 224: Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), DOT. ACTION: Notice of RTCA Special Committee 224 Meeting: Airport Security Access Control Systems (Update to... Committee 224: Airport Security Access Control Systems. DATES: The meeting will be held February 8, 2011...

  8. 76 FR 16470 - Sixth Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-03-23

    ... 224: Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), DOT. ACTION: Notice of RTCA Special Committee 224 meeting: Airport Security Access Control Systems (Update to... Committee 224: Airport Security Access Control Systems DATES: The meeting will be held April 13, 2011, from...

  9. 76 FR 67019 - Tenth Meeting: RTCA Special Committee 224, Airport Security Access Control

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-10-28

    ... 224, Airport Security Access Control AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Notice of RTCA Special Committee 224, Airport Security Access Control. SUMMARY: The... (Pub. L. 92-463, 5 U.S.C., App.), notice is hereby given for a Special Committee 224, Airport Security...

  10. 77 FR 71474 - Seventeenth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-11-30

    ... Committee 224, Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), U.S... Access Control Systems. SUMMARY: The FAA is issuing this notice to advise the public of the seventeenth meeting of the RTCA Special Committee 224, Airport Security Access Control Systems. DATES: The meeting...

  11. 78 FR 7850 - Nineteenth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-02-04

    ... Committee 224, Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), U.S... Access Control Systems. SUMMARY: The FAA is issuing this notice to advise the public of the nineteenth meeting of the RTCA Special Committee 224, Airport Security Access Control Systems. DATES: The meeting...

  12. 77 FR 25525 - Thirteenth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems.

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-04-30

    ... Committee 224, Airport Security Access Control Systems. AGENCY: Federal Aviation Administration (FAA), U.S... Access Control Systems. SUMMARY: The FAA is issuing this notice to advise the public of the thirteenth meeting of RTCA Special Committee 224, Airport Security Access Control Systems DATES: The meeting will be...

  13. 77 FR 15448 - Twelfth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-03-15

    ... Committee 224, Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), U.S... Access Control Systems. SUMMARY: The FAA is issuing this notice to advise the public of the twelfth meeting of RTCA Special Committee 224, Airport Security Access Control Systems DATES: The meeting will be...

  14. 78 FR 16757 - Twentieth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-03-18

    ... Committee 224, Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security... meeting of the RTCA Special Committee 224, Airport Security Access Control Systems. DATES: The meeting...

  15. 77 FR 64838 - Sixteenth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-10-23

    ... Committee 224, Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security... meeting of the RTCA Special Committee 224, Airport Security Access Control Systems. DATES: The meeting...

  16. 77 FR 55894 - Fifteenth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-09-11

    ... Committee 224, Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security... meeting of the RTCA Special Committee 224, Airport Security Access Control Systems DATES: The meeting will...

  17. 76 FR 59481 - Ninth Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-09-26

    ... Control Systems (Update to DO-230B): Agenda October 20, 2011 Welcome/Introductions/Administrative Remarks... 224: Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), DOT. ACTION: Notice of RTCA Special Committee 224 meeting: Airport Security Access Control Systems. SUMMARY...

  18. 76 FR 50811 - Eighth Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-08-16

    ... Control Systems (Update to DO-230B): Agenda September 15, 2011 Welcome/Introductions/Administrative... Committee 224: Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), DOT. ACTION: Notice of RTCA Special Committee 224 meeting: Airport Security Access Control Systems. SUMMARY...

  19. 76 FR 38742 - Seventh Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-07-01

    ... Control Systems (Update to DO-230B): Agenda July 15, 2011 Welcome/Introductions/Administrative Remarks... Committee 224: Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), DOT. ACTION: Notice of RTCA Special Committee 224 meeting: Airport Security Access Control Systems (Update to...

  20. 78 FR 31627 - Twenty-Second Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-05-24

    ... Committee 224, Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), U.S... Access Control Systems. SUMMARY: The FAA is issuing this notice to advise the public of the twenty-second meeting of the RTCA Special Committee 224, Airport Security Access Control Systems. DATES: The meeting...

  1. 78 FR 22025 - Twenty First Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-04-12

    ... Committee 224, Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), U.S... Access Control Systems. SUMMARY: The FAA is issuing this notice to advise the public of the twenty first meeting of the RTCA Special Committee 224, Airport Security Access Control Systems. DATES: The meeting...

  2. 77 FR 2343 - Eleventh Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-01-17

    ... Committee 224, Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), U.S... Control Systems. SUMMARY: The FAA is issuing this notice to advise the public of the eleventh meeting of RTCA Special Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held...

  3. 33 CFR 105.255 - Security measures for access control.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... and facilities; (4) Granting access to only those responding to the security incident or threat... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Security measures for access... SECURITY MARITIME SECURITY MARITIME SECURITY: FACILITIES Facility Security Requirements § 105.255 Security...

  4. 78 FR 43963 - Twenty-Third Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-07-22

    ... Committee 224, Airport Security Access Control Systems AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security... meeting of the RTCA Special Committee 224, Airport Security Access Control Systems. DATES: The meeting...

  5. Secure Dynamic access control scheme of PHR in cloud computing.

    PubMed

    Chen, Tzer-Shyong; Liu, Chia-Hui; Chen, Tzer-Long; Chen, Chin-Sheng; Bau, Jian-Guo; Lin, Tzu-Ching

    2012-12-01

    With the development of information technology and medical technology, medical information has been developed from traditional paper records into electronic medical records, which have now been widely applied. The new-style medical information exchange system "personal health records (PHR)" is gradually developed. PHR is a kind of health records maintained and recorded by individuals. An ideal personal health record could integrate personal medical information from different sources and provide complete and correct personal health and medical summary through the Internet or portable media under the requirements of security and privacy. A lot of personal health records are being utilized. The patient-centered PHR information exchange system allows the public autonomously maintain and manage personal health records. Such management is convenient for storing, accessing, and sharing personal medical records. With the emergence of Cloud computing, PHR service has been transferred to storing data into Cloud servers that the resources could be flexibly utilized and the operation cost can be reduced. Nevertheless, patients would face privacy problem when storing PHR data into Cloud. Besides, it requires a secure protection scheme to encrypt the medical records of each patient for storing PHR into Cloud server. In the encryption process, it would be a challenge to achieve accurately accessing to medical records and corresponding to flexibility and efficiency. A new PHR access control scheme under Cloud computing environments is proposed in this study. With Lagrange interpolation polynomial to establish a secure and effective PHR information access scheme, it allows to accurately access to PHR with security and is suitable for enormous multi-users. Moreover, this scheme also dynamically supports multi-users in Cloud computing environments with personal privacy and offers legal authorities to access to PHR. From security and effectiveness analyses, the proposed PHR access

  6. A threat intelligence framework for access control security in the oil industry

    NASA Astrophysics Data System (ADS)

    Alaskandrani, Faisal T.

    The research investigates the problem raised by the rapid development in the technology industry giving security concerns in facilities built by the energy industry containing diverse platforms. The difficulty of continuous updates to network security architecture and assessment gave rise to the need to use threat intelligence frameworks to better assess and address networks security issues. Focusing on access control security to the ICS and SCADA systems that is being utilized to carry out mission critical and life threatening operations. The research evaluates different threat intelligence frameworks that can be implemented in the industry seeking the most suitable and applicable one that address the issue and provide more security measures. The validity of the result is limited to the same environment that was researched as well as the technologies being utilized. The research concludes that it is possible to utilize a Threat Intelligence framework to prioritize security in Access Control Measures in the Oil Industry.

  7. An access control model with high security for distributed workflow and real-time application

    NASA Astrophysics Data System (ADS)

    Han, Ruo-Fei; Wang, Hou-Xiang

    2007-11-01

    The traditional mandatory access control policy (MAC) is regarded as a policy with strict regulation and poor flexibility. The security policy of MAC is so compelling that few information systems would adopt it at the cost of facility, except some particular cases with high security requirement as military or government application. However, with the increasing requirement for flexibility, even some access control systems in military application have switched to role-based access control (RBAC) which is well known as flexible. Though RBAC can meet the demands for flexibility but it is weak in dynamic authorization and consequently can not fit well in the workflow management systems. The task-role-based access control (T-RBAC) is then introduced to solve the problem. It combines both the advantages of RBAC and task-based access control (TBAC) which uses task to manage permissions dynamically. To satisfy the requirement of system which is distributed, well defined with workflow process and critically for time accuracy, this paper will analyze the spirit of MAC, introduce it into the improved T&RBAC model which is based on T-RBAC. At last, a conceptual task-role-based access control model with high security for distributed workflow and real-time application (A_T&RBAC) is built, and its performance is simply analyzed.

  8. Dynamic Key Management Schemes for Secure Group Access Control Using Hierarchical Clustering in Mobile Ad Hoc Networks

    NASA Astrophysics Data System (ADS)

    Tsaur, Woei-Jiunn; Pai, Haw-Tyng

    2008-11-01

    The applications of group computing and communication motivate the requirement to provide group access control in mobile ad hoc networks (MANETs). The operation in MANETs' groups performs a decentralized manner and accommodated membership dynamically. Moreover, due to lack of centralized control, MANETs' groups are inherently insecure and vulnerable to attacks from both within and outside the groups. Such features make access control more challenging in MANETs. Recently, several researchers have proposed group access control mechanisms in MANETs based on a variety of threshold signatures. However, these mechanisms cannot actually satisfy MANETs' dynamic environments. This is because the threshold-based mechanisms cannot be achieved when the number of members is not up to the threshold value. Hence, by combining the efficient elliptic curve cryptosystem, self-certified public key cryptosystem and secure filter technique, we construct dynamic key management schemes based on hierarchical clustering for securing group access control in MANETs. Specifically, the proposed schemes can constantly accomplish secure group access control only by renewing the secure filters of few cluster heads, when a cluster head joins or leaves a cross-cluster. In such a new way, we can find that the proposed group access control scheme can be very effective for securing practical applications in MANETs.

  9. 33 CFR 104.265 - Security measures for access control.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Security measures for access... SECURITY MARITIME SECURITY MARITIME SECURITY: VESSELS Vessel Security Requirements § 104.265 Security... security measures to: (1) Deter the unauthorized introduction of dangerous substances and devices...

  10. 33 CFR 106.260 - Security measures for access control.

    Code of Federal Regulations, 2013 CFR

    2013-07-01

    ... SECURITY MARITIME SECURITY MARINE SECURITY: OUTER CONTINENTAL SHELF (OCS) FACILITIES Outer Continental... unattended spaces that adjoin areas to which OCS facility personnel and visitors have access; (9) Ensure OCS...

  11. 33 CFR 106.260 - Security measures for access control.

    Code of Federal Regulations, 2012 CFR

    2012-07-01

    ... SECURITY MARITIME SECURITY MARINE SECURITY: OUTER CONTINENTAL SHELF (OCS) FACILITIES Outer Continental... unattended spaces that adjoin areas to which OCS facility personnel and visitors have access; (9) Ensure OCS...

  12. 33 CFR 106.260 - Security measures for access control.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... SECURITY MARITIME SECURITY MARINE SECURITY: OUTER CONTINENTAL SHELF (OCS) FACILITIES Outer Continental... unattended spaces that adjoin areas to which OCS facility personnel and visitors have access; (9) Ensure OCS...

  13. 33 CFR 106.260 - Security measures for access control.

    Code of Federal Regulations, 2014 CFR

    2014-07-01

    ... SECURITY MARITIME SECURITY MARINE SECURITY: OUTER CONTINENTAL SHELF (OCS) FACILITIES Outer Continental... unattended spaces that adjoin areas to which OCS facility personnel and visitors have access; (9) Ensure OCS...

  14. 33 CFR 106.260 - Security measures for access control.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... SECURITY MARITIME SECURITY MARINE SECURITY: OUTER CONTINENTAL SHELF (OCS) FACILITIES Outer Continental... unattended spaces that adjoin areas to which OCS facility personnel and visitors have access; (9) Ensure OCS...

  15. A Novel Reference Security Model with the Situation Based Access Policy for Accessing EPHR Data.

    PubMed

    Gope, Prosanta; Amin, Ruhul

    2016-11-01

    Electronic Patient Health Record (EPHR) systems may facilitate a patient not only to share his/her health records securely with healthcare professional but also to control his/her health privacy, in a convenient and easy way even in case of emergency. In order to fulfill these requirements, it is greatly desirable to have the access control mechanism which can efficiently handle every circumstance without negotiating security. However, the existing access control mechanisms used in healthcare to regulate and restrict the disclosure of patient data are often bypassed in case of emergencies. In this article, we propose a way to securely share EPHR data under any situation including break-the-glass (BtG) without compromising its security. In this regard, we design a reference security model, which consists of a multi-level data flow hierarchy, and an efficient access control framework based on the conventional Role-Based Access Control (RBAC) and Mandatory Access Control (MAC) policies.

  16. Health Information System Role-Based Access Control Current Security Trends and Challenges.

    PubMed

    de Carvalho Junior, Marcelo Antonio; Bandiera-Paiva, Paulo

    2018-01-01

    This article objective is to highlight implementation characteristics, concerns, or limitations over role-based access control (RBAC) use on health information system (HIS) using industry-focused literature review of current publishing for that purpose. Based on the findings, assessment for indication of RBAC is obsolete considering HIS authorization control needs. We have selected articles related to our investigation theme "RBAC trends and limitations" in 4 different sources related to health informatics or to the engineering technical field. To do so, we have applied the following search query string: "Role-Based Access Control" OR "RBAC" AND "Health information System" OR "EHR" AND "Trends" OR "Challenges" OR "Security" OR "Authorization" OR "Attacks" OR "Permission Assignment" OR "Permission Relation" OR "Permission Mapping" OR "Constraint". We followed PRISMA applicable flow and general methodology used on software engineering for systematic review. 20 articles were selected after applying inclusion and exclusion criteria resulting contributions from 10 different countries. 17 articles advocate RBAC adaptations. The main security trends and limitations mapped were related to emergency access, grant delegation, and interdomain access control. Several publishing proposed RBAC adaptations and enhancements in order to cope current HIS use characteristics. Most of the existent RBAC studies are not related to health informatics industry though. There is no clear indication of RBAC obsolescence for HIS use.

  17. Provably Secure Heterogeneous Access Control Scheme for Wireless Body Area Network.

    PubMed

    Omala, Anyembe Andrew; Mbandu, Angolo Shem; Mutiria, Kamenyi Domenic; Jin, Chunhua; Li, Fagen

    2018-04-28

    Wireless body area network (WBAN) provides a medium through which physiological information could be harvested and transmitted to application provider (AP) in real time. Integrating WBAN in a heterogeneous Internet of Things (IoT) ecosystem would enable an AP to monitor patients from anywhere and at anytime. However, the IoT roadmap of interconnected 'Things' is still faced with many challenges. One of the challenges in healthcare is security and privacy of streamed medical data from heterogeneously networked devices. In this paper, we first propose a heterogeneous signcryption scheme where a sender is in a certificateless cryptographic (CLC) environment while a receiver is in identity-based cryptographic (IBC) environment. We then use this scheme to design a heterogeneous access control protocol. Formal security proof for indistinguishability against adaptive chosen ciphertext attack and unforgeability against adaptive chosen message attack in random oracle model is presented. In comparison with some of the existing access control schemes, our scheme has lower computation and communication cost.

  18. An effective and secure key-management scheme for hierarchical access control in E-medicine system.

    PubMed

    Odelu, Vanga; Das, Ashok Kumar; Goswami, Adrijit

    2013-04-01

    Recently several hierarchical access control schemes are proposed in the literature to provide security of e-medicine systems. However, most of them are either insecure against 'man-in-the-middle attack' or they require high storage and computational overheads. Wu and Chen proposed a key management method to solve dynamic access control problems in a user hierarchy based on hybrid cryptosystem. Though their scheme improves computational efficiency over Nikooghadam et al.'s approach, it suffers from large storage space for public parameters in public domain and computational inefficiency due to costly elliptic curve point multiplication. Recently, Nikooghadam and Zakerolhosseini showed that Wu-Chen's scheme is vulnerable to man-in-the-middle attack. In order to remedy this security weakness in Wu-Chen's scheme, they proposed a secure scheme which is again based on ECC (elliptic curve cryptography) and efficient one-way hash function. However, their scheme incurs huge computational cost for providing verification of public information in the public domain as their scheme uses ECC digital signature which is costly when compared to symmetric-key cryptosystem. In this paper, we propose an effective access control scheme in user hierarchy which is only based on symmetric-key cryptosystem and efficient one-way hash function. We show that our scheme reduces significantly the storage space for both public and private domains, and computational complexity when compared to Wu-Chen's scheme, Nikooghadam-Zakerolhosseini's scheme, and other related schemes. Through the informal and formal security analysis, we further show that our scheme is secure against different attacks and also man-in-the-middle attack. Moreover, dynamic access control problems in our scheme are also solved efficiently compared to other related schemes, making our scheme is much suitable for practical applications of e-medicine systems.

  19. A Secure and Verifiable Outsourced Access Control Scheme in Fog-Cloud Computing.

    PubMed

    Fan, Kai; Wang, Junxiong; Wang, Xin; Li, Hui; Yang, Yintang

    2017-07-24

    With the rapid development of big data and Internet of things (IOT), the number of networking devices and data volume are increasing dramatically. Fog computing, which extends cloud computing to the edge of the network can effectively solve the bottleneck problems of data transmission and data storage. However, security and privacy challenges are also arising in the fog-cloud computing environment. Ciphertext-policy attribute-based encryption (CP-ABE) can be adopted to realize data access control in fog-cloud computing systems. In this paper, we propose a verifiable outsourced multi-authority access control scheme, named VO-MAACS. In our construction, most encryption and decryption computations are outsourced to fog devices and the computation results can be verified by using our verification method. Meanwhile, to address the revocation issue, we design an efficient user and attribute revocation method for it. Finally, analysis and simulation results show that our scheme is both secure and highly efficient.

  20. A Secure and Verifiable Outsourced Access Control Scheme in Fog-Cloud Computing

    PubMed Central

    Fan, Kai; Wang, Junxiong; Wang, Xin; Li, Hui; Yang, Yintang

    2017-01-01

    With the rapid development of big data and Internet of things (IOT), the number of networking devices and data volume are increasing dramatically. Fog computing, which extends cloud computing to the edge of the network can effectively solve the bottleneck problems of data transmission and data storage. However, security and privacy challenges are also arising in the fog-cloud computing environment. Ciphertext-policy attribute-based encryption (CP-ABE) can be adopted to realize data access control in fog-cloud computing systems. In this paper, we propose a verifiable outsourced multi-authority access control scheme, named VO-MAACS. In our construction, most encryption and decryption computations are outsourced to fog devices and the computation results can be verified by using our verification method. Meanwhile, to address the revocation issue, we design an efficient user and attribute revocation method for it. Finally, analysis and simulation results show that our scheme is both secure and highly efficient. PMID:28737733

  1. Computer access security code system

    NASA Technical Reports Server (NTRS)

    Collins, Earl R., Jr. (Inventor)

    1990-01-01

    A security code system for controlling access to computer and computer-controlled entry situations comprises a plurality of subsets of alpha-numeric characters disposed in random order in matrices of at least two dimensions forming theoretical rectangles, cubes, etc., such that when access is desired, at least one pair of previously unused character subsets not found in the same row or column of the matrix is chosen at random and transmitted by the computer. The proper response to gain access is transmittal of subsets which complete the rectangle, and/or a parallelepiped whose opposite corners were defined by first groups of code. Once used, subsets are not used again to absolutely defeat unauthorized access by eavesdropping, and the like.

  2. SmartVeh: Secure and Efficient Message Access Control and Authentication for Vehicular Cloud Computing.

    PubMed

    Huang, Qinlong; Yang, Yixian; Shi, Yuxiang

    2018-02-24

    With the growing number of vehicles and popularity of various services in vehicular cloud computing (VCC), message exchanging among vehicles under traffic conditions and in emergency situations is one of the most pressing demands, and has attracted significant attention. However, it is an important challenge to authenticate the legitimate sources of broadcast messages and achieve fine-grained message access control. In this work, we propose SmartVeh, a secure and efficient message access control and authentication scheme in VCC. A hierarchical, attribute-based encryption technique is utilized to achieve fine-grained and flexible message sharing, which ensures that vehicles whose persistent or dynamic attributes satisfy the access policies can access the broadcast message with equipped on-board units (OBUs). Message authentication is enforced by integrating an attribute-based signature, which achieves message authentication and maintains the anonymity of the vehicles. In order to reduce the computations of the OBUs in the vehicles, we outsource the heavy computations of encryption, decryption and signing to a cloud server and road-side units. The theoretical analysis and simulation results reveal that our secure and efficient scheme is suitable for VCC.

  3. SmartVeh: Secure and Efficient Message Access Control and Authentication for Vehicular Cloud Computing

    PubMed Central

    Yang, Yixian; Shi, Yuxiang

    2018-01-01

    With the growing number of vehicles and popularity of various services in vehicular cloud computing (VCC), message exchanging among vehicles under traffic conditions and in emergency situations is one of the most pressing demands, and has attracted significant attention. However, it is an important challenge to authenticate the legitimate sources of broadcast messages and achieve fine-grained message access control. In this work, we propose SmartVeh, a secure and efficient message access control and authentication scheme in VCC. A hierarchical, attribute-based encryption technique is utilized to achieve fine-grained and flexible message sharing, which ensures that vehicles whose persistent or dynamic attributes satisfy the access policies can access the broadcast message with equipped on-board units (OBUs). Message authentication is enforced by integrating an attribute-based signature, which achieves message authentication and maintains the anonymity of the vehicles. In order to reduce the computations of the OBUs in the vehicles, we outsource the heavy computations of encryption, decryption and signing to a cloud server and road-side units. The theoretical analysis and simulation results reveal that our secure and efficient scheme is suitable for VCC. PMID:29495269

  4. Security analysis and improvements of authentication and access control in the Internet of Things.

    PubMed

    Ndibanje, Bruce; Lee, Hoon-Jae; Lee, Sang-Gon

    2014-08-13

    Internet of Things is a ubiquitous concept where physical objects are connected over the internet and are provided with unique identifiers to enable their self-identification to other devices and the ability to continuously generate data and transmit it over a network. Hence, the security of the network, data and sensor devices is a paramount concern in the IoT network as it grows very fast in terms of exchanged data and interconnected sensor nodes. This paper analyses the authentication and access control method using in the Internet of Things presented by Jing et al. (Authentication and Access Control in the Internet of Things. In Proceedings of the 2012 32nd International Conference on Distributed Computing Systems Workshops, Macau, China, 18-21 June 2012, pp. 588-592). According to our analysis, Jing et al.'s protocol is costly in the message exchange and the security assessment is not strong enough for such a protocol. Therefore, we propose improvements to the protocol to fill the discovered weakness gaps. The protocol enhancements facilitate many services to the users such as user anonymity, mutual authentication, and secure session key establishment. Finally, the performance and security analysis show that the improved protocol possesses many advantages against popular attacks, and achieves better efficiency at low communication cost.

  5. 49 CFR 1542.207 - Access control systems.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY Operations § 1542.207 Access control... original access medium, if the airport operator follows measures and procedures in the security program...

  6. 49 CFR 1542.207 - Access control systems.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY Operations § 1542.207 Access control... original access medium, if the airport operator follows measures and procedures in the security program...

  7. 49 CFR 1542.207 - Access control systems.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY Operations § 1542.207 Access control... original access medium, if the airport operator follows measures and procedures in the security program...

  8. 49 CFR 1542.207 - Access control systems.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY Operations § 1542.207 Access control... original access medium, if the airport operator follows measures and procedures in the security program...

  9. 49 CFR 1542.207 - Access control systems.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION, DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY Operations § 1542.207 Access control... original access medium, if the airport operator follows measures and procedures in the security program...

  10. Privacy, security and access with sensitive health information.

    PubMed

    Croll, Peter

    2010-01-01

    This chapter gives an educational overview of: * Confidentiality issues and the challenges faced; * The fundamental differences between privacy and security; * The different access control mechanisms; * The challenges of Internet security; * How 'safety and quality' relate to all the above.

  11. Security Analysis and Improvements of Authentication and Access Control in the Internet of Things

    PubMed Central

    Ndibanje, Bruce; Lee, Hoon-Jae; Lee, Sang-Gon

    2014-01-01

    Internet of Things is a ubiquitous concept where physical objects are connected over the internet and are provided with unique identifiers to enable their self-identification to other devices and the ability to continuously generate data and transmit it over a network. Hence, the security of the network, data and sensor devices is a paramount concern in the IoT network as it grows very fast in terms of exchanged data and interconnected sensor nodes. This paper analyses the authentication and access control method using in the Internet of Things presented by Jing et al (Authentication and Access Control in the Internet of Things. In Proceedings of the 2012 32nd International Conference on Distributed Computing Systems Workshops, Macau, China, 18–21 June 2012, pp. 588–592). According to our analysis, Jing et al.'s protocol is costly in the message exchange and the security assessment is not strong enough for such a protocol. Therefore, we propose improvements to the protocol to fill the discovered weakness gaps. The protocol enhancements facilitate many services to the users such as user anonymity, mutual authentication, and secure session key establishment. Finally, the performance and security analysis show that the improved protocol possesses many advantages against popular attacks, and achieves better efficiency at low communication cost. PMID:25123464

  12. Secure Remote Access Issues in a Control Center Environment

    NASA Technical Reports Server (NTRS)

    Pitts, Lee; McNair, Ann R. (Technical Monitor)

    2002-01-01

    The ISS finally reached an operational state and exists for local and remote users. Onboard payload systems are managed by the Huntsville Operations Support Center (HOSC). Users access HOSC systems by internet protocols in support of daily operations, preflight simulation, and test. In support of this diverse user community, a modem security architecture has been implemented. The architecture has evolved over time from an isolated but open system to a system which supports local and remote access to the ISS over broad geographic regions. This has been accomplished through the use of an evolved security strategy, PKI, and custom design. Through this paper, descriptions of the migration process and the lessons learned are presented. This will include product decision criteria, rationale, and the use of commodity products in the end architecture. This paper will also stress the need for interoperability of various products and the effects of seemingly insignificant details.

  13. Secure Access Control and Large Scale Robust Representation for Online Multimedia Event Detection

    PubMed Central

    Liu, Changyu; Li, Huiling

    2014-01-01

    We developed an online multimedia event detection (MED) system. However, there are a secure access control issue and a large scale robust representation issue when we want to integrate traditional event detection algorithms into the online environment. For the first issue, we proposed a tree proxy-based and service-oriented access control (TPSAC) model based on the traditional role based access control model. Verification experiments were conducted on the CloudSim simulation platform, and the results showed that the TPSAC model is suitable for the access control of dynamic online environments. For the second issue, inspired by the object-bank scene descriptor, we proposed a 1000-object-bank (1000OBK) event descriptor. Feature vectors of the 1000OBK were extracted from response pyramids of 1000 generic object detectors which were trained on standard annotated image datasets, such as the ImageNet dataset. A spatial bag of words tiling approach was then adopted to encode these feature vectors for bridging the gap between the objects and events. Furthermore, we performed experiments in the context of event classification on the challenging TRECVID MED 2012 dataset, and the results showed that the robust 1000OBK event descriptor outperforms the state-of-the-art approaches. PMID:25147840

  14. Secure access control and large scale robust representation for online multimedia event detection.

    PubMed

    Liu, Changyu; Lu, Bin; Li, Huiling

    2014-01-01

    We developed an online multimedia event detection (MED) system. However, there are a secure access control issue and a large scale robust representation issue when we want to integrate traditional event detection algorithms into the online environment. For the first issue, we proposed a tree proxy-based and service-oriented access control (TPSAC) model based on the traditional role based access control model. Verification experiments were conducted on the CloudSim simulation platform, and the results showed that the TPSAC model is suitable for the access control of dynamic online environments. For the second issue, inspired by the object-bank scene descriptor, we proposed a 1000-object-bank (1000OBK) event descriptor. Feature vectors of the 1000OBK were extracted from response pyramids of 1000 generic object detectors which were trained on standard annotated image datasets, such as the ImageNet dataset. A spatial bag of words tiling approach was then adopted to encode these feature vectors for bridging the gap between the objects and events. Furthermore, we performed experiments in the context of event classification on the challenging TRECVID MED 2012 dataset, and the results showed that the robust 1000OBK event descriptor outperforms the state-of-the-art approaches.

  15. Improving School Access Control

    ERIC Educational Resources Information Center

    National Clearinghouse for Educational Facilities, 2008

    2008-01-01

    Few things are more important for school safety and security than controlling access to buildings and grounds. It is relatively easy to incorporate effective access control measures in new school designs but more difficult in existing schools, where most building and site features cannot be readily altered or reconfigured. The National…

  16. Access control based on attribute certificates for medical intranet applications.

    PubMed

    Mavridis, I; Georgiadis, C; Pangalos, G; Khair, M

    2001-01-01

    Clinical information systems frequently use intranet and Internet technologies. However these technologies have emphasized sharing and not security, despite the sensitive and private nature of much health information. Digital certificates (electronic documents which recognize an entity or its attributes) can be used to control access in clinical intranet applications. To outline the need for access control in distributed clinical database systems, to describe the use of digital certificates and security policies, and to propose the architecture for a system using digital certificates, cryptography and security policy to control access to clinical intranet applications. We have previously developed a security policy, DIMEDAC (Distributed Medical Database Access Control), which is compatible with emerging public key and privilege management infrastructure. In our implementation approach we propose the use of digital certificates, to be used in conjunction with DIMEDAC. Our proposed access control system consists of two phases: the ways users gain their security credentials; and how these credentials are used to access medical data. Three types of digital certificates are used: identity certificates for authentication; attribute certificates for authorization; and access-rule certificates for propagation of access control policy. Once a user is identified and authenticated, subsequent access decisions are based on a combination of identity and attribute certificates, with access-rule certificates providing the policy framework. Access control in clinical intranet applications can be successfully and securely managed through the use of digital certificates and the DIMEDAC security policy.

  17. Access Control based on Attribute Certificates for Medical Intranet Applications

    PubMed Central

    Georgiadis, Christos; Pangalos, George; Khair, Marie

    2001-01-01

    Background Clinical information systems frequently use intranet and Internet technologies. However these technologies have emphasized sharing and not security, despite the sensitive and private nature of much health information. Digital certificates (electronic documents which recognize an entity or its attributes) can be used to control access in clinical intranet applications. Objectives To outline the need for access control in distributed clinical database systems, to describe the use of digital certificates and security policies, and to propose the architecture for a system using digital certificates, cryptography and security policy to control access to clinical intranet applications. Methods We have previously developed a security policy, DIMEDAC (Distributed Medical Database Access Control), which is compatible with emerging public key and privilege management infrastructure. In our implementation approach we propose the use of digital certificates, to be used in conjunction with DIMEDAC. Results Our proposed access control system consists of two phases: the ways users gain their security credentials; and how these credentials are used to access medical data. Three types of digital certificates are used: identity certificates for authentication; attribute certificates for authorization; and access-rule certificates for propagation of access control policy. Once a user is identified and authenticated, subsequent access decisions are based on a combination of identity and attribute certificates, with access-rule certificates providing the policy framework. Conclusions Access control in clinical intranet applications can be successfully and securely managed through the use of digital certificates and the DIMEDAC security policy. PMID:11720951

  18. Computer Security Systems Enable Access.

    ERIC Educational Resources Information Center

    Riggen, Gary

    1989-01-01

    A good security system enables access and protects information from damage or tampering, but the most important aspects of a security system aren't technical. A security procedures manual addresses the human element of computer security. (MLW)

  19. 78 FR 51810 - Twenty-Fourth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-08-21

    ...., 1150 18th Street NW., Suite 910, Washington, DC 20036. FOR FURTHER INFORMATION CONTACT: The RTCA... (202) 833-9434, or Web site at http://www.rtca.org . SUPPLEMENTARY INFORMATION: Pursuant to section 10... Security System Standard for Airport Access Control, RTCA Paper No. 168-13/SC224-048 TOR Review--Status of...

  20. An Annotated and Cross-Referenced Bibliography on Computer Security and Access Control in Computer Systems.

    ERIC Educational Resources Information Center

    Bergart, Jeffrey G.; And Others

    This paper represents a careful study of published works on computer security and access control in computer systems. The study includes a selective annotated bibliography of some eighty-five important published results in the field and, based on these papers, analyzes the state of the art. In annotating these works, the authors try to be…

  1. Integration of EGA secure data access into Galaxy.

    PubMed

    Hoogstrate, Youri; Zhang, Chao; Senf, Alexander; Bijlard, Jochem; Hiltemann, Saskia; van Enckevort, David; Repo, Susanna; Heringa, Jaap; Jenster, Guido; J A Fijneman, Remond; Boiten, Jan-Willem; A Meijer, Gerrit; Stubbs, Andrew; Rambla, Jordi; Spalding, Dylan; Abeln, Sanne

    2016-01-01

    High-throughput molecular profiling techniques are routinely generating vast amounts of data for translational medicine studies. Secure access controlled systems are needed to manage, store, transfer and distribute these data due to its personally identifiable nature. The European Genome-phenome Archive (EGA) was created to facilitate access and management to long-term archival of bio-molecular data. Each data provider is responsible for ensuring a Data Access Committee is in place to grant access to data stored in the EGA. Moreover, the transfer of data during upload and download is encrypted. ELIXIR, a European research infrastructure for life-science data, initiated a project (2016 Human Data Implementation Study) to understand and document the ELIXIR requirements for secure management of controlled-access data. As part of this project, a full ecosystem was designed to connect archived raw experimental molecular profiling data with interpreted data and the computational workflows, using the CTMM Translational Research IT (CTMM-TraIT) infrastructure http://www.ctmm-trait.nl as an example. Here we present the first outcomes of this project, a framework to enable the download of EGA data to a Galaxy server in a secure way. Galaxy provides an intuitive user interface for molecular biologists and bioinformaticians to run and design data analysis workflows. More specifically, we developed a tool -- ega_download_streamer - that can download data securely from EGA into a Galaxy server, which can subsequently be further processed. This tool will allow a user within the browser to run an entire analysis containing sensitive data from EGA, and to make this analysis available for other researchers in a reproducible manner, as shown with a proof of concept study.  The tool ega_download_streamer is available in the Galaxy tool shed: https://toolshed.g2.bx.psu.edu/view/yhoogstrate/ega_download_streamer.

  2. Integration of EGA secure data access into Galaxy

    PubMed Central

    Hoogstrate, Youri; Zhang, Chao; Senf, Alexander; Bijlard, Jochem; Hiltemann, Saskia; van Enckevort, David; Repo, Susanna; Heringa, Jaap; Jenster, Guido; Fijneman, Remond J.A.; Boiten, Jan-Willem; A. Meijer, Gerrit; Stubbs, Andrew; Rambla, Jordi; Spalding, Dylan; Abeln, Sanne

    2016-01-01

    High-throughput molecular profiling techniques are routinely generating vast amounts of data for translational medicine studies. Secure access controlled systems are needed to manage, store, transfer and distribute these data due to its personally identifiable nature. The European Genome-phenome Archive (EGA) was created to facilitate access and management to long-term archival of bio-molecular data. Each data provider is responsible for ensuring a Data Access Committee is in place to grant access to data stored in the EGA. Moreover, the transfer of data during upload and download is encrypted. ELIXIR, a European research infrastructure for life-science data, initiated a project (2016 Human Data Implementation Study) to understand and document the ELIXIR requirements for secure management of controlled-access data. As part of this project, a full ecosystem was designed to connect archived raw experimental molecular profiling data with interpreted data and the computational workflows, using the CTMM Translational Research IT (CTMM-TraIT) infrastructure http://www.ctmm-trait.nl as an example. Here we present the first outcomes of this project, a framework to enable the download of EGA data to a Galaxy server in a secure way. Galaxy provides an intuitive user interface for molecular biologists and bioinformaticians to run and design data analysis workflows. More specifically, we developed a tool -- ega_download_streamer - that can download data securely from EGA into a Galaxy server, which can subsequently be further processed. This tool will allow a user within the browser to run an entire analysis containing sensitive data from EGA, and to make this analysis available for other researchers in a reproducible manner, as shown with a proof of concept study.  The tool ega_download_streamer is available in the Galaxy tool shed: https://toolshed.g2.bx.psu.edu/view/yhoogstrate/ega_download_streamer. PMID:28232859

  3. 10 CFR 95.35 - Access to matter classified as National Security Information and Restricted Data.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.35 Access to matter classified as National Security Information and Restricted Data. (a... have access to matter revealing Secret or Confidential National Security Information or Restricted Data...

  4. A service-oriented data access control model

    NASA Astrophysics Data System (ADS)

    Meng, Wei; Li, Fengmin; Pan, Juchen; Song, Song; Bian, Jiali

    2017-01-01

    The development of mobile computing, cloud computing and distributed computing meets the growing individual service needs. Facing with complex application system, it's an urgent problem to ensure real-time, dynamic, and fine-grained data access control. By analyzing common data access control models, on the basis of mandatory access control model, the paper proposes a service-oriented access control model. By regarding system services as subject and data of databases as object, the model defines access levels and access identification of subject and object, and ensures system services securely to access databases.

  5. Innovative dressing and securement of tunneled central venous access devices in pediatrics: a pilot randomized controlled trial.

    PubMed

    Ullman, Amanda J; Kleidon, Tricia; Gibson, Victoria; McBride, Craig A; Mihala, Gabor; Cooke, Marie; Rickard, Claire M

    2017-08-30

    Central venous access device (CVAD) associated complications are a preventable source of patient harm, frequently resulting in morbidity and delays to vital treatment. Dressing and securement products are used to prevent infectious and mechanical complications, however current complication rates suggest customary practices are inadequate. The aim of this study was to evaluate the feasibility of launching a full-scale randomized controlled efficacy trial of innovative dressing and securement products for pediatric tunneled CVAD to prevent complication and failure. An external, pilot, four-group randomized controlled trial of standard care (bordered polyurethane dressing and suture), in comparison to integrated securement-dressing, suture-less securement device, and tissue adhesive was undertaken across two large, tertiary referral pediatric hospitals in Australia. Forty-eight pediatric participants with newly inserted tunneled CVADs were consecutively recruited. The primary outcome of study feasibility was established by elements of eligibility, recruitment, attrition, protocol adherence, missing data, parent and healthcare staff satisfaction and acceptability, and effect size estimates for CVAD failure (cessation of function prior to completion of treatment) and complication (associated bloodstream infection, thrombosis, breakage, dislodgement or occlusion). Dressing integrity, product costs and site complications were also examined. Protocol feasibility was established. CVAD failure was: 17% (2/12) integrated securement-dressing; 8% (1/13) suture-less securement device; 0% tissue adhesive (0/12); and, 0% standard care (0/11). CVAD complications were: 15% (2/13) suture-less securement device (CVAD associated bloodstream infection, and occlusion and partial dislodgement); 8% (1/12) integrated securement-dressing (partial dislodgement); 0% tissue adhesive (0/12); and, 0% standard care (0/11). One CVAD-associated bloodstream infection occurred, within the suture

  6. Information-Flow-Based Access Control for Web Browsers

    NASA Astrophysics Data System (ADS)

    Yoshihama, Sachiko; Tateishi, Takaaki; Tabuchi, Naoshi; Matsumoto, Tsutomu

    The emergence of Web 2.0 technologies such as Ajax and Mashup has revealed the weakness of the same-origin policy[1], the current de facto standard for the Web browser security model. We propose a new browser security model to allow fine-grained access control in the client-side Web applications for secure mashup and user-generated contents. We propose a browser security model that is based on information-flow-based access control (IBAC) to overcome the dynamic nature of the client-side Web applications and to accurately determine the privilege of scripts in the event-driven programming model.

  7. An Expressive, Lightweight and Secure Construction of Key Policy Attribute-Based Cloud Data Sharing Access Control

    NASA Astrophysics Data System (ADS)

    Lin, Guofen; Hong, Hanshu; Xia, Yunhao; Sun, Zhixin

    2017-10-01

    Attribute-based encryption (ABE) is an interesting cryptographic technique for flexible cloud data sharing access control. However, some open challenges hinder its practical application. In previous schemes, all attributes are considered as in the same status while they are not in most of practical scenarios. Meanwhile, the size of access policy increases dramatically with the raise of its expressiveness complexity. In addition, current research hardly notices that mobile front-end devices, such as smartphones, are poor in computational performance while too much bilinear pairing computation is needed for ABE. In this paper, we propose a key-policy weighted attribute-based encryption without bilinear pairing computation (KP-WABE-WB) for secure cloud data sharing access control. A simple weighted mechanism is presented to describe different importance of each attribute. We introduce a novel construction of ABE without executing any bilinear pairing computation. Compared to previous schemes, our scheme has a better performance in expressiveness of access policy and computational efficiency.

  8. Fermilab Security Site Access Request Database

    Science.gov Websites

    Fermilab Security Site Access Request Database Use of the online version of the Fermilab Security Site Access Request Database requires that you login into the ESH&Q Web Site. Note: Only Fermilab generated from the ESH&Q Section's Oracle database on May 27, 2018 05:48 AM. If you have a question

  9. Secure Data Access Control for Fog Computing Based on Multi-Authority Attribute-Based Signcryption with Computation Outsourcing and Attribute Revocation.

    PubMed

    Xu, Qian; Tan, Chengxiang; Fan, Zhijie; Zhu, Wenye; Xiao, Ya; Cheng, Fujia

    2018-05-17

    Nowadays, fog computing provides computation, storage, and application services to end users in the Internet of Things. One of the major concerns in fog computing systems is how fine-grained access control can be imposed. As a logical combination of attribute-based encryption and attribute-based signature, Attribute-based Signcryption (ABSC) can provide confidentiality and anonymous authentication for sensitive data and is more efficient than traditional "encrypt-then-sign" or "sign-then-encrypt" strategy. Thus, ABSC is suitable for fine-grained access control in a semi-trusted cloud environment and is gaining more and more attention recently. However, in many existing ABSC systems, the computation cost required for the end users in signcryption and designcryption is linear with the complexity of signing and encryption access policy. Moreover, only a single authority that is responsible for attribute management and key generation exists in the previous proposed ABSC schemes, whereas in reality, mostly, different authorities monitor different attributes of the user. In this paper, we propose OMDAC-ABSC, a novel data access control scheme based on Ciphertext-Policy ABSC, to provide data confidentiality, fine-grained control, and anonymous authentication in a multi-authority fog computing system. The signcryption and designcryption overhead for the user is significantly reduced by outsourcing the undesirable computation operations to fog nodes. The proposed scheme is proven to be secure in the standard model and can provide attribute revocation and public verifiability. The security analysis, asymptotic complexity comparison, and implementation results indicate that our construction can balance the security goals with practical efficiency in computation.

  10. Secure Data Access Control for Fog Computing Based on Multi-Authority Attribute-Based Signcryption with Computation Outsourcing and Attribute Revocation

    PubMed Central

    Xu, Qian; Tan, Chengxiang; Fan, Zhijie; Zhu, Wenye; Xiao, Ya; Cheng, Fujia

    2018-01-01

    Nowadays, fog computing provides computation, storage, and application services to end users in the Internet of Things. One of the major concerns in fog computing systems is how fine-grained access control can be imposed. As a logical combination of attribute-based encryption and attribute-based signature, Attribute-based Signcryption (ABSC) can provide confidentiality and anonymous authentication for sensitive data and is more efficient than traditional “encrypt-then-sign” or “sign-then-encrypt” strategy. Thus, ABSC is suitable for fine-grained access control in a semi-trusted cloud environment and is gaining more and more attention recently. However, in many existing ABSC systems, the computation cost required for the end users in signcryption and designcryption is linear with the complexity of signing and encryption access policy. Moreover, only a single authority that is responsible for attribute management and key generation exists in the previous proposed ABSC schemes, whereas in reality, mostly, different authorities monitor different attributes of the user. In this paper, we propose OMDAC-ABSC, a novel data access control scheme based on Ciphertext-Policy ABSC, to provide data confidentiality, fine-grained control, and anonymous authentication in a multi-authority fog computing system. The signcryption and designcryption overhead for the user is significantly reduced by outsourcing the undesirable computation operations to fog nodes. The proposed scheme is proven to be secure in the standard model and can provide attribute revocation and public verifiability. The security analysis, asymptotic complexity comparison, and implementation results indicate that our construction can balance the security goals with practical efficiency in computation. PMID:29772840

  11. Distributed clinical data sharing via dynamic access-control policy transformation.

    PubMed

    Rezaeibagha, Fatemeh; Mu, Yi

    2016-05-01

    Data sharing in electronic health record (EHR) systems is important for improving the quality of healthcare delivery. Data sharing, however, has raised some security and privacy concerns because healthcare data could be potentially accessible by a variety of users, which could lead to privacy exposure of patients. Without addressing this issue, large-scale adoption and sharing of EHR data are impractical. The traditional solution to the problem is via encryption. Although encryption can be applied to access control, it is not applicable for complex EHR systems that require multiple domains (e.g. public and private clouds) with various access requirements. This study was carried out to address the security and privacy issues of EHR data sharing with our novel access-control mechanism, which captures the scenario of the hybrid clouds and need of access-control policy transformation, to provide secure and privacy-preserving data sharing among different healthcare enterprises. We introduce an access-control mechanism with some cryptographic building blocks and present a novel approach for secure EHR data sharing and access-control policy transformation in EHR systems for hybrid clouds. We propose a useful data sharing system for healthcare providers to handle various EHR users who have various access privileges in different cloud environments. A systematic study has been conducted on data sharing in EHR systems to provide a solution to the security and privacy issues. In conclusion, we introduce an access-control method for privacy protection of EHRs and EHR policy transformation that allows an EHR access-control policy to be transformed from a private cloud to a public cloud. This method has never been studied previously in the literature. Furthermore, we provide a protocol to demonstrate policy transformation as an application scenario. Copyright © 2016 Elsevier Ireland Ltd. All rights reserved.

  12. Atom-Role-Based Access Control Model

    NASA Astrophysics Data System (ADS)

    Cai, Weihong; Huang, Richeng; Hou, Xiaoli; Wei, Gang; Xiao, Shui; Chen, Yindong

    Role-based access control (RBAC) model has been widely recognized as an efficient access control model and becomes a hot research topic of information security at present. However, in the large-scale enterprise application environments, the traditional RBAC model based on the role hierarchy has the following deficiencies: Firstly, it is unable to reflect the role relationships in complicated cases effectively, which does not accord with practical applications. Secondly, the senior role unconditionally inherits all permissions of the junior role, thus if a user is under the supervisor role, he may accumulate all permissions, and this easily causes the abuse of permission and violates the least privilege principle, which is one of the main security principles. To deal with these problems, we, after analyzing permission types and role relationships, proposed the concept of atom role and built an atom-role-based access control model, called ATRBAC, by dividing the permission set of each regular role based on inheritance path relationships. Through the application-specific analysis, this model can well meet the access control requirements.

  13. Access Control of Web- and Java-Based Applications

    NASA Technical Reports Server (NTRS)

    Tso, Kam S.; Pajevski, Michael J.

    2013-01-01

    Cybersecurity has become a great concern as threats of service interruption, unauthorized access, stealing and altering of information, and spreading of viruses have become more prevalent and serious. Application layer access control of applications is a critical component in the overall security solution that also includes encryption, firewalls, virtual private networks, antivirus, and intrusion detection. An access control solution, based on an open-source access manager augmented with custom software components, was developed to provide protection to both Web-based and Javabased client and server applications. The DISA Security Service (DISA-SS) provides common access control capabilities for AMMOS software applications through a set of application programming interfaces (APIs) and network- accessible security services for authentication, single sign-on, authorization checking, and authorization policy management. The OpenAM access management technology designed for Web applications can be extended to meet the needs of Java thick clients and stand alone servers that are commonly used in the JPL AMMOS environment. The DISA-SS reusable components have greatly reduced the effort for each AMMOS subsystem to develop its own access control strategy. The novelty of this work is that it leverages an open-source access management product that was designed for Webbased applications to provide access control for Java thick clients and Java standalone servers. Thick clients and standalone servers are still commonly used in businesses and government, especially for applications that require rich graphical user interfaces and high-performance visualization that cannot be met by thin clients running on Web browsers

  14. Network Access Control List Situation Awareness

    ERIC Educational Resources Information Center

    Reifers, Andrew

    2010-01-01

    Network security is a large and complex problem being addressed by multiple communities. Nevertheless, current theories in networking security appear to overestimate network administrators' ability to understand network access control lists (NACLs), providing few context specific user analyses. Consequently, the current research generally seems to…

  15. Toward Privacy-preserving Content Access Control for Information Centric Networking

    DTIC Science & Technology

    2014-03-01

    REPORT Toward Privacy-preserving Content Access Control for Information Centric Networking 14. ABSTRACT 16. SECURITY CLASSIFICATION OF: Information...regardless the security mechanisms provided by different content hosting servers. However, using ABE has a drawback that the enforced content access...Encryption (ABE) is a flexible approach to enforce the content access policies regardless the security mechanisms provided by different content hosting

  16. 10 CFR 2.905 - Access to restricted data and national security information for parties; security clearances.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... 10 Energy 1 2010-01-01 2010-01-01 false Access to restricted data and national security... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.905 Access to restricted data and national security information for parties; security clearances. (a) Access...

  17. 10 CFR 2.905 - Access to restricted data and national security information for parties; security clearances.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 10 Energy 1 2011-01-01 2011-01-01 false Access to restricted data and national security... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.905 Access to restricted data and national security information for parties; security clearances. (a) Access...

  18. Towards an Approach of Semantic Access Control for Cloud Computing

    NASA Astrophysics Data System (ADS)

    Hu, Luokai; Ying, Shi; Jia, Xiangyang; Zhao, Kai

    With the development of cloud computing, the mutual understandability among distributed Access Control Policies (ACPs) has become an important issue in the security field of cloud computing. Semantic Web technology provides the solution to semantic interoperability of heterogeneous applications. In this paper, we analysis existing access control methods and present a new Semantic Access Control Policy Language (SACPL) for describing ACPs in cloud computing environment. Access Control Oriented Ontology System (ACOOS) is designed as the semantic basis of SACPL. Ontology-based SACPL language can effectively solve the interoperability issue of distributed ACPs. This study enriches the research that the semantic web technology is applied in the field of security, and provides a new way of thinking of access control in cloud computing.

  19. IT Security Support for the Spaceport Command Control System Development

    NASA Technical Reports Server (NTRS)

    Varise, Brian

    2014-01-01

    My job title is IT Security support for the Spaceport Command & Control System Development. As a cyber-security analyst it is my job to ensure NASA's information stays safe from cyber threats, such as, viruses, malware and denial-of-service attacks by establishing and enforcing system access controls. Security is very important in the world of technology and it is used everywhere from personal computers to giant networks ran by Government agencies worldwide. Without constant monitoring analysis, businesses, public organizations and government agencies are vulnerable to potential harmful infiltration of their computer information system. It is my responsibility to ensure authorized access by examining improper access, reporting violations, revoke access, monitor information request by new programming and recommend improvements. My department oversees the Launch Control System and networks. An audit will be conducted for the LCS based on compliance with the Federal Information Security Management Act (FISMA) and The National Institute of Standards and Technology (NIST). I recently finished analyzing the SANS top 20 critical controls to give cost effective recommendations on various software and hardware products for compliance. Upon my completion of this internship, I will have successfully completed my duties as well as gain knowledge that will be helpful to my career in the future as a Cyber Security Analyst.

  20. Access control and confidentiality in radiology

    NASA Astrophysics Data System (ADS)

    Noumeir, Rita; Chafik, Adil

    2005-04-01

    A medical record contains a large amount of data about the patient such as height, weight and blood pressure. It also contains sensitive information such as fertility, abortion, psychiatric data, sexually transmitted diseases and diagnostic results. Access to this information must be carefully controlled. Information technology has greatly improved patient care. The recent extensive deployment of digital medical images made diagnostic images promptly available to healthcare decision makers, regardless of their geographic location. Medical images are digitally archived, transferred on telecommunication networks, and visualized on computer screens. However, with the widespread use of computing and communication technologies in healthcare, the issue of data security has become increasingly important. Most of the work until now has focused on the security of data communication to ensure its integrity, authentication, confidentiality and user accountability. The mechanisms that have been proposed to achieve the security of data communication are not specific to healthcare. Data integrity can be achieved with data signature. Data authentication can be achieved with certificate exchange. Data confidentiality can be achieved with encryption. User accountability can be achieved with audits. Although these mechanisms are essential to ensure data security during its transfer on the network, access control is needed in order to ensure data confidentiality and privacy within the information system application. In this paper, we present and discuss an access control mechanism that takes into account the notion of a care process. Radiology information is categorized and a model to enforce data privacy is proposed.

  1. 49 CFR 1548.15 - Access to cargo: Security threat assessments for individuals having unescorted access to cargo.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 49 Transportation 9 2010-10-01 2010-10-01 false Access to cargo: Security threat assessments for... SECURITY CIVIL AVIATION SECURITY INDIRECT AIR CARRIER SECURITY § 1548.15 Access to cargo: Security threat... must successfully complete a security threat assessment or comparable security threat assessment...

  2. Analysis of Access Control Policies in Operating Systems

    ERIC Educational Resources Information Center

    Chen, Hong

    2009-01-01

    Operating systems rely heavily on access control mechanisms to achieve security goals and defend against remote and local attacks. The complexities of modern access control mechanisms and the scale of policy configurations are often overwhelming to system administrators and software developers. Therefore, mis-configurations are common, and the…

  3. 14 CFR 1203a.103 - Access to security areas.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false Access to security areas. 1203a.103 Section 1203a.103 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION NASA SECURITY AREAS § 1203a.103 Access to security areas. (a) Only those NASA employees, NASA contractor employees, and...

  4. 14 CFR 1203a.103 - Access to security areas.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Access to security areas. 1203a.103 Section 1203a.103 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION NASA SECURITY AREAS § 1203a.103 Access to security areas. (a) Only those NASA employees, NASA contractor employees, and...

  5. Access Control of Web and Java Based Applications

    NASA Technical Reports Server (NTRS)

    Tso, Kam S.; Pajevski, Michael J.; Johnson, Bryan

    2011-01-01

    Cyber security has gained national and international attention as a result of near continuous headlines from financial institutions, retail stores, government offices and universities reporting compromised systems and stolen data. Concerns continue to rise as threats of service interruption, and spreading of viruses become ever more prevalent and serious. Controlling access to application layer resources is a critical component in a layered security solution that includes encryption, firewalls, virtual private networks, antivirus, and intrusion detection. In this paper we discuss the development of an application-level access control solution, based on an open-source access manager augmented with custom software components, to provide protection to both Web-based and Java-based client and server applications.

  6. Type-Based Access Control in Data-Centric Systems

    NASA Astrophysics Data System (ADS)

    Caires, Luís; Pérez, Jorge A.; Seco, João Costa; Vieira, Hugo Torres; Ferrão, Lúcio

    Data-centric multi-user systems, such as web applications, require flexible yet fine-grained data security mechanisms. Such mechanisms are usually enforced by a specially crafted security layer, which adds extra complexity and often leads to error prone coding, easily causing severe security breaches. In this paper, we introduce a programming language approach for enforcing access control policies to data in data-centric programs by static typing. Our development is based on the general concept of refinement type, but extended so as to address realistic and challenging scenarios of permission-based data security, in which policies dynamically depend on the database state, and flexible combinations of column- and row-level protection of data are necessary. We state and prove soundness and safety of our type system, stating that well-typed programs never break the declared data access control policies.

  7. Access Control Is More than Security.

    ERIC Educational Resources Information Center

    Fickes, Michael

    2002-01-01

    Describes the University of New Mexico's photo identification LOBO card system, which performs both security and validation tasks. It is used in conjunction with several C-CURE 800 Integrated Security Management Systems supplied by Software House of Lexington, Massachusetts. (EV)

  8. Efficient Access Control in Multimedia Social Networks

    NASA Astrophysics Data System (ADS)

    Sachan, Amit; Emmanuel, Sabu

    Multimedia social networks (MMSNs) have provided a convenient way to share multimedia contents such as images, videos, blogs, etc. Contents shared by a person can be easily accessed by anybody else over the Internet. However, due to various privacy, security, and legal concerns people often want to selectively share the contents only with their friends, family, colleagues, etc. Access control mechanisms play an important role in this situation. With access control mechanisms one can decide the persons who can access a shared content and who cannot. But continuously growing content uploads and accesses, fine grained access control requirements (e.g. different access control parameters for different parts in a picture), and specific access control requirements for multimedia contents can make the time complexity of access control to be very large. So, it is important to study an efficient access control mechanism suitable for MMSNs. In this chapter we present an efficient bit-vector transform based access control mechanism for MMSNs. The proposed approach is also compatible with other requirements of MMSNs, such as access rights modification, content deletion, etc. Mathematical analysis and experimental results show the effectiveness and efficiency of our proposed approach.

  9. A Network Access Control Framework for 6LoWPAN Networks

    PubMed Central

    Oliveira, Luís M. L.; Rodrigues, Joel J. P. C.; de Sousa, Amaro F.; Lloret, Jaime

    2013-01-01

    Low power over wireless personal area networks (LoWPAN), in particular wireless sensor networks, represent an emerging technology with high potential to be employed in critical situations like security surveillance, battlefields, smart-grids, and in e-health applications. The support of security services in LoWPAN is considered a challenge. First, this type of networks is usually deployed in unattended environments, making them vulnerable to security attacks. Second, the constraints inherent to LoWPAN, such as scarce resources and limited battery capacity, impose a careful planning on how and where the security services should be deployed. Besides protecting the network from some well-known threats, it is important that security mechanisms be able to withstand attacks that have not been identified before. One way of reaching this goal is to control, at the network access level, which nodes can be attached to the network and to enforce their security compliance. This paper presents a network access security framework that can be used to control the nodes that have access to the network, based on administrative approval, and to enforce security compliance to the authorized nodes. PMID:23334610

  10. 10 CFR 95.35 - Access to matter classified as National Security Information and Restricted Data.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... Information and Restricted Data. 95.35 Section 95.35 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) FACILITY SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.35 Access to matter classified as National Security Information and Restricted Data. (a...

  11. Securing TCP/IP and Dial-up Access to Administrative Data.

    ERIC Educational Resources Information Center

    Conrad, L. Dean

    1992-01-01

    This article describes Arizona State University's solution to security risk inherent in general access systems such as TCP/IP (Transmission Control Protocol/INTERNET Protocol). Advantages and disadvantages of various options are compared, and the process of selecting a log-on authentication approach involving generation of a different password at…

  12. Patient-Centered Access to Secure Systems Online (PCASSO): a secure approach to clinical data access via the World Wide Web.

    PubMed Central

    Masys, D. R.; Baker, D. B.

    1997-01-01

    The Internet's World-Wide Web (WWW) provides an appealing medium for the communication of health related information due to its ease of use and growing popularity. But current technologies for communicating data between WWW clients and servers are systematically vulnerable to certain types of security threats. Prominent among these threats are "Trojan horse" programs running on client workstations, which perform some useful and known function for a user, while breaching security via background functions that are not apparent to the user. The Patient-Centered Access to Secure Systems Online (PCASSO) project of SAIC and UCSD is a research, development and evaluation project to exploit state-of-the-art security and WWW technology for health care. PCASSO is designed to provide secure access to clinical data for healthcare providers and their patients using the Internet. PCASSO will be evaluated for both safety and effectiveness, and may provide a model for secure communications via public data networks. PMID:9357644

  13. Graphs for information security control in software defined networks

    NASA Astrophysics Data System (ADS)

    Grusho, Alexander A.; Abaev, Pavel O.; Shorgin, Sergey Ya.; Timonina, Elena E.

    2017-07-01

    Information security control in software defined networks (SDN) is connected with execution of the security policy rules regulating information accesses and protection against distribution of the malicious code and harmful influences. The paper offers a representation of a security policy in the form of hierarchical structure which in case of distribution of resources for the solution of tasks defines graphs of admissible interactions in a networks. These graphs define commutation tables of switches via the SDN controller.

  14. Global Access-controlled Transfer e-frame (GATe)

    DOE Office of Scientific and Technical Information (OSTI.GOV)

    2012-05-30

    Global Access-controlled Transfer e-frame (GATe) was designed to take advantage of the patterns that occur during an electronic record transfer process. The e-frame (or electronic framework or platform) is the foundation for developing secure information transfer to meet classified and unclassified business processes and is particularly useful when there is a need to share information with various entities in a controlled and secure environment. It can share, search, upload, download and retrieve sensitive information, as well as provides reporting capabilities.

  15. Context-aware access control for pervasive access to process-based healthcare systems.

    PubMed

    Koufi, Vassiliki; Vassilacopoulos, George

    2008-01-01

    Healthcare is an increasingly collaborative enterprise involving a broad range of healthcare services provided by many individuals and organizations. Grid technology has been widely recognized as a means for integrating disparate computing resources in the healthcare field. Moreover, Grid portal applications can be developed on a wireless and mobile infrastructure to execute healthcare processes which, in turn, can provide remote access to Grid database services. Such an environment provides ubiquitous and pervasive access to integrated healthcare services at the point of care, thus improving healthcare quality. In such environments, the ability to provide an effective access control mechanism that meets the requirement of the least privilege principle is essential. Adherence to the least privilege principle requires continuous adjustments of user permissions in order to adapt to the current situation. This paper presents a context-aware access control mechanism for HDGPortal, a Grid portal application which provides access to workflow-based healthcare processes using wireless Personal Digital Assistants. The proposed mechanism builds upon and enhances security mechanisms provided by the Grid Security Infrastructure. It provides tight, just-in-time permissions so that authorized users get access to specific objects according to the current context. These permissions are subject to continuous adjustments triggered by the changing context. Thus, the risk of compromising information integrity during task executions is reduced.

  16. Security of social network credentials for accessing course portal: Users' experience

    NASA Astrophysics Data System (ADS)

    Katuk, Norliza; Fong, Choo Sok; Chun, Koo Lee

    2015-12-01

    Social login (SL) has recently emerged as a solution for single sign-on (SSO) within the web and mobile environments. It allows users to use their existing social network credentials (SNC) to login to third party web applications without the need to create a new identity in the intended applications' database. Although it has been used by many web application providers, its' applicability in accessing learning materials is not yet fully investigated. Hence, this research aims to explore users' (i.e., instructors' and students') perception and experience on the security of SL for accessing learning contents. A course portal was developed for students at a higher learning institution and it provides two types of user authentications (i) traditional user authentication, and (ii) SL facility. Users comprised instructors and students evaluated the login facility of the course portal through a controlled lab experimental study following the within-subject design. The participants provided their feedback in terms of the security of SL for accessing learning contents. The study revealed that users preferred to use SL over the traditional authentication, however, they concerned on the security of SL and their privacy.

  17. [Access control management in electronic health records: a systematic literature review].

    PubMed

    Carrión Señor, Inmaculada; Fernández Alemán, José Luis; Toval, Ambrosio

    2012-01-01

    This study presents the results of a systematic literature review of aspects related to access control in electronic health records systems, wireless security and privacy and security training for users. Information sources consisted of original articles found in Medline, ACM Digital Library, Wiley InterScience, IEEE Digital Library, Science@Direct, MetaPress, ERIC, CINAHL and Trip Database, published between January 2006 and January 2011. A total of 1,208 articles were extracted using a predefined search string and were reviewed by the authors. The final selection consisted of 24 articles. Of the selected articles, 21 dealt with access policies in electronic health records systems. Eleven articles discussed whether access to electronic health records should be granted by patients or by health organizations. Wireless environments were only considered in three articles. Finally, only four articles explicitly mentioned that technical training of staff and/or patients is required. Role-based access control is the preferred mechanism to deploy access policy by the designers of electronic health records. In most systems, access control is managed by users and health professionals, which promotes patients' right to control personal information. Finally, the security of wireless environments is not usually considered. However, one line of research is eHealth in mobile environments, called mHealth. Copyright © 2011 SESPAS. Published by Elsevier Espana. All rights reserved.

  18. 75 FR 4007 - Risk Management Controls for Brokers or Dealers With Market Access

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-01-26

    ... 3235-AK53 Risk Management Controls for Brokers or Dealers With Market Access AGENCY: Securities and... or other persons, to implement risk management controls and supervisory procedures reasonably... access may not utilize any pre-trade risk management controls (i.e., ``unfiltered'' or ``naked'' access...

  19. Collaborative Access Control For Critical Infrastructures

    NASA Astrophysics Data System (ADS)

    Baina, Amine; El Kalam, Anas Abou; Deswarte, Yves; Kaaniche, Mohamed

    A critical infrastructure (CI) can fail with various degrees of severity due to physical and logical vulnerabilities. Since many interdependencies exist between CIs, failures can have dramatic consequences on the entire infrastructure. This paper focuses on threats that affect information and communication systems that constitute the critical information infrastructure (CII). A new collaborative access control framework called PolyOrBAC is proposed to address security problems that are specific to CIIs. The framework offers each organization participating in a CII the ability to collaborate with other organizations while maintaining control of its resources and internal security policy. The approach is demonstrated on a practical scenario involving the electrical power grid.

  20. Access Control Management for SCADA Systems

    NASA Astrophysics Data System (ADS)

    Hong, Seng-Phil; Ahn, Gail-Joon; Xu, Wenjuan

    The information technology revolution has transformed all aspects of our society including critical infrastructures and led a significant shift from their old and disparate business models based on proprietary and legacy environments to more open and consolidated ones. Supervisory Control and Data Acquisition (SCADA) systems have been widely used not only for industrial processes but also for some experimental facilities. Due to the nature of open environments, managing SCADA systems should meet various security requirements since system administrators need to deal with a large number of entities and functions involved in critical infrastructures. In this paper, we identify necessary access control requirements in SCADA systems and articulate access control policies for the simulated SCADA systems. We also attempt to analyze and realize those requirements and policies in the context of role-based access control that is suitable for simplifying administrative tasks in large scale enterprises.

  1. Session Types for Access and Information Flow Control

    NASA Astrophysics Data System (ADS)

    Capecchi, Sara; Castellani, Ilaria; Dezani-Ciancaglini, Mariangiola; Rezk, Tamara

    We consider a calculus for multiparty sessions with delegation, enriched with security levels for session participants and data. We propose a type system that guarantees both session safety and a form of access control. Moreover, this type system ensures secure information flow, including controlled forms of declassification. In particular, the type system prevents leaks that could result from an unrestricted use of the control constructs of the calculus, such as session opening, selection, branching and delegation. We illustrate the use of our type system with a number of examples, which reveal an interesting interplay between the constraints used in security type systems and those used in session types to ensure properties like communication safety and session fidelity.

  2. Fine-Grained Access Control for Electronic Health Record Systems

    NASA Astrophysics Data System (ADS)

    Hue, Pham Thi Bach; Wohlgemuth, Sven; Echizen, Isao; Thuy, Dong Thi Bich; Thuc, Nguyen Dinh

    There needs to be a strategy for securing the privacy of patients when exchanging health records between various entities over the Internet. Despite the fact that health care providers such as Google Health and Microsoft Corp.'s Health Vault comply with the U.S Health Insurance Portability and Accountability Act (HIPAA), the privacy of patients is still at risk. Several encryption schemes and access control mechanisms have been suggested to protect the disclosure of a patient's health record especially from unauthorized entities. However, by implementing these approaches, data owners are not capable of controlling and protecting the disclosure of the individual sensitive attributes of their health records. This raises the need to adopt a secure mechanism to protect personal information against unauthorized disclosure. Therefore, we propose a new Fine-grained Access Control (FGAC) mechanism that is based on subkeys, which would allow a data owner to further control the access to his data at the column-level. We also propose a new mechanism to efficiently reduce the number of keys maintained by a data owner in cases when the users have different access privileges to different columns of the data being shared.

  3. Identity and Access Management and Security in Higher Education.

    ERIC Educational Resources Information Center

    Bruhn, Mark; Gettes, Michael; West, Ann

    2003-01-01

    Discusses the drivers for an identity management system (IdM), components of this system, and its role within a school security strategy, focusing on: basic access management; requirements for access management; middleware support for an access management system; IdM implementation considerations (e.g., access eligibilities, authentication…

  4. High-Performance Secure Database Access Technologies for HEP Grids

    DOE Office of Scientific and Technical Information (OSTI.GOV)

    Matthew Vranicar; John Weicher

    2006-04-17

    The Large Hadron Collider (LHC) at the CERN Laboratory will become the largest scientific instrument in the world when it starts operations in 2007. Large Scale Analysis Computer Systems (computational grids) are required to extract rare signals of new physics from petabytes of LHC detector data. In addition to file-based event data, LHC data processing applications require access to large amounts of data in relational databases: detector conditions, calibrations, etc. U.S. high energy physicists demand efficient performance of grid computing applications in LHC physics research where world-wide remote participation is vital to their success. To empower physicists with data-intensive analysismore » capabilities a whole hyperinfrastructure of distributed databases cross-cuts a multi-tier hierarchy of computational grids. The crosscutting allows separation of concerns across both the global environment of a federation of computational grids and the local environment of a physicist’s computer used for analysis. Very few efforts are on-going in the area of database and grid integration research. Most of these are outside of the U.S. and rely on traditional approaches to secure database access via an extraneous security layer separate from the database system core, preventing efficient data transfers. Our findings are shared by the Database Access and Integration Services Working Group of the Global Grid Forum, who states that "Research and development activities relating to the Grid have generally focused on applications where data is stored in files. However, in many scientific and commercial domains, database management systems have a central role in data storage, access, organization, authorization, etc, for numerous applications.” There is a clear opportunity for a technological breakthrough, requiring innovative steps to provide high-performance secure database access technologies for grid computing. We believe that an innovative database architecture where

  5. DOE`s nation-wide system for access control can solve problems for the federal government

    DOE Office of Scientific and Technical Information (OSTI.GOV)

    Callahan, S.; Tomes, D.; Davis, G.

    1996-07-01

    The U.S. Department of Energy`s (DOE`s) ongoing efforts to improve its physical and personnel security systems while reducing its costs, provide a model for federal government visitor processing. Through the careful use of standardized badges, computer databases, and networks of automated access control systems, the DOE is increasing the security associated with travel throughout the DOE complex, and at the same time, eliminating paperwork, special badging, and visitor delays. The DOE is also improving badge accountability, personnel identification assurance, and access authorization timeliness and accuracy. Like the federal government, the DOE has dozens of geographically dispersed locations run by manymore » different contractors operating a wide range of security systems. The DOE has overcome these obstacles by providing data format standards, a complex-wide virtual network for security, the adoption of a standard high security system, and an open-systems-compatible link for any automated access control system. If the location`s level of security requires it, positive visitor identification is accomplished by personal identification number (PIN) and/or by biometrics. At sites with automated access control systems, this positive identification is integrated into the portals.« less

  6. Evaluating the effectiveness of biometric access control systems

    NASA Astrophysics Data System (ADS)

    Lively, Valerie M.

    2005-05-01

    This paper describes the contribution by the National Safe Skies Alliance (Safe Skies) in operational testing of biometric access control systems under the guidance of the Transportation Security Administration (TSA). Safe Skies has been conducting operational tests of biometric access control systems on behalf of the TSA for approximately four years. The majority of this testing has occurred at the McGhee Tyson Airport (TYS) in Knoxville, Tennessee. Twelve separate biometric devices - eight fingerprint, facial, iris, hand geometry, and fingerprint and iris, have been tested to date. Tests were conducted at a TYS administrative door and different airports to evaluate the access control device under normal, abnormal, and attempt-to-defeat conditions.

  7. Applying the Earth System Grid Security System in a Heterogeneous Environment of Data Access Services

    NASA Astrophysics Data System (ADS)

    Kershaw, Philip; Lawrence, Bryan; Lowe, Dominic; Norton, Peter; Pascoe, Stephen

    2010-05-01

    CEDA (Centre for Environmental Data Archival) based at STFC Rutherford Appleton Laboratory is host to the BADC (British Atmospheric Data Centre) and NEODC (NERC Earth Observation Data Centre) with data holdings of over half a Petabyte. In the coming months this figure is set to increase by over one Petabyte through the BADC's role as one of three data centres to host the CMIP5 (Coupled Model Intercomparison Project Phase 5) core archive of climate model data. Quite apart from the problem of managing the storage of such large volumes there is the challenge of collating the data together from the modelling centres around the world and enabling access to these data for the user community. An infrastructure to support this is being developed under the US Earth System Grid (ESG) and related projects bringing together participating organisations together in a federation. The ESG architecture defines Gateways, the web interfaces that enable users to access data and data serving applications organised into Data Nodes. The BADC has been working in collaboration with US Earth System Grid team and other partners to develop a security system to restrict access to data. This provides single sign-on via both OpenID and PKI based means and uses role based authorisation facilitated by SAML and OpenID based interfaces for attribute retrieval. This presentation will provide an overview of the access control architecture and look at how this has been implemented for CEDA. CEDA has developed an expertise in data access and information services over several years through a number of projects to develop and enhance these capabilities. Participation in CMIP5 comes at a time when a number of other software development activities are coming to fruition. New services are in the process of being deployed alongside services making up the system for ESG. The security system must apply access control across this heterogeneous environment of different data services and technologies. One strand

  8. Policy reconciliation for access control in dynamic cross-enterprise collaborations

    NASA Astrophysics Data System (ADS)

    Preuveneers, D.; Joosen, W.; Ilie-Zudor, E.

    2018-03-01

    In dynamic cross-enterprise collaborations, different enterprises form a - possibly temporary - business relationship. To integrate their business processes, enterprises may need to grant each other limited access to their information systems. Authentication and authorization are key to secure information handling. However, access control policies often rely on non-standardized attributes to describe the roles and permissions of their employees which convolutes cross-organizational authorization when business relationships evolve quickly. Our framework addresses the managerial overhead of continuous updates to access control policies for enterprise information systems to accommodate disparate attribute usage. By inferring attribute relationships, our framework facilitates attribute and policy reconciliation, and automatically aligns dynamic entitlements during the evaluation of authorization decisions. We validate our framework with a Industry 4.0 motivating scenario on networked production where such dynamic cross-enterprise collaborations are quintessential. The evaluation reveals the capabilities and performance of our framework, and illustrates the feasibility of liberating the security administrator from manually provisioning and aligning attributes, and verifying the consistency of access control policies for cross-enterprise collaborations.

  9. Role-based access control permissions

    DOEpatents

    Staggs, Kevin P.; Markham, Thomas R.; Hull Roskos, Julie J.; Chernoguzov, Alexander

    2017-04-25

    Devices, systems, and methods for role-based access control permissions are disclosed. One method includes a policy decision point that receives up-to-date security context information from one or more outside sources to determine whether to grant access for a data client to a portion of the system and creates an access vector including the determination; receiving, via a policy agent, a request by the data client for access to the portion of the computing system by the data client, wherein the policy agent checks to ensure there is a session established with communications and user/application enforcement points; receiving, via communications policy enforcement point, the request from the policy agent, wherein the communications policy enforcement point determines whether the data client is an authorized node, based upon the access vector received from the policy decision point; and receiving, via the user/application policy enforcement point, the request from the communications policy enforcement point.

  10. Secure, Autonomous, Intelligent Controller for Integrating Distributed Sensor Webs

    NASA Technical Reports Server (NTRS)

    Ivancic, William D.

    2007-01-01

    This paper describes the infrastructure and protocols necessary to enable near-real-time commanding, access to space-based assets, and the secure interoperation between sensor webs owned and controlled by various entities. Select terrestrial and aeronautics-base sensor webs will be used to demonstrate time-critical interoperability between integrated, intelligent sensor webs both terrestrial and between terrestrial and space-based assets. For this work, a Secure, Autonomous, Intelligent Controller and knowledge generation unit is implemented using Virtual Mission Operation Center technology.

  11. Providing security for automated process control systems at hydropower engineering facilities

    NASA Astrophysics Data System (ADS)

    Vasiliev, Y. S.; Zegzhda, P. D.; Zegzhda, D. P.

    2016-12-01

    This article suggests the concept of a cyberphysical system to manage computer security of automated process control systems at hydropower engineering facilities. According to the authors, this system consists of a set of information processing tools and computer-controlled physical devices. Examples of cyber attacks on power engineering facilities are provided, and a strategy of improving cybersecurity of hydropower engineering systems is suggested. The architecture of the multilevel protection of the automated process control system (APCS) of power engineering facilities is given, including security systems, control systems, access control, encryption, secure virtual private network of subsystems for monitoring and analysis of security events. The distinctive aspect of the approach is consideration of interrelations and cyber threats, arising when SCADA is integrated with the unified enterprise information system.

  12. The Battle to Secure Our Public Access Computers

    ERIC Educational Resources Information Center

    Sendze, Monique

    2006-01-01

    Securing public access workstations should be a significant part of any library's network and information-security strategy because of the sensitive information patrons enter on these workstations. As the IT manager for the Johnson County Library in Kansas City, Kan., this author is challenged to make sure that thousands of patrons get the access…

  13. Authenticated IGMP for Controlling Access to Multicast Distribution Tree

    NASA Astrophysics Data System (ADS)

    Park, Chang-Seop; Kang, Hyun-Sun

    A receiver access control scheme is proposed to protect the multicast distribution tree from DoS attack induced by unauthorized use of IGMP, by extending the security-related functionality of IGMP. Based on a specific network and business model adopted for commercial deployment of IP multicast applications, a key management scheme is also presented for bootstrapping the proposed access control as well as accounting and billing for CP (Content Provider), NSP (Network Service Provider), and group members.

  14. A dynamic access control method based on QoS requirement

    NASA Astrophysics Data System (ADS)

    Li, Chunquan; Wang, Yanwei; Yang, Baoye; Hu, Chunyang

    2013-03-01

    A dynamic access control method is put forward to ensure the security of the sharing service in Cloud Manufacturing, according to the application characteristics of cloud manufacturing collaborative task. The role-based access control (RBAC) model is extended according to the characteristics of cloud manufacturing in this method. The constraints are considered, which are from QoS requirement of the task context to access control, based on the traditional static authorization. The fuzzy policy rules are established about the weighted interval value of permissions. The access control authorities of executable service by users are dynamically adjusted through the fuzzy reasoning based on the QoS requirement of task. The main elements of the model are described. The fuzzy reasoning algorithm of weighted interval value based QoS requirement is studied. An effective method is provided to resolve the access control of cloud manufacturing.

  15. Perceived and geographic food access and food security status among households with children.

    PubMed

    Ma, Xiaoguang; Liese, Angela D; Bell, Bethany A; Martini, Lauren; Hibbert, James; Draper, Carrie; Burke, Michael P; Jones, Sonya J

    2016-10-01

    To examine the association of both perceived and geographic neighbourhood food access with food security status among households with children. This was a cross-sectional study in which participants' perceptions of neighbourhood food access were assessed by a standard survey instrument, and geographic food access was evaluated by distance to the nearest supermarket. Multinomial logistic regression models were used to examine the associations. The Midlands Family Study included 544 households with children in eight counties in South Carolina, USA. Food security status among participants was classified into three categories: food secure (FS), food insecure (FI) and very low food security among children (VLFS-C). Compared with FS households, VLFS-C households had lower odds of reporting easy access to adequate food shopping. VLFS-C households also had lower odds of reporting neighbourhood access to affordable fruits and vegetables compared with FS households and reported worse selection of fruits and vegetables, quality of fruits and vegetables, and selection of low-fat products. FI households had lower odds of reporting fewer opportunities to purchase fast food. None of the geographic access measures was significantly associated with food security status. Caregivers with children who experienced hunger perceived that they had less access to healthy affordable food in their community, even though grocery stores were present. Approaches to improve perceived access to healthy affordable food should be considered as part of the overall approach to improving food security and eliminating child hunger.

  16. Perceived and Geographic Food Access and Food Security Status among Households with Children

    PubMed Central

    Ma, Xiaoguang; Liese, Angela D.; Bell, Bethany; Martini, Lauren; Hibbert, James; Draper, Carrie; Jones, Sonya J.

    2017-01-01

    Objective To examine the association of both perceived and geographic neighborhood food access with food security status among households with children. Design This was a cross-sectional study in which participants’ perceptions of neighborhood food access were assessed by a standard survey instrument, and geographic food access was evaluated by distance to the nearest supermarket. Multinomial logistic regression models were used to examine the associations. Subjects The Midlands Family Study included 544 households with children in eight counties in South Carolina. Food security status among participants was classified into three categories: food secure (FS), food insecure (FI) and very low food security among children (VLFS-C). Results Compared to FS households, VLFS-C households had lower odds of reporting easy access to adequate food shopping. VLFS-C households also had lower odds of reporting neighborhood access to affordable fruits and vegetables compared to FS households and reported worse selection of fruits and vegetables, quality of fruits and vegetables and selection of low-fat products. FI households had lower odds of reporting fewer opportunities to purchase fast food. None of the geographic access measures was significantly associated with food security status. Conclusions Caregivers with children that experienced hunger perceived that they had less access to healthy affordably food in their community, even though grocery stores were present. Approaches to improve perceived access to healthy affordable food should be considered as part of the overall approach to improving food security and eliminating child hunger. PMID:27133939

  17. 10 CFR 1016.8 - Approval for processing access permittees for security facility approval.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 10 Energy 4 2011-01-01 2011-01-01 false Approval for processing access permittees for security facility approval. 1016.8 Section 1016.8 Energy DEPARTMENT OF ENERGY (GENERAL PROVISIONS) SAFEGUARDING OF RESTRICTED DATA Physical Security § 1016.8 Approval for processing access permittees for security facility...

  18. 10 CFR 1016.8 - Approval for processing access permittees for security facility approval.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... 10 Energy 4 2010-01-01 2010-01-01 false Approval for processing access permittees for security facility approval. 1016.8 Section 1016.8 Energy DEPARTMENT OF ENERGY (GENERAL PROVISIONS) SAFEGUARDING OF RESTRICTED DATA Physical Security § 1016.8 Approval for processing access permittees for security facility...

  19. Secure Web-Site Access with Tickets and Message-Dependent Digests

    USGS Publications Warehouse

    Donato, David I.

    2008-01-01

    Although there are various methods for restricting access to documents stored on a World Wide Web (WWW) site (a Web site), none of the widely used methods is completely suitable for restricting access to Web applications hosted on an otherwise publicly accessible Web site. A new technique, however, provides a mix of features well suited for restricting Web-site or Web-application access to authorized users, including the following: secure user authentication, tamper-resistant sessions, simple access to user state variables by server-side applications, and clean session terminations. This technique, called message-dependent digests with tickets, or MDDT, maintains secure user sessions by passing single-use nonces (tickets) and message-dependent digests of user credentials back and forth between client and server. Appendix 2 provides a working implementation of MDDT with PHP server-side code and JavaScript client-side code.

  20. 28 CFR 16.74 - Exemption of National Security Division Systems-limited access.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... National Security Division Systems—limited access. (a) The following system of records is exempted from... 28 Judicial Administration 1 2010-07-01 2010-07-01 false Exemption of National Security Division Systems-limited access. 16.74 Section 16.74 Judicial Administration DEPARTMENT OF JUSTICE PRODUCTION OR...

  1. Patient-Controlled Attribute-Based Encryption for Secure Electronic Health Records System.

    PubMed

    Eom, Jieun; Lee, Dong Hoon; Lee, Kwangsu

    2016-12-01

    In recent years, many countries have been trying to integrate electronic health data managed by each hospital to offer more efficient healthcare services. Since health data contain sensitive information of patients, there have been much research that present privacy preserving mechanisms. However, existing studies either require a patient to perform various steps to secure the data or restrict the patient to exerting control over the data. In this paper, we propose patient-controlled attribute-based encryption, which enables a patient (a data owner) to control access to the health data and reduces the operational burden for the patient, simultaneously. With our method, the patient has powerful control capability of his/her own health data in that he/she has the final say on the access with time limitation. In addition, our scheme provides emergency medical services which allow the emergency staffs to access the health data without the patient's permission only in the case of emergencies. We prove that our scheme is secure under cryptographic assumptions and analyze its efficiency from the patient's perspective.

  2. Advanced Techniques for Deploying Reliable and Efficient Access Control: Application to E-healthcare.

    PubMed

    Jaïdi, Faouzi; Labbene-Ayachi, Faten; Bouhoula, Adel

    2016-12-01

    Nowadays, e-healthcare is a main advancement and upcoming technology in healthcare industry that contributes to setting up automated and efficient healthcare infrastructures. Unfortunately, several security aspects remain as main challenges towards secure and privacy-preserving e-healthcare systems. From the access control perspective, e-healthcare systems face several issues due to the necessity of defining (at the same time) rigorous and flexible access control solutions. This delicate and irregular balance between flexibility and robustness has an immediate impact on the compliance of the deployed access control policy. To address this issue, the paper defines a general framework to organize thinking about verifying, validating and monitoring the compliance of access control policies in the context of e-healthcare databases. We study the problem of the conformity of low level policies within relational databases and we particularly focus on the case of a medical-records management database defined in the context of a Medical Information System. We propose an advanced solution for deploying reliable and efficient access control policies. Our solution extends the traditional lifecycle of an access control policy and allows mainly managing the compliance of the policy. We refer to an example to illustrate the relevance of our proposal.

  3. Cyber secure systems approach for NPP digital control systems

    DOE Office of Scientific and Technical Information (OSTI.GOV)

    McCreary, T. J.; Hsu, A.

    2006-07-01

    attempting to disrupt network communications by entering the system from an attached utility network or utilizing a modem connected to a control system PC that is in turn connected to a publicly accessible phone; 2)Threat from a user connecting an unauthorized computer to the control network; 3)Threat from a security attack when an unauthorized user gains access to a PC connected to the plant network;. 4)Threat from internal disruption (by plant staff, whether, malicious or otherwise) by unauthorized usage of files or file handling media that opens the system to security threat (as typified in current situation in most control rooms). The plant I and C system cyber security design and the plant specific procedures should adequately demonstrate protection from the four pertinent classes of cyber security attacks. The combination of these features should demonstrate that the system is not vulnerable to any analyzed cyber security attacks either from internal sources or through network connections. The authors will provide configurations that will demonstrate the Cyber Security Zone. (authors)« less

  4. Establishing a Secure Data Center with Remote Access: Preprint

    DOE Office of Scientific and Technical Information (OSTI.GOV)

    Gonder, J.; Burton, E.; Murakami, E.

    2012-04-01

    Access to existing travel data is critical for many analysis efforts that lack the time or resources to support detailed data collection. High-resolution data sets provide particular value, but also present a challenge for preserving the anonymity of the original survey participants. To address this dilemma of providing data access while preserving privacy, the National Renewable Energy Laboratory and the U.S. Department of Transportation have launched the Transportation Secure Data Center (TSDC). TSDC data sets include those from regional travel surveys and studies that increasingly use global positioning system devices. Data provided by different collecting agencies varies with respect tomore » formatting, elements included and level of processing conducted in support of the original purpose. The TSDC relies on a number of geospatial and other analysis tools to ensure data quality and to generate useful information outputs. TSDC users can access the processed data in two different ways. The first is by downloading summary results and second-by-second vehicle speed profiles (with latitude/longitude information removed) from a publicly-accessible website. The second method involves applying for a remote connection account to a controlled-access environment where spatial analysis can be conducted, but raw data cannot be removed.« less

  5. Access control and privacy in large distributed systems

    NASA Technical Reports Server (NTRS)

    Leiner, B. M.; Bishop, M.

    1986-01-01

    Large scale distributed systems consists of workstations, mainframe computers, supercomputers and other types of servers, all connected by a computer network. These systems are being used in a variety of applications including the support of collaborative scientific research. In such an environment, issues of access control and privacy arise. Access control is required for several reasons, including the protection of sensitive resources and cost control. Privacy is also required for similar reasons, including the protection of a researcher's proprietary results. A possible architecture for integrating available computer and communications security technologies into a system that meet these requirements is described. This architecture is meant as a starting point for discussion, rather that the final answer.

  6. MYSEA: The Monterey Security Architecture

    DTIC Science & Technology

    2009-01-01

    Security and Protection, Organization and Design General Terms: Design; Security Keywords: access controls, authentication, information flow controls...Applicable environments include: mil- itary coalitions, agencies and organizations responding to security emergencies, and mandated sharing in business ...network architecture affords users the abil- ity to securely access information across networks at dif- ferent classifications using standardized

  7. Privacy and Access Control for IHE-Based Systems

    NASA Astrophysics Data System (ADS)

    Katt, Basel; Breu, Ruth; Hafner, Micahel; Schabetsberger, Thomas; Mair, Richard; Wozak, Florian

    Electronic Health Record (EHR) is the heart element of any e-health system, which aims at improving the quality and efficiency of healthcare through the use of information and communication technologies. The sensitivity of the data contained in the health record poses a great challenge to security. In this paper we propose a security architecture for EHR systems that are conform with IHE profiles. In this architecture we are tackling the problems of access control and privacy. Furthermore, a prototypical implementation of the proposed model is presented.

  8. The Digital Divide and Patient Portals: Internet Access Explained Differences in Patient Portal Use for Secure Messaging by Age, Race, and Income.

    PubMed

    Graetz, Ilana; Gordon, Nancy; Fung, Vick; Hamity, Courtnee; Reed, Mary E

    2016-08-01

    Online access to health records and the ability to exchange secure messages with physicians can improve patient engagement and outcomes; however, the digital divide could limit access to web-based portals among disadvantaged groups. To understand whether sociodemographic differences in patient portal use for secure messaging can be explained by differences in internet access and care preferences. Cross-sectional survey to examine the association between patient sociodemographic characteristics and internet access and care preferences; then, the association between sociodemographic characteristics and secure message use with and without adjusting for internet access and care preference. One thousand forty-one patients with chronic conditions in a large integrated health care delivery system (76% response rate). Internet access, portal use for secure messaging, preference for in-person or online care, and sociodemographic and health characteristics. Internet access and preference mediated some of the differences in secure message use by age, race, and income. For example, using own computer to access the internet explained 52% of the association between race and secure message use and 60% of the association between income and use (Sobel-Goodman mediation test, P<0.001 for both). Education and sex-related differences in portal use remained statistically significant when controlling for internet access and preference. As the availability and use of patient portals increase, it is important to understand which patients have limited access and the barriers they may face. Improving internet access and making portals available across multiple platforms, including mobile, may reduce some disparities in secure message use.

  9. Effect of security threats on primary care access in Logar province, Afghanistan.

    PubMed

    Morikawa, Masahiro J

    2008-01-01

    Security threats are a major concern for access to health care in many war-torn communities; however, there is little quantified data on actual access to care in rural communities during war. Kinderberg International e.V. provided primary care in rural Logar province, Afghanistan, for these three years in eight districts until they were integrated into the new health care structure led by the Ministry of Health in early 2005. We examined the number of patients visiting our clinic before and during the security threats related to the parliamentary election and subsequent national assembly in 2004. The number of patients declined in remote clinics while the number increased in central locations. This finding has an important practical implication: the monitoring of access to care should include remote clinics, otherwise it may potentially underestimate compromised access to health care due to security threats.

  10. An approach for investigation of secure access processes at a combined e-learning environment

    NASA Astrophysics Data System (ADS)

    Romansky, Radi; Noninska, Irina

    2017-12-01

    The article discuses an approach to investigate processes for regulation the security and privacy control at a heterogenous e-learning environment realized as a combination of traditional and cloud means and tools. Authors' proposal for combined architecture of e-learning system is presented and main subsystems and procedures are discussed. A formalization of the processes for using different types resources (public, private internal and private external) is proposed. The apparatus of Markovian chains (MC) is used for modeling and analytical investigation of the secure access to the resources is used and some assessments are presented.

  11. A federated capability-based access control mechanism for internet of things (IoTs)

    NASA Astrophysics Data System (ADS)

    Xu, Ronghua; Chen, Yu; Blasch, Erik; Chen, Genshe

    2018-05-01

    The prevalence of Internet of Things (IoTs) allows heterogeneous embedded smart devices to collaboratively provide intelligent services with or without human intervention. While leveraging the large-scale IoT-based applications like Smart Gird and Smart Cities, IoT also incurs more concerns on privacy and security. Among the top security challenges that IoTs face is that access authorization is critical in resource and information protection over IoTs. Traditional access control approaches, like Access Control Lists (ACL), Role-based Access Control (RBAC) and Attribute-based Access Control (ABAC), are not able to provide a scalable, manageable and efficient mechanisms to meet requirement of IoT systems. The extraordinary large number of nodes, heterogeneity as well as dynamicity, necessitate more fine-grained, lightweight mechanisms for IoT devices. In this paper, a federated capability-based access control (FedCAC) framework is proposed to enable an effective access control processes to devices, services and information in large scale IoT systems. The federated capability delegation mechanism, based on a propagation tree, is illustrated for access permission propagation. An identity-based capability token management strategy is presented, which involves registering, propagation and revocation of the access authorization. Through delegating centralized authorization decision-making policy to local domain delegator, the access authorization process is locally conducted on the service provider that integrates situational awareness (SAW) and customized contextual conditions. Implemented and tested on both resources-constrained devices, like smart sensors and Raspberry PI, and non-resource-constrained devices, like laptops and smart phones, our experimental results demonstrate the feasibility of the proposed FedCAC approach to offer a scalable, lightweight and fine-grained access control solution to IoT systems connected to a system network.

  12. Feasibility Assessment of a Fine-Grained Access Control Model on Resource Constrained Sensors.

    PubMed

    Uriarte Itzazelaia, Mikel; Astorga, Jasone; Jacob, Eduardo; Huarte, Maider; Romaña, Pedro

    2018-02-13

    Upcoming smart scenarios enabled by the Internet of Things (IoT) envision smart objects that provide services that can adapt to user behavior or be managed to achieve greater productivity. In such environments, smart things are inexpensive and, therefore, constrained devices. However, they are also critical components because of the importance of the information that they provide. Given this, strong security is a requirement, but not all security mechanisms in general and access control models in particular are feasible. In this paper, we present the feasibility assessment of an access control model that utilizes a hybrid architecture and a policy language that provides dynamic fine-grained policy enforcement in the sensors, which requires an efficient message exchange protocol called Hidra. This experimental performance assessment includes a prototype implementation, a performance evaluation model, the measurements and related discussions, which demonstrate the feasibility and adequacy of the analyzed access control model.

  13. Feasibility Assessment of a Fine-Grained Access Control Model on Resource Constrained Sensors

    PubMed Central

    Huarte, Maider; Romaña, Pedro

    2018-01-01

    Upcoming smart scenarios enabled by the Internet of Things (IoT) envision smart objects that provide services that can adapt to user behavior or be managed to achieve greater productivity. In such environments, smart things are inexpensive and, therefore, constrained devices. However, they are also critical components because of the importance of the information that they provide. Given this, strong security is a requirement, but not all security mechanisms in general and access control models in particular are feasible. In this paper, we present the feasibility assessment of an access control model that utilizes a hybrid architecture and a policy language that provides dynamic fine-grained policy enforcement in the sensors, which requires an efficient message exchange protocol called Hidra. This experimental performance assessment includes a prototype implementation, a performance evaluation model, the measurements and related discussions, which demonstrate the feasibility and adequacy of the analyzed access control model. PMID:29438338

  14. Mandatory and Location-Aware Access Control for Relational Databases

    NASA Astrophysics Data System (ADS)

    Decker, Michael

    Access control is concerned with determining which operations a particular user is allowed to perform on a particular electronic resource. For example, an access control decision could say that user Alice is allowed to perform the operation read (but not write) on the resource research report. With conventional access control this decision is based on the user's identity whereas the basic idea of Location-Aware Access Control (LAAC) is to evaluate also a user's current location when making the decision if a particular request should be granted or denied. LAAC is an interesting approach for mobile information systems because these systems are exposed to specific security threads like the loss of a device. Some data models for LAAC can be found in literature, but almost all of them are based on RBAC and none of them is designed especially for Database Management Systems (DBMS). In this paper we therefore propose a LAAC-approach for DMBS and describe a prototypical implementation of that approach that is based on database triggers.

  15. Secure Payload Access to the International Space Station

    NASA Technical Reports Server (NTRS)

    Pitts, R. Lee; Reid, Chris

    2002-01-01

    The ISS finally reached an operational state and exists for local and remote users. Onboard payload systems are managed by the Huntsville Operations Support Center (HOSC). Users access HOSC systems by internet protocols in support of daily operations, preflight simulation, and test. In support of this diverse user community, a modem security architecture has been implemented. The architecture has evolved over time from an isolated but open system to a system which supports local and remote access to the ISS over broad geographic regions. This has been accomplished through the use of an evolved security strategy, PKI, and custom design. Through this paper, descriptions of the migration process and the lessons learned are presented. This will include product decision criteria, rationale, and the use of commodity products in the end architecture. This paper will also stress the need for interoperability of various products and the effects of seemingly insignificant details.

  16. Access and privacy rights using web security standards to increase patient empowerment.

    PubMed

    Falcão-Reis, Filipa; Costa-Pereira, Altamiro; Correia, Manuel E

    2008-01-01

    Electronic Health Record (EHR) systems are becoming more and more sophisticated and include nowadays numerous applications, which are not only accessed by medical professionals, but also by accounting and administrative personnel. This could represent a problem concerning basic rights such as privacy and confidentiality. The principles, guidelines and recommendations compiled by the OECD protection of privacy and trans-border flow of personal data are described and considered within health information system development. Granting access to an EHR should be dependent upon the owner of the record; the patient: he must be entitled to define who is allowed to access his EHRs, besides the access control scheme each health organization may have implemented. In this way, it's not only up to health professionals to decide who have access to what, but the patient himself. Implementing such a policy is walking towards patient empowerment which society should encourage and governments should promote. The paper then introduces a technical solution based on web security standards. This would give patients the ability to monitor and control which entities have access to their personal EHRs, thus empowering them with the knowledge of how much of his medical history is known and by whom. It is necessary to create standard data access protocols, mechanisms and policies to protect the privacy rights and furthermore, to enable patients, to automatically track the movement (flow) of their personal data and information in the context of health information systems. This solution must be functional and, above all, user-friendly and the interface should take in consideration some heuristics of usability in order to provide the user with the best tools. The current official standards on confidentiality and privacy in health care, currently being developed within the EU, are explained, in order to achieve a consensual idea of the guidelines that all member states should follow to transfer

  17. Food Security and Women's Access to Natural Resources workshop; a brief report.

    PubMed

    1997-01-01

    This article describes the workshop on Food Security and Women's Access to Natural Resources, held in January 1997 in Mumbai, India. The workshop was organized jointly by the Tata Institute of Social Sciences and the Indian Association of Women's Studies. The aim was to examine the food security situation in Maharashtra and Gujarat states in the west, the initiative to build alternative institutions, legal changes augmenting industrialization, and how traditional rights to common property resources can be legalized and how the poor can have access to new resources. The workshop organizers were unable to obtain experts on some topics. Core discussion centered on changes in industrialization, natural resources, gender and food security; access to natural resources and poverty alleviation programs; initiatives to create food security; and laws related to access to land and water. Discussions revealed the alienation of small and marginal farmers, landless laborers, and artisans from their livelihoods and survival strategies for these disenfranchised groups. The design of drought eradication and water conservation programs did not permit women and men working at construction sites to have access to the program assets. Case studies revealed situations in which women won the right of access to community water and then negotiated for land in lease. The women used landowners to negotiate credit and access development program assets, but normal channels of the National Bank of Agricultural Research and Development could have provided these benefits. Participants discussed how governments can be held accountable and how public funds could be used to revamp poverty alleviation and asset creation programs. All agreed that macrolevel development should give priority to agricultural development and legal constraints or problems. Five follow-up activities are identified.

  18. Security of medical multimedia.

    PubMed

    Tzelepi, S; Pangalos, G; Nikolacopoulou, G

    2002-09-01

    The application of information technology to health care has generated growing concern about the privacy and security of medical information. Furthermore, data and communication security requirements in the field of multimedia are higher. In this paper we describe firstly the most important security requirements that must be fulfilled by multimedia medical data, and the security measures used to satisfy these requirements. These security measures are based mainly on modern cryptographic and watermarking mechanisms as well as on security infrastructures. The objective of our work is to complete this picture, exploiting the capabilities of multimedia medical data to define and implement an authorization model for regulating access to the data. In this paper we describe an extended role-based access control model by considering, within the specification of the role-permission relationship phase, the constraints that must be satisfied in order for the holders of the permission to use those permissions. The use of constraints allows role-based access control to be tailored to specifiy very fine-grained and flexible content-, context- and time-based access control policies. Other restrictions, such as role entry restriction also can be captured. Finally, the description of system architecture for a secure DBMS is presented.

  19. An improved task-role-based access control model for G-CSCW applications

    NASA Astrophysics Data System (ADS)

    He, Chaoying; Chen, Jun; Jiang, Jie; Han, Gang

    2005-10-01

    Access control is an important and popular security mechanism for multi-user applications. GIS-based Computer Supported Cooperative Work (G-CSCW) application is one of such applications. This paper presents an improved Task-Role-Based Access Control (X-TRBAC) model for G-CSCW applications. The new model inherits the basic concepts of the old ones, such as role and task. Moreover, it has introduced two concepts, i.e. object hierarchy and operation hierarchy, and the corresponding rules to improve the efficiency of permission definition in access control models. The experiments show that the method can simplify the definition of permissions, and it is more applicable for G-CSCW applications.

  20. Ver-i-Fus: an integrated access control and information monitoring and management system

    NASA Astrophysics Data System (ADS)

    Thomopoulos, Stelios C.; Reisman, James G.; Papelis, Yiannis E.

    1997-01-01

    This paper describes the Ver-i-Fus Integrated Access Control and Information Monitoring and Management (IAC-I2M) system that INTELNET Inc. has developed. The Ver-i-Fus IAC-I2M system has been designed to meet the most stringent security and information monitoring requirements while allowing two- way communication between the user and the system. The systems offers a flexible interface that permits to integrate practically any sensing device, or combination of sensing devices, including a live-scan fingerprint reader, thus providing biometrics verification for enhanced security. Different configurations of the system provide solutions to different sets of access control problems. The re-configurable hardware interface, tied together with biometrics verification and a flexible interface that allows to integrate Ver-i-Fus with an MIS, provide an integrated solution to security, time and attendance, labor monitoring, production monitoring, and payroll applications.

  1. Status and determinants of small farming households' food security and role of market access in enhancing food security in rural Pakistan

    PubMed Central

    Ying, Liu; Bashir, Muhammad Khalid; Abid, Muhammad; Zulfiqar, Farhad

    2017-01-01

    In most of the developing countries, lack of resources and little market accessibility are among the major factors that affect small farming household food security. This study aims to investigate the status of small farming households’ food security, and its determinants including the role of market accessibility factors in enhancing food security at household level. In addition, this study also determines the households’ perception about different kinds of livelihoods risks. This study is based on a household survey of 576 households conducted through face-to-face interviews using structured interviews in Punjab, Pakistan. Food security status is calculated using dietary intake method. The study findings show that one-fourth of the households are food insecure. The study findings reveal that farm households perceive increase in food prices, crop diseases, lack of irrigation water and increase in health expenses as major livelihood risks. Further, the results of logistic regression show that family size, monthly income, food prices, health expenses and debt are main factors influencing the food security status of rural households. Furthermore, the market accessibility factors (road distance and transportation cost) do significantly affect the small farming household food security. The results suggest that local food security can be enhanced by creating off-farm employment opportunities, improved transportation facilities and road infrastructure. PMID:29077719

  2. Status and determinants of small farming households' food security and role of market access in enhancing food security in rural Pakistan.

    PubMed

    Ahmed, Umar Ijaz; Ying, Liu; Bashir, Muhammad Khalid; Abid, Muhammad; Zulfiqar, Farhad

    2017-01-01

    In most of the developing countries, lack of resources and little market accessibility are among the major factors that affect small farming household food security. This study aims to investigate the status of small farming households' food security, and its determinants including the role of market accessibility factors in enhancing food security at household level. In addition, this study also determines the households' perception about different kinds of livelihoods risks. This study is based on a household survey of 576 households conducted through face-to-face interviews using structured interviews in Punjab, Pakistan. Food security status is calculated using dietary intake method. The study findings show that one-fourth of the households are food insecure. The study findings reveal that farm households perceive increase in food prices, crop diseases, lack of irrigation water and increase in health expenses as major livelihood risks. Further, the results of logistic regression show that family size, monthly income, food prices, health expenses and debt are main factors influencing the food security status of rural households. Furthermore, the market accessibility factors (road distance and transportation cost) do significantly affect the small farming household food security. The results suggest that local food security can be enhanced by creating off-farm employment opportunities, improved transportation facilities and road infrastructure.

  3. Secure web-based access to radiology: forms and databases for fast queries

    NASA Astrophysics Data System (ADS)

    McColl, Roderick W.; Lane, Thomas J.

    2002-05-01

    Currently, Web-based access to mini-PACS or similar databases commonly utilizes either JavaScript, Java applets or ActiveX controls. Many sites do not permit applets or controls or other binary objects for fear of viruses or worms sent by malicious users. In addition, the typical CGI query mechanism requires several parameters to be sent with the http GET/POST request, which may identify the patient in some way; this in unacceptable for privacy protection. Also unacceptable are pages produced by server-side scripts which can be cached by the browser, since these may also contain sensitive information. We propose a simple mechanism for access to patient information, including images, which guarantees security of information, makes it impossible to bookmark the page, or to return to the page after some defined length of time. In addition, this mechanism is simple, therefore permitting rapid access without the need to initially download an interface such as an applet or control. In addition to image display, the design of the site allows the user to view and save movies of multi-phasic data, or to construct multi-frame datasets from entire series. These capabilities make the site attractive for research purposes such as teaching file preparation.

  4. Formalization of the Access Control on ARM-Android Platform with the B Method

    NASA Astrophysics Data System (ADS)

    Ren, Lu; Wang, Wei; Zhu, Xiaodong; Man, Yujia; Yin, Qing

    2018-01-01

    ARM-Android is a widespread mobile platform with multi-layer access control mechanisms, security-critical in the system. Many access control vulnerabilities still exist due to the course-grained policy and numerous engineering defects, which have been widely studied. However, few researches focus on the mechanism formalization, including the Android permission framework, kernel process management and hardware isolation. This paper first develops a comprehensive formal access control model on the ARM-Android platform using the B method, from the Android middleware to hardware layer. All the model specifications are type checked and proved to be well-defined, with 75%of proof obligations demonstrated automatically. The results show that the proposed B model is feasible to specify and verify access control schemes in the ARM-Android system, and capable of implementing a practical control module.

  5. Experimental realization of an entanglement access network and secure multi-party computation

    NASA Astrophysics Data System (ADS)

    Chang, X.-Y.; Deng, D.-L.; Yuan, X.-X.; Hou, P.-Y.; Huang, Y.-Y.; Duan, L.-M.

    2016-07-01

    To construct a quantum network with many end users, it is critical to have a cost-efficient way to distribute entanglement over different network ends. We demonstrate an entanglement access network, where the expensive resource, the entangled photon source at the telecom wavelength and the core communication channel, is shared by many end users. Using this cost-efficient entanglement access network, we report experimental demonstration of a secure multiparty computation protocol, the privacy-preserving secure sum problem, based on the network quantum cryptography.

  6. Experimental realization of an entanglement access network and secure multi-party computation

    NASA Astrophysics Data System (ADS)

    Chang, Xiuying; Deng, Donglin; Yuan, Xinxing; Hou, Panyu; Huang, Yuanyuan; Duan, Luming; Department of Physics, University of Michigan Collaboration; CenterQuantum Information in Tsinghua University Team

    2017-04-01

    To construct a quantum network with many end users, it is critical to have a cost-efficient way to distribute entanglement over different network ends. We demonstrate an entanglement access network, where the expensive resource, the entangled photon source at the telecom wavelength and the core communication channel, is shared by many end users. Using this cost-efficient entanglement access network, we report experimental demonstration of a secure multiparty computation protocol, the privacy-preserving secure sum problem, based on the network quantum cryptography.

  7. A Flexible Component based Access Control Architecture for OPeNDAP Services

    NASA Astrophysics Data System (ADS)

    Kershaw, Philip; Ananthakrishnan, Rachana; Cinquini, Luca; Lawrence, Bryan; Pascoe, Stephen; Siebenlist, Frank

    2010-05-01

    Network data access services such as OPeNDAP enable widespread access to data across user communities. However, without ready means to restrict access to data for such services, data providers and data owners are constrained from making their data more widely available. Even with such capability, the range of different security technologies available can make interoperability between services and user client tools a challenge. OPeNDAP is a key data access service in the infrastructure under development to support the CMIP5 (Couple Model Intercomparison Project Phase 5). The work is being carried out as part of an international collaboration including the US Earth System Grid and Curator projects and the EU funded IS-ENES and Metafor projects. This infrastructure will bring together Petabytes of climate model data and associated metadata from over twenty modelling centres around the world in a federation with a core archive mirrored at three data centres. A security system is needed to meet the requirements of organisations responsible for model data including the ability to restrict data access to registered users, keep them up to date with changes to data and services, audit access and protect finite computing resources. Individual organisations have existing tools and services such as OPeNDAP with which users in the climate research community are already familiar. The security system should overlay access control in a way which maintains the usability and ease of access to these services. The BADC (British Atmospheric Data Centre) has been working in collaboration with the Earth System Grid development team and partner organisations to develop the security architecture. OpenID and MyProxy were selected at an early stage in the ESG project to provide single sign-on capability across the federation of participating organisations. Building on the existing OPeNDAP specification an architecture based on pluggable server side components has been developed at the BADC

  8. Access control violation prevention by low-cost infrared detection

    NASA Astrophysics Data System (ADS)

    Rimmer, Andrew N.

    2004-09-01

    A low cost 16x16 un-cooled pyroelectric detector array, allied with advanced tracking and detection algorithms, has enabled the development of a universal detector with a wide range of applications in people monitoring and homeland security. Violation of access control systems, whether controlled by proximity card, biometrics, swipe card or similar, may occur by 'tailgating' or 'piggybacking' where an 'approved' entrant with a valid entry card is accompanied by a closely spaced 'non-approved' entrant. The violation may be under duress, where the accompanying person is attempting to enter a secure facility by force or threat. Alternatively, the violation may be benign where staff members collude either through habit or lassitude, either with each other or with third parties, without considering the security consequences. Examples of the latter could include schools, hospitals or maternity homes. The 16x16 pyroelectric array is integrated into a detector or imaging system which incorporates data processing, target extraction and decision making algorithms. The algorithms apply interpolation to the array output, allowing a higher level of resolution than might otherwise be expected from such a low resolution array. The pyroelectric detection principle means that the detection will work in variable light conditions and even in complete darkness, if required. The algorithms can monitor the shape, form, temperature and number of persons in the scene and utilise this information to determine whether a violation has occurred or not. As people are seen as 'hot blobs' and are not individually recognisable, civil liberties are not infringed in the detection process. The output from the detector is a simple alarm signal which may act as input to the access control system as an alert or to trigger CCTV image display and storage. The applications for a tailgate detector can be demonstrated across many medium security applications where there are no physical means to prevent this

  9. Experimental realization of an entanglement access network and secure multi-party computation

    PubMed Central

    Chang, X.-Y.; Deng, D.-L.; Yuan, X.-X.; Hou, P.-Y.; Huang, Y.-Y.; Duan, L.-M.

    2016-01-01

    To construct a quantum network with many end users, it is critical to have a cost-efficient way to distribute entanglement over different network ends. We demonstrate an entanglement access network, where the expensive resource, the entangled photon source at the telecom wavelength and the core communication channel, is shared by many end users. Using this cost-efficient entanglement access network, we report experimental demonstration of a secure multiparty computation protocol, the privacy-preserving secure sum problem, based on the network quantum cryptography. PMID:27404561

  10. Turning Access into a web-enabled secure information system for clinical trials.

    PubMed

    Dongquan Chen; Chen, Wei-Bang; Soong, Mayhue; Soong, Seng-Jaw; Orthner, Helmuth F

    2009-08-01

    Organizations that have limited resources need to conduct clinical studies in a cost-effective, but secure way. Clinical data residing in various individual databases need to be easily accessed and secured. Although widely available, digital certification, encryption, and secure web server, have not been implemented as widely, partly due to a lack of understanding of needs and concerns over issues such as cost and difficulty in implementation. The objective of this study was to test the possibility of centralizing various databases and to demonstrate ways of offering an alternative to a large-scale comprehensive and costly commercial product, especially for simple phase I and II trials, with reasonable convenience and security. We report a working procedure to transform and develop a standalone Access database into a secure Web-based secure information system. For data collection and reporting purposes, we centralized several individual databases; developed, and tested a web-based secure server using self-issued digital certificates. The system lacks audit trails. The cost of development and maintenance may hinder its wide application. The clinical trial databases scattered in various departments of an institution could be centralized into a web-enabled secure information system. The limitations such as the lack of a calendar and audit trail can be partially addressed with additional programming. The centralized Web system may provide an alternative to a comprehensive clinical trial management system.

  11. Development of Decision-Making Automated System for Optimal Placement of Physical Access Control System’s Elements

    NASA Astrophysics Data System (ADS)

    Danilova, Olga; Semenova, Zinaida

    2018-04-01

    The objective of this study is a detailed analysis of physical protection systems development for information resources. The optimization theory and decision-making mathematical apparatus is used to formulate correctly and create an algorithm of selection procedure for security systems optimal configuration considering the location of the secured object’s access point and zones. The result of this study is a software implementation scheme of decision-making system for optimal placement of the physical access control system’s elements.

  12. 10 CFR 95.35 - Access to matter classified as National Security Information and Restricted Data.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... dated February 14, 1984. (2) An established “need-to-know” for the matter (See Definitions, § 95.5). (3... 10 Energy 2 2013-01-01 2013-01-01 false Access to matter classified as National Security... Information § 95.35 Access to matter classified as National Security Information and Restricted Data. (a...

  13. 10 CFR 95.35 - Access to matter classified as National Security Information and Restricted Data.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... dated February 14, 1984. (2) An established “need-to-know” for the matter (See Definitions, § 95.5). (3... 10 Energy 2 2014-01-01 2014-01-01 false Access to matter classified as National Security... Information § 95.35 Access to matter classified as National Security Information and Restricted Data. (a...

  14. Research on a dynamic workflow access control model

    NASA Astrophysics Data System (ADS)

    Liu, Yiliang; Deng, Jinxia

    2007-12-01

    In recent years, the access control technology has been researched widely in workflow system, two typical technologies of that are RBAC (Role-Based Access Control) and TBAC (Task-Based Access Control) model, which has been successfully used in the role authorizing and assigning in a certain extent. However, during the process of complicating a system's structure, these two types of technology can not be used in minimizing privileges and separating duties, and they are inapplicable when users have a request of frequently changing on the workflow's process. In order to avoid having these weakness during the applying, a variable flow dynamic role_task_view (briefly as DRTVBAC) of fine-grained access control model is constructed on the basis existed model. During the process of this model applying, an algorithm is constructed to solve users' requirements of application and security needs on fine-grained principle of privileges minimum and principle of dynamic separation of duties. The DRTVBAC model is implemented in the actual system, the figure shows that the task associated with the dynamic management of role and the role assignment is more flexible on authority and recovery, it can be met the principle of least privilege on the role implement of a specific task permission activated; separated the authority from the process of the duties completing in the workflow; prevented sensitive information discovering from concise and dynamic view interface; satisfied with the requirement of the variable task-flow frequently.

  15. A Stateful Multicast Access Control Mechanism for Future Metro-Area-Networks.

    ERIC Educational Resources Information Center

    Sun, Wei-qiang; Li, Jin-sheng; Hong, Pei-lin

    2003-01-01

    Multicasting is a necessity for a broadband metro-area-network; however security problems exist with current multicast protocols. A stateful multicast access control mechanism, based on MAPE, is proposed. The architecture of MAPE is discussed, as well as the states maintained and messages exchanged. The scheme is flexible and scalable. (Author/AEF)

  16. An Access Control and Trust Management Framework for Loosely-Coupled Multidomain Environments

    ERIC Educational Resources Information Center

    Zhang, Yue

    2010-01-01

    Multidomain environments where multiple organizations interoperate with each other are becoming a reality as can be seen in emerging Internet-based enterprise applications. Access control to ensure secure interoperation in such an environment is a crucial challenge. A multidomain environment can be categorized as "tightly-coupled" and…

  17. Securely and Flexibly Sharing a Biomedical Data Management System

    PubMed Central

    Wang, Fusheng; Hussels, Phillip; Liu, Peiya

    2011-01-01

    Biomedical database systems need not only to address the issues of managing complex data, but also to provide data security and access control to the system. These include not only system level security, but also instance level access control such as access of documents, schemas, or aggregation of information. The latter is becoming more important as multiple users can share a single scientific data management system to conduct their research, while data have to be protected before they are published or IP-protected. This problem is challenging as users’ needs for data security vary dramatically from one application to another, in terms of who to share with, what resources to be shared, and at what access level. We develop a comprehensive data access framework for a biomedical data management system SciPort. SciPort provides fine-grained multi-level space based access control of resources at not only object level (documents and schemas), but also space level (resources set aggregated in a hierarchy way). Furthermore, to simplify the management of users and privileges, customizable role-based user model is developed. The access control is implemented efficiently by integrating access privileges into the backend XML database, thus efficient queries are supported. The secure access approach we take makes it possible for multiple users to share the same biomedical data management system with flexible access management and high data security. PMID:21625285

  18. A game-theoretical approach to multimedia social networks security.

    PubMed

    Liu, Enqiang; Liu, Zengliang; Shao, Fei; Zhang, Zhiyong

    2014-01-01

    The contents access and sharing in multimedia social networks (MSNs) mainly rely on access control models and mechanisms. Simple adoptions of security policies in the traditional access control model cannot effectively establish a trust relationship among parties. This paper proposed a novel two-party trust architecture (TPTA) to apply in a generic MSN scenario. According to the architecture, security policies are adopted through game-theoretic analyses and decisions. Based on formalized utilities of security policies and security rules, the choice of security policies in content access is described as a game between the content provider and the content requester. By the game method for the combination of security policies utility and its influences on each party's benefits, the Nash equilibrium is achieved, that is, an optimal and stable combination of security policies, to establish and enhance trust among stakeholders.

  19. A Game-Theoretical Approach to Multimedia Social Networks Security

    PubMed Central

    Liu, Enqiang; Liu, Zengliang; Shao, Fei; Zhang, Zhiyong

    2014-01-01

    The contents access and sharing in multimedia social networks (MSNs) mainly rely on access control models and mechanisms. Simple adoptions of security policies in the traditional access control model cannot effectively establish a trust relationship among parties. This paper proposed a novel two-party trust architecture (TPTA) to apply in a generic MSN scenario. According to the architecture, security policies are adopted through game-theoretic analyses and decisions. Based on formalized utilities of security policies and security rules, the choice of security policies in content access is described as a game between the content provider and the content requester. By the game method for the combination of security policies utility and its influences on each party's benefits, the Nash equilibrium is achieved, that is, an optimal and stable combination of security policies, to establish and enhance trust among stakeholders. PMID:24977226

  20. AEROSAT Access Control Summary

    DOT National Transportation Integrated Search

    1976-10-01

    The report consists of three basic sections. Section 2 is a discussion of the communications concepts germane to AEROSAT access control. It defines and reviews the principles of multiplexing, multiple access, demand access, and access control and rel...

  1. Aerosat Access Control Summary

    DOT National Transportation Integrated Search

    1976-10-01

    The report consists of three basic sections. Section 2 is a discussion of the communications concepts germane to AEROSAT access control. It defines and reviews the principles of multiplexing, multiple access, demand access, and access control and rel...

  2. Pace: Privacy-Protection for Access Control Enforcement in P2P Networks

    NASA Astrophysics Data System (ADS)

    Sánchez-Artigas, Marc; García-López, Pedro

    In open environments such as peer-to-peer (P2P) systems, the decision to collaborate with multiple users — e.g., by granting access to a resource — is hard to achieve in practice due to extreme decentralization and the lack of trusted third parties. The literature contains a plethora of applications in which a scalable solution for distributed access control is crucial. This fact motivates us to propose a protocol to enforce access control, applicable to networks consisting entirely of untrusted nodes. The main feature of our protocol is that it protects both sensitive permissions and sensitive policies, and does not rely on any centralized authority. We analyze the efficiency (computational effort and communication overhead) as well as the security of our protocol.

  3. System and method for secure group transactions

    DOEpatents

    Goldsmith, Steven Y [Rochester, MN

    2006-04-25

    A method and a secure system, processing on one or more computers, provides a way to control a group transaction. The invention uses group consensus access control and multiple distributed secure agents in a network environment. Each secure agent can organize with the other secure agents to form a secure distributed agent collective.

  4. Ontology based log content extraction engine for a posteriori security control.

    PubMed

    Azkia, Hanieh; Cuppens-Boulahia, Nora; Cuppens, Frédéric; Coatrieux, Gouenou

    2012-01-01

    In a posteriori access control, users are accountable for actions they performed and must provide evidence, when required by some legal authorities for instance, to prove that these actions were legitimate. Generally, log files contain the needed data to achieve this goal. This logged data can be recorded in several formats; we consider here IHE-ATNA (Integrating the healthcare enterprise-Audit Trail and Node Authentication) as log format. The difficulty lies in extracting useful information regardless of the log format. A posteriori access control frameworks often include a log filtering engine that provides this extraction function. In this paper we define and enforce this function by building an IHE-ATNA based ontology model, which we query using SPARQL, and show how the a posteriori security controls are made effective and easier based on this function.

  5. Climate Change and Global Food Security: Food Access, Utilization, and the US Food System

    NASA Astrophysics Data System (ADS)

    Brown, M. E.; Antle, J. M.; Backlund, P. W.; Carr, E. R.; Easterling, W. E.; Walsh, M.; Ammann, C. M.; Attavanich, W.; Barrett, C. B.; Bellemare, M. F.; Dancheck, V.; Funk, C.; Grace, K.; Ingram, J. S. I.; Jiang, H.; Maletta, H.; Mata, T.; Murray, A.; Ngugi, M.; Ojima, D. S.; O'Neill, B. C.; Tebaldi, C.

    2015-12-01

    This paper will summarize results from the USDA report entitled 'Climate change, Global Food Security and the U.S. Food system'. The report focuses on the impact of climate change on global food security, defined as "when all people at all times have physical, social, and economic access to sufficient, safe, and nutritious food to meet their dietary needs and food preferences for an active and healthy life". The assessment brought together authors and contributors from twenty federal, academic, nongovernmental, intergovernmental, and private organizations in four countries to identify climate change effects on food security through 2100, and analyze the U.S.'s likely connections with that world. This talk will describe how climate change will likely affect food access and food utilization, and summarize how the U.S. food system contributes to global food security, and will be affected by climate change.

  6. Quantum key distribution in multicore fibre for secure radio access networks

    NASA Astrophysics Data System (ADS)

    Llorente, Roberto; Provot, Antoine; Morant, Maria

    2018-01-01

    Broadband access in optical domain usually focuses in providing a pervasive cost-effective high bitrate communication in a given area. Nowadays, it is of utmost interest also to be able to provide a secure communication to the costumers in the area. Wireless access networks rely on optical domain for both fronthaul and backhaul of the radio access network (C-RAN). Multicore fiber (MCF) has been proposed as a promising candidate for the optical media of choice in nextgeneration wireless. The capacity demand of next-generation 5G networks makes interesting the use of high-capacity optical solutions as space-division multiplexing of different signals over MCF media. This work addresses secure MCF communication supporting C-RAN architectures. The paper proposes the use of one core in the MCF to transport securely an optical quantum key encoding altogether with end-to-end wireless signal transmitted in the remaining cores in radio-over-fiber (RoF). The RoF wireless signals are suitable for radio access fronthaul and backhaul. The theoretical principle and simulation analysis of quantum key distribution (QKD) are presented in this paper. The potential impact of optical RoF transmission crosstalk impairments is assessed experimentally considering different cellular signals on the remaining optical cores in the MCF. The experimental results report fronthaul performance over a four-core optical fiber with RoF transmission of full-standard CDMA signals providing 3.5G services in one core, HSPA+ signals providing 3.9G services in the second core and 3GPP LTEAdvanced signals providing 4G services in the third core, considering that the QKD signal is allocated in the fourth core.

  7. Security mechanism based on Hospital Authentication Server for secure application of implantable medical devices.

    PubMed

    Park, Chang-Seop

    2014-01-01

    After two recent security attacks against implantable medical devices (IMDs) have been reported, the privacy and security risks of IMDs have been widely recognized in the medical device market and research community, since the malfunctioning of IMDs might endanger the patient's life. During the last few years, a lot of researches have been carried out to address the security-related issues of IMDs, including privacy, safety, and accessibility issues. A physician accesses IMD through an external device called a programmer, for diagnosis and treatment. Hence, cryptographic key management between IMD and programmer is important to enforce a strict access control. In this paper, a new security architecture for the security of IMDs is proposed, based on a 3-Tier security model, where the programmer interacts with a Hospital Authentication Server, to get permissions to access IMDs. The proposed security architecture greatly simplifies the key management between IMDs and programmers. Also proposed is a security mechanism to guarantee the authenticity of the patient data collected from IMD and the nonrepudiation of the physician's treatment based on it. The proposed architecture and mechanism are analyzed and compared with several previous works, in terms of security and performance.

  8. Security Mechanism Based on Hospital Authentication Server for Secure Application of Implantable Medical Devices

    PubMed Central

    2014-01-01

    After two recent security attacks against implantable medical devices (IMDs) have been reported, the privacy and security risks of IMDs have been widely recognized in the medical device market and research community, since the malfunctioning of IMDs might endanger the patient's life. During the last few years, a lot of researches have been carried out to address the security-related issues of IMDs, including privacy, safety, and accessibility issues. A physician accesses IMD through an external device called a programmer, for diagnosis and treatment. Hence, cryptographic key management between IMD and programmer is important to enforce a strict access control. In this paper, a new security architecture for the security of IMDs is proposed, based on a 3-Tier security model, where the programmer interacts with a Hospital Authentication Server, to get permissions to access IMDs. The proposed security architecture greatly simplifies the key management between IMDs and programmers. Also proposed is a security mechanism to guarantee the authenticity of the patient data collected from IMD and the nonrepudiation of the physician's treatment based on it. The proposed architecture and mechanism are analyzed and compared with several previous works, in terms of security and performance. PMID:25276797

  9. Building a Secure Library System.

    ERIC Educational Resources Information Center

    Benson, Allen C.

    1998-01-01

    Presents tips for building a secure library system to guard against threats like hackers, viruses, and theft. Topics include: determining what is at risk; recovering from disasters; developing security policies; developing front-end security; securing menu systems; accessing control programs; protecting against damage from viruses; developing…

  10. An E-Hospital Security Architecture

    NASA Astrophysics Data System (ADS)

    Tian, Fang; Adams, Carlisle

    In this paper, we introduce how to use cryptography in network security and access control of an e-hospital. We first define the security goal of the e-hospital system, and then we analyze the current application system. Our idea is proposed on the system analysis and the related regulations of patients' privacy protection. The security of the whole application system is strengthened through layered security protection. Three security domains in the e-hospital system are defined according to their sensitivity level, and for each domain, we propose different security protections. We use identity based cryptography to establish secure communication channel in the backbone network and policy based cryptography to establish secure communication channel between end users and the backbone network. We also use policy based cryptography in the access control of the application system. We use a symmetric key cryptography to protect the real data in the database. The identity based and policy based cryptography are all based on elliptic curve cryptography—a public key cryptography.

  11. Security System Software

    NASA Technical Reports Server (NTRS)

    1993-01-01

    C Language Integration Production System (CLIPS), a NASA-developed expert systems program, has enabled a security systems manufacturer to design a new generation of hardware. C.CURESystem 1 Plus, manufactured by Software House, is a software based system that is used with a variety of access control hardware at installations around the world. Users can manage large amounts of information, solve unique security problems and control entry and time scheduling. CLIPS acts as an information management tool when accessed by C.CURESystem 1 Plus. It asks questions about the hardware and when given the answer, recommends possible quick solutions by non-expert persons.

  12. Reflective Database Access Control

    ERIC Educational Resources Information Center

    Olson, Lars E.

    2009-01-01

    "Reflective Database Access Control" (RDBAC) is a model in which a database privilege is expressed as a database query itself, rather than as a static privilege contained in an access control list. RDBAC aids the management of database access controls by improving the expressiveness of policies. However, such policies introduce new interactions…

  13. 7 CFR 331.10 - Restricting access to select agents and toxins; security risk assessments.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ...; security risk assessments. 331.10 Section 331.10 Agriculture Regulations of the Department of Agriculture (Continued) ANIMAL AND PLANT HEALTH INSPECTION SERVICE, DEPARTMENT OF AGRICULTURE POSSESSION, USE, AND TRANSFER OF SELECT AGENTS AND TOXINS § 331.10 Restricting access to select agents and toxins; security risk...

  14. High security chaotic multiple access scheme for visible light communication systems with advanced encryption standard interleaving

    NASA Astrophysics Data System (ADS)

    Qiu, Junchao; Zhang, Lin; Li, Diyang; Liu, Xingcheng

    2016-06-01

    Chaotic sequences can be applied to realize multiple user access and improve the system security for a visible light communication (VLC) system. However, since the map patterns of chaotic sequences are usually well known, eavesdroppers can possibly derive the key parameters of chaotic sequences and subsequently retrieve the information. We design an advanced encryption standard (AES) interleaving aided multiple user access scheme to enhance the security of a chaotic code division multiple access-based visible light communication (C-CDMA-VLC) system. We propose to spread the information with chaotic sequences, and then the spread information is interleaved by an AES algorithm and transmitted over VLC channels. Since the computation complexity of performing inverse operations to deinterleave the information is high, the eavesdroppers in a high speed VLC system cannot retrieve the information in real time; thus, the system security will be enhanced. Moreover, we build a mathematical model for the AES-aided VLC system and derive the theoretical information leakage to analyze the system security. The simulations are performed over VLC channels, and the results demonstrate the effectiveness and high security of our presented AES interleaving aided chaotic CDMA-VLC system.

  15. 49 CFR 1546.213 - Access to cargo: Security threat assessments for cargo personnel in the United States.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 49 Transportation 9 2010-10-01 2010-10-01 false Access to cargo: Security threat assessments for...: Security threat assessments for cargo personnel in the United States. This section applies in the United...— (1) Each individual must successfully complete a security threat assessment or comparable security...

  16. Control Systems Cyber Security:Defense in Depth Strategies

    DOE Office of Scientific and Technical Information (OSTI.GOV)

    David Kuipers; Mark Fabro

    2006-05-01

    Information infrastructures across many public and private domains share several common attributes regarding IT deployments and data communications. This is particularly true in the control systems domain. A majority of the systems use robust architectures to enhance business and reduce costs by increasing the integration of external, business, and control system networks. However, multi-network integration strategies often lead to vulnerabilities that greatly reduce the security of an organization, and can expose mission-critical control systems to cyber threats. This document provides guidance and direction for developing ‘defense-in-depth’ strategies for organizations that use control system networks while maintaining a multi-tier information architecturemore » that requires: Maintenance of various field devices, telemetry collection, and/or industrial-level process systems Access to facilities via remote data link or modem Public facing services for customer or corporate operations A robust business environment that requires connections among the control system domain, the external Internet, and other peer organizations.« less

  17. Control Systems Cyber Security: Defense-in-Depth Strategies

    DOE Office of Scientific and Technical Information (OSTI.GOV)

    Mark Fabro

    2007-10-01

    Information infrastructures across many public and private domains share several common attributes regarding IT deployments and data communications. This is particularly true in the control systems domain. A majority of the systems use robust architectures to enhance business and reduce costs by increasing the integration of external, business, and control system networks. However, multi-network integration strategies often lead to vulnerabilities that greatly reduce the security of an organization, and can expose mission-critical control systems to cyber threats. This document provides guidance and direction for developing ‘defense-in-depth’ strategies for organizations that use control system networks while maintaining a multi-tier information architecturemore » that requires: • Maintenance of various field devices, telemetry collection, and/or industrial-level process systems • Access to facilities via remote data link or modem • Public facing services for customer or corporate operations • A robust business environment that requires connections among the control system domain, the external Internet, and other peer organizations.« less

  18. An authentication scheme for secure access to healthcare services.

    PubMed

    Khan, Muhammad Khurram; Kumari, Saru

    2013-08-01

    Last few decades have witnessed boom in the development of information and communication technologies. Health-sector has also been benefitted with this advancement. To ensure secure access to healthcare services some user authentication mechanisms have been proposed. In 2012, Wei et al. proposed a user authentication scheme for telecare medical information system (TMIS). Recently, Zhu pointed out offline password guessing attack on Wei et al.'s scheme and proposed an improved scheme. In this article, we analyze both of these schemes for their effectiveness in TMIS. We show that Wei et al.'s scheme and its improvement proposed by Zhu fail to achieve some important characteristics necessary for secure user authentication. We find that security problems of Wei et al.'s scheme stick with Zhu's scheme; like undetectable online password guessing attack, inefficacy of password change phase, traceability of user's stolen/lost smart card and denial-of-service threat. We also identify that Wei et al.'s scheme lacks forward secrecy and Zhu's scheme lacks session key between user and healthcare server. We therefore propose an authentication scheme for TMIS with forward secrecy which preserves the confidentiality of air messages even if master secret key of healthcare server is compromised. Our scheme retains advantages of Wei et al.'s scheme and Zhu's scheme, and offers additional security. The security analysis and comparison results show the enhanced suitability of our scheme for TMIS.

  19. Security for safety critical space borne systems

    NASA Technical Reports Server (NTRS)

    Legrand, Sue

    1987-01-01

    The Space Station contains safety critical computer software components in systems that can affect life and vital property. These components require a multilevel secure system that provides dynamic access control of the data and processes involved. A study is under way to define requirements for a security model providing access control through level B3 of the Orange Book. The model will be prototyped at NASA-Johnson Space Center.

  20. Application-Defined Decentralized Access Control

    PubMed Central

    Xu, Yuanzhong; Dunn, Alan M.; Hofmann, Owen S.; Lee, Michael Z.; Mehdi, Syed Akbar; Witchel, Emmett

    2014-01-01

    DCAC is a practical OS-level access control system that supports application-defined principals. It allows normal users to perform administrative operations within their privilege, enabling isolation and privilege separation for applications. It does not require centralized policy specification or management, giving applications freedom to manage their principals while the policies are still enforced by the OS. DCAC uses hierarchically-named attributes as a generic framework for user-defined policies such as groups defined by normal users. For both local and networked file systems, its execution time overhead is between 0%–9% on file system microbenchmarks, and under 1% on applications. This paper shows the design and implementation of DCAC, as well as several real-world use cases, including sandboxing applications, enforcing server applications’ security policies, supporting NFS, and authenticating user-defined sub-principals in SSH, all with minimal code changes. PMID:25426493

  1. Digital watermarking in telemedicine applications--towards enhanced data security and accessibility.

    PubMed

    Giakoumaki, Aggeliki L; Perakis, Konstantinos; Tagaris, Anastassios; Koutsouris, Dimitris

    2006-01-01

    Implementing telemedical solutions has become a trend amongst the various research teams at an international level. Yet, contemporary information access and distribution technologies raise critical issues that urgently need to be addressed, especially those related to security. The paper suggests the use of watermarking in telemedical applications in order to enhance security of the transmitted sensitive medical data, familiarizes the users with a telemedical system and a watermarking module that have already been developed, and proposes an architecture that will enable the integration of the two systems, taking into account a variety of use cases and application scenarios.

  2. An end-to-end secure patient information access card system.

    PubMed

    Alkhateeb, A; Singer, H; Yakami, M; Takahashi, T

    2000-03-01

    The rapid development of the Internet and the increasing interest in Internet-based solutions has promoted the idea of creating Internet-based health information applications. This will force a change in the role of IC cards in healthcare card systems from a data carrier to an access key medium. At the Medical Informatics Department of Kyoto University Hospital we are developing a smart card patient information project where patient databases are accessed via the Internet. Strong end-to-end data encryption is performed via Secure Socket Layers, transparent to transmit patient information. The smart card is playing the crucial role of access key to the database: user authentication is performed internally without ever revealing the actual key. For easy acceptance by healthcare professionals, the user interface is integrated as a plug-in for two familiar Web browsers, Netscape Navigator and MS Internet Explorer.

  3. Using K-12 Lessons Learned about How to Balance Accessibility and Test Security to Inform Licensure, Credentialing, and Certification Exam Policies

    ERIC Educational Resources Information Center

    Lazarus, Sheryl S.; van den Heuvel, Jill R.; Thurlow, Martha L.

    2017-01-01

    This paper explores how to balance test security and accessibility on licensure, credentialing, and certification exams. It examines K-12 test security policies related to educational assessments across states to discover lessons learned about how to meet accessibility needs of individuals with disabilities while minimizing test security risks. It…

  4. PKI-based secure mobile access to electronic health services and data.

    PubMed

    Kambourakis, G; Maglogiannis, I; Rouskas, A

    2005-01-01

    Recent research works examine the potential employment of public-key cryptography schemes in e-health environments. In such systems, where a Public Key Infrastructure (PKI) is established beforehand, Attribute Certificates (ACs) and public key enabled protocols like TLS, can provide the appropriate mechanisms to effectively support authentication, authorization and confidentiality services. In other words, mutual trust and secure communications between all the stakeholders, namely physicians, patients and e-health service providers, can be successfully established and maintained. Furthermore, as the recently introduced mobile devices with access to computer-based patient record systems are expanding, the need of physicians and nurses to interact increasingly with such systems arises. Considering public key infrastructure requirements for mobile online health networks, this paper discusses the potential use of Attribute Certificates (ACs) in an anticipated trust model. Typical trust interactions among doctors, patients and e-health providers are presented, indicating that resourceful security mechanisms and trust control can be obtained and implemented. The application of attribute certificates to support medical mobile service provision along with the utilization of the de-facto TLS protocol to offer competent confidentiality and authorization services is also presented and evaluated through experimentation, using both the 802.11 WLAN and General Packet Radio Service (GPRS) networks.

  5. On the designing of a tamper resistant prescription RFID access control system.

    PubMed

    Safkhani, Masoumeh; Bagheri, Nasour; Naderi, Majid

    2012-12-01

    Recently, Chen et al. have proposed a novel tamper resistant prescription RFID access control system, published in the Journal of Medical Systems. In this paper we consider the security of the proposed protocol and identify some existing weaknesses. The main attack is a reader impersonation attack which allows an active adversary to impersonate a legitimate doctor, e.g. the patient's doctor, to access the patient's tag and change the patient prescription. The presented attack is quite efficient. To impersonate a doctor, the adversary should eavesdrop one session between the doctor and the patient's tag and then she can impersonate the doctor with the success probability of '1'. In addition, we present efficient reader-tag to back-end database impersonation, de-synchronization and traceability attacks against the protocol. Finally, we propose an improved version of protocol which is more efficient compared to the original protocol while provides the desired security against the presented attacks.

  6. Secure, web-accessible call rosters for academic radiology departments.

    PubMed

    Nguyen, A V; Tellis, W M; Avrin, D E

    2000-05-01

    Traditionally, radiology department call rosters have been posted via paper and bulletin boards. Frequently, changes to these lists are made by multiple people independently, but often not synchronized, resulting in confusion among the house staff and technical staff as to who is on call and when. In addition, multiple and disparate copies exist in different sections of the department, and changes made would not be propagated to all the schedules. To eliminate such difficulties, a paperless call scheduling application was developed. Our call scheduling program allowed Java-enabled web access to a database by designated personnel from each radiology section who have privileges to make the necessary changes. Once a person made a change, everyone accessing the database would see the modification. This eliminates the chaos resulting from people swapping shifts at the last minute and not having the time to record or broadcast the change. Furthermore, all changes to the database were logged. Users are given a log-in name and password and can only edit their section; however, all personnel have access to all sections' schedules. Our applet was written in Java 2 using the latest technology in database access. We access our Interbase database through the DataExpress and DB Swing (Borland, Scotts Valley, CA) components. The result is secure access to the call rosters via the web. There are many advantages to the web-enabled access, mainly the ability for people to make changes and have the changes recorded and propagated in a single virtual location and available to all who need to know.

  7. Security middleware infrastructure for DICOM images in health information systems.

    PubMed

    Kallepalli, Vijay N V; Ehikioya, Sylvanus A; Camorlinga, Sergio; Rueda, Jose A

    2003-12-01

    In health care, it is mandatory to maintain the privacy and confidentiality of medical data. To achieve this, a fine-grained access control and an access log for accessing medical images are two important aspects that need to be considered in health care systems. Fine-grained access control provides access to medical data only to authorized persons based on priority, location, and content. A log captures each attempt to access medical data. This article describes an overall middleware infrastructure required for secure access to Digital Imaging and Communication in Medicine (DICOM) images, with an emphasis on access control and log maintenance. We introduce a hybrid access control model that combines the properties of two existing models. A trust relationship between hospitals is used to make the hybrid access control model scalable across hospitals. We also discuss events that have to be logged and where the log has to be maintained. A prototype of security middleware infrastructure is implemented.

  8. Ground water security and drought in Africa: linking availability, access, and demand.

    PubMed

    Calow, Roger C; Macdonald, Alan M; Nicol, Alan L; Robins, Nick S

    2010-01-01

    Drought in Africa has been extensively researched, particularly from meteorological, agricultural, and food security perspectives. However, the impact of drought on water security, particularly ground water dependent rural water supplies, has received much less attention. Policy responses have concentrated on food needs, and it has often been difficult to mobilize resources for water interventions, despite evidence that access to safe water is a serious and interrelated concern. Studies carried out in Ghana, Malawi, South Africa, and Ethiopia highlight how rural livelihoods are affected by seasonal stress and longer-term drought. Declining access to food and water is a common and interrelated problem. Although ground water plays a vital role in buffering the effects of rainfall variability, water shortages and difficulties in accessing water that is available can affect domestic and productive water uses, with knock-on effects on food consumption and production. Total depletion of available ground water resources is rarely the main concern. A more common scenario is a spiral of water insecurity as shallow water sources fail, additional demands are put on remaining sources, and mechanical failures increase. These problems can be planned for within normal development programs. Water security mapping can help identify vulnerable areas, and changes to monitoring systems can ensure early detection of problems. Above all, increasing the coverage of ground water-based rural water supplies, and ensuring that the design and siting of water points is informed by an understanding of hydrogeological conditions and user demand, can significantly increase the resilience of rural communities to climate variability.

  9. 33 CFR 106.265 - Security measures for restricted areas.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ...) Telecommunications; (iii) Power distribution system; (iv) Access points for ventilation and air-conditioning systems... security areas within the OCS facility; (6) Protect security and surveillance equipment and systems; and (7... security and surveillance equipment and systems and their controls, and lighting system controls; and (3...

  10. Access Control Model for Sharing Composite Electronic Health Records

    NASA Astrophysics Data System (ADS)

    Jin, Jing; Ahn, Gail-Joon; Covington, Michael J.; Zhang, Xinwen

    The adoption of electronically formatted medical records, so called Electronic Health Records (EHRs), has become extremely important in healthcare systems to enable the exchange of medical information among stakeholders. An EHR generally consists of data with different types and sensitivity degrees which must be selectively shared based on the need-to-know principle. Security mechanisms are required to guarantee that only authorized users have access to specific portions of such critical record for legitimate purposes. In this paper, we propose a novel approach for modelling access control scheme for composite EHRs. Our model formulates the semantics and structural composition of an EHR document, from which we introduce a notion of authorized zones of the composite EHR at different granularity levels, taking into consideration of several important criteria such as data types, intended purposes and information sensitivities.

  11. Face Recognition for Access Control Systems Combining Image-Difference Features Based on a Probabilistic Model

    NASA Astrophysics Data System (ADS)

    Miwa, Shotaro; Kage, Hiroshi; Hirai, Takashi; Sumi, Kazuhiko

    We propose a probabilistic face recognition algorithm for Access Control System(ACS)s. Comparing with existing ACSs using low cost IC-cards, face recognition has advantages in usability and security that it doesn't require people to hold cards over scanners and doesn't accept imposters with authorized cards. Therefore face recognition attracts more interests in security markets than IC-cards. But in security markets where low cost ACSs exist, price competition is important, and there is a limitation on the quality of available cameras and image control. Therefore ACSs using face recognition are required to handle much lower quality images, such as defocused and poor gain-controlled images than high security systems, such as immigration control. To tackle with such image quality problems we developed a face recognition algorithm based on a probabilistic model which combines a variety of image-difference features trained by Real AdaBoost with their prior probability distributions. It enables to evaluate and utilize only reliable features among trained ones during each authentication, and achieve high recognition performance rates. The field evaluation using a pseudo Access Control System installed in our office shows that the proposed system achieves a constant high recognition performance rate independent on face image qualities, that is about four times lower EER (Equal Error Rate) under a variety of image conditions than one without any prior probability distributions. On the other hand using image difference features without any prior probabilities are sensitive to image qualities. We also evaluated PCA, and it has worse, but constant performance rates because of its general optimization on overall data. Comparing with PCA, Real AdaBoost without any prior distribution performs twice better under good image conditions, but degrades to a performance as good as PCA under poor image conditions.

  12. 49 CFR 1546.213 - Access to cargo: Security threat assessments for cargo personnel in the United States.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... the cargo enters an airport Security Identification Display Area or is transferred to another TSA... under §§ 1546.101(a) or (b) accepts the cargo, until the cargo— (A) Enters an airport Security... 49 Transportation 9 2012-10-01 2012-10-01 false Access to cargo: Security threat assessments for...

  13. 49 CFR 1546.213 - Access to cargo: Security threat assessments for cargo personnel in the United States.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... the cargo enters an airport Security Identification Display Area or is transferred to another TSA... under §§ 1546.101(a) or (b) accepts the cargo, until the cargo— (A) Enters an airport Security... 49 Transportation 9 2014-10-01 2014-10-01 false Access to cargo: Security threat assessments for...

  14. 49 CFR 1546.213 - Access to cargo: Security threat assessments for cargo personnel in the United States.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... the cargo enters an airport Security Identification Display Area or is transferred to another TSA... under §§ 1546.101(a) or (b) accepts the cargo, until the cargo— (A) Enters an airport Security... 49 Transportation 9 2013-10-01 2013-10-01 false Access to cargo: Security threat assessments for...

  15. 49 CFR 1546.213 - Access to cargo: Security threat assessments for cargo personnel in the United States.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... the cargo enters an airport Security Identification Display Area or is transferred to another TSA... under §§ 1546.101(a) or (b) accepts the cargo, until the cargo— (A) Enters an airport Security... 49 Transportation 9 2011-10-01 2011-10-01 false Access to cargo: Security threat assessments for...

  16. Agent of opportunity risk mitigation: people, engineering, and security efficacy.

    PubMed

    Graham, Margaret E; Tunik, Michael G; Farmer, Brenna M; Bendzans, Carly; McCrillis, Aileen M; Nelson, Lewis S; Portelli, Ian; Smith, Silas; Goldberg, Judith D; Zhang, Meng; Rosenberg, Sheldon D; Goldfrank, Lewis R

    2010-12-01

    Agents of opportunity (AO) are potentially harmful biological, chemical, radiological, and pharmaceutical substances commonly used for health care delivery and research. AOs are present in all academic medical centers (AMC), creating vulnerability in the health care sector; AO attributes and dissemination methods likely predict risk; and AMCs are inadequately secured against a purposeful AO dissemination, with limited budgets and competing priorities. We explored health care workers' perceptions of AMC security and the impact of those perceptions on AO risk. Qualitative methods (survey, interviews, and workshops) were used to collect opinions from staff working in a medical school and 4 AMC-affiliated hospitals concerning AOs and the risk to hospital infrastructure associated with their uncontrolled presence. Secondary to this goal, staff perception concerning security, or opinions about security behaviors of others, were extracted, analyzed, and grouped into themes. We provide a framework for depicting the interaction of staff behavior and access control engineering, including the tendency of staff to "defeat" inconvenient access controls. In addition, 8 security themes emerged: staff security behavior is a significant source of AO risk; the wide range of opinions about "open" front-door policies among AMC staff illustrates a disparity of perceptions about the need for security; interviewees expressed profound skepticism concerning the effectiveness of front-door access controls; an AO risk assessment requires reconsideration of the security levels historically assigned to areas such as the loading dock and central distribution sites, where many AOs are delivered and may remain unattended for substantial periods of time; researchers' view of AMC security is influenced by the ongoing debate within the scientific community about the wisdom of engaging in bioterrorism research; there was no agreement about which areas of the AMC should be subject to stronger access

  17. Efforts to secure universal access to HIV/AIDS treatment: a comparison of BRICS countries.

    PubMed

    Sun, Jing; Boing, Alexandra Crispim; Silveira, Marysabel P T; Bertoldi, Andréa D; Ziganshina, Liliya E; Khaziakhmetova, Veronica N; Khamidulina, Rashida M; Chokshi, Maulik R; McGee, Shelley; Suleman, Fatima

    2014-02-01

    This article illustrates how the BRICS countries have been building their focused leadership, making important high level commitment and national policy changes, and improving their health systems, in addressing the HIV/AIDS epidemics in respective settings. Specific aspects are focused on efforts of creating public provisions to secure universal access to ARVs from the aspects of active responsive system and national program, health system strengthening, fostering local production of ARVs, supply chain management, and information system strengthening. Challenges in each BRICS country are analyzed respectively. The most important contributors to the success of response to HIV/AIDS include: creating legal basis for healthcare as a fundamental human right; political commitment to necessary funding for universal access and concrete actions to secure equal quality care; comprehensive system to secure demands that all people in need are capable of accessing prevention, treatment and care; active community involvement; decentralization of the management system considering the local settings; integration of treatment and prevention; taking horizontal approach to strengthen health systems; fully use of the TRIPS flexibility; and regular monitoring and evaluation to serve evidence based decision making. © 2013 Chinese Cochrane Center, West China Hospital of Sichuan University and Wiley Publishing Asia Pty Ltd.

  18. Security Controls Hurt Research, NAS Warns.

    ERIC Educational Resources Information Center

    Kolata, Gina

    1982-01-01

    A National Academy of Sciences (NAS) report found no evidence that leaks of technical information from universities or other research centers have damaged national security. However, in areas where control is warranted, decisions should be based on criteria. These criteria and issues related to security control and technological transfer are…

  19. Access and accounting schemes of wireless broadband

    NASA Astrophysics Data System (ADS)

    Zhang, Jian; Huang, Benxiong; Wang, Yan; Yu, Xing

    2004-04-01

    In this paper, two wireless broadband access and accounting schemes were introduced. There are some differences in the client and the access router module between them. In one scheme, Secure Shell (SSH) protocol is used in the access system. The SSH server makes the authentication based on private key cryptography. The advantage of this scheme is the security of the user's information, and we have sophisticated access control. In the other scheme, Secure Sockets Layer (SSL) protocol is used the access system. It uses the technology of public privacy key. Nowadays, web browser generally combines HTTP and SSL protocol and we use the SSL protocol to implement the encryption of the data between the clients and the access route. The schemes are same in the radius sever part. Remote Authentication Dial in User Service (RADIUS), as a security protocol in the form of Client/Sever, is becoming an authentication/accounting protocol for standard access to the Internet. It will be explained in a flow chart. In our scheme, the access router serves as the client to the radius server.

  20. 17 CFR 240.15c3-5 - Risk management controls for brokers or dealers with market access.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... determining that such customer, based on its position in the transaction and relationship with an ultimate... 17 Commodity and Securities Exchanges 3 2011-04-01 2011-04-01 false Risk management controls for... Markets § 240.15c3-5 Risk management controls for brokers or dealers with market access. (a) For the...

  1. 17 CFR 240.15c3-5 - Risk management controls for brokers or dealers with market access.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... determining that such customer, based on its position in the transaction and relationship with an ultimate... 17 Commodity and Securities Exchanges 3 2012-04-01 2012-04-01 false Risk management controls for... Markets § 240.15c3-5 Risk management controls for brokers or dealers with market access. (a) For the...

  2. UNIX security in a supercomputing environment

    NASA Technical Reports Server (NTRS)

    Bishop, Matt

    1989-01-01

    The author critiques some security mechanisms in most versions of the Unix operating system and suggests more effective tools that either have working prototypes or have been implemented, for example in secure Unix systems. Although no computer (not even a secure one) is impenetrable, breaking into systems with these alternate mechanisms will cost more, require more skill, and be more easily detected than penetrations of systems without these mechanisms. The mechanisms described fall into four classes (with considerable overlap). User authentication at the local host affirms the identity of the person using the computer. The principle of least privilege dictates that properly authenticated users should have rights precisely sufficient to perform their tasks, and system administration functions should be compartmentalized; to this end, access control lists or capabilities should either replace or augment the default Unix protection system, and mandatory access controls implementing multilevel security models and integrity mechanisms should be available. Since most users access supercomputing environments using networks, the third class of mechanisms augments authentication (where feasible). As no security is perfect, the fourth class of mechanism logs events that may indicate possible security violations; this will allow the reconstruction of a successful penetration (if discovered), or possibly the detection of an attempted penetration.

  3. A Framework for Translating a High Level Security Policy into Low Level Security Mechanisms

    NASA Astrophysics Data System (ADS)

    Hassan, Ahmed A.; Bahgat, Waleed M.

    2010-01-01

    Security policies have different components; firewall, active directory, and IDS are some examples of these components. Enforcement of network security policies to low level security mechanisms faces some essential difficulties. Consistency, verification, and maintenance are the major ones of these difficulties. One approach to overcome these difficulties is to automate the process of translation of high level security policy into low level security mechanisms. This paper introduces a framework of an automation process that translates a high level security policy into low level security mechanisms. The framework is described in terms of three phases; in the first phase all network assets are categorized according to their roles in the network security and relations between them are identified to constitute the network security model. This proposed model is based on organization based access control (OrBAC). However, the proposed model extend the OrBAC model to include not only access control policy but also some other administrative security policies like auditing policy. Besides, the proposed model enables matching of each rule of the high level security policy with the corresponding ones of the low level security policy. Through the second phase of the proposed framework, the high level security policy is mapped into the network security model. The second phase could be considered as a translation of the high level security policy into an intermediate model level. Finally, the intermediate model level is translated automatically into low level security mechanism. The paper illustrates the applicability of proposed approach through an application example.

  4. Glycemic Control Associated With Secure Patient-Provider Messaging Within a Shared Electronic Medical Record

    PubMed Central

    Harris, Lynne T.; Koepsell, Thomas D.; Haneuse, Sebastien J.; Martin, Diane P.; Ralston, James D.

    2013-01-01

    OBJECTIVE To study differences in glycemic control and HbA1c testing associated with use of secure electronic patient-provider messaging. We hypothesized that messaging use would be associated with better glycemic control and a higher rate of adherence to HbA1c testing recommendations. RESEARCH DESIGN AND METHODS Retrospective observational study of secure messaging at Group Health, a large nonprofit health care system. Our analysis included adults with diabetes who had registered for access to a shared electronic medical record (SMR) between 2003 and 2006. We fit log-linear regression models, using generalized estimating equations, to estimate the adjusted rate ratio of meeting three indicators of glycemic control (HbA1c <7%, HbA1c <8%, and HbA1c >9%) and HbA1c testing adherence by level of previous messaging use. Multiple imputation and inverse probability weights were used to account for missing data. RESULTS During the study period, 6,301 adults with diabetes registered for access to the SMR. Of these individuals, 74% used messaging at least once during that time. Frequent use of messaging during the previous calendar quarter was associated with a higher rate of good glycemic control (HbA1c <7%: rate ratio, 1.26 [95% CI, 1.15–1.37]) and a higher rate testing adherence (1.20 [1.15–1.25]). CONCLUSIONS Among SMR users, recent and frequent messaging use was associated with better glycemic control and a higher rate of HbA1c testing adherence. These results suggest that secure messaging may facilitate important processes of care and help some patients to achieve or maintain adequate glycemic control. PMID:23628618

  5. Threats and risks to information security: a practical analysis of free access wireless networks

    NASA Astrophysics Data System (ADS)

    Quirumbay, Daniel I.; Coronel, Iván. A.; Bayas, Marcia M.; Rovira, Ronald H.; Gromaszek, Konrad; Tleshova, Akmaral; Kozbekova, Ainur

    2017-08-01

    Nowadays, there is an ever-growing need to investigate, consult and communicate through the internet. This need leads to the intensification of free access to the web in strategic and functional points for the benefit of the community. However, this open access is also related to the increase of information insecurity. The existing works on computer security primarily focus on the development of techniques to reduce cyber-attacks. However, these approaches do not address the sector of inexperienced users who have difficulty understanding browser settings. Two methods can solve this problem: first the development of friendly browsers with intuitive setups for new users and on the other hand, by implementing awareness programs on essential security without deepening on technical information. This article addresses an analysis of the vulnerabilities of wireless equipment that provides internet service in the open access zones and the potential risks that could be found when using these means.

  6. Food security is related to adult type 2 diabetes control over time in a United States safety net primary care clinic population.

    PubMed

    Shalowitz, M U; Eng, J S; McKinney, C O; Krohn, J; Lapin, B; Wang, C-H; Nodine, E

    2017-05-15

    Successful Type 2 diabetes management requires adopting a high nutrient-density diet made up of food items that both meet dietary needs and preferences and can be feasibly obtained on a regular basis. However, access to affordable, nutrient-dense foods often is lacking in poorer neighbourhoods. Therefore, low food security should directly impair glucose control, even when patients have full access to and utilize comprehensive medical management. The present study sought to determine whether food security is related longitudinally to glucose control, over-and-above ongoing medication management, among Type 2 diabetes patients receiving comprehensive care at a Midwestern multi-site federally qualified health centre (FQHC). In this longitudinal observational study, we completed a baseline assessment of patients' food security (using the US Household Food Security Module), demographics (via Census items), and diabetes history/management (using a structured clinical encounter form) when patients began receiving diabetes care at the health centre. We then recorded those patients' A1C levels several times during a 24-month follow-up period. Three hundred and ninety-nine patients (56% with low food security) had a baseline A1c measurement; a subsample of 336 (median age=52 years; 56% female; 60% Hispanic, 27% African American, and 9% White) also had at least one follow-up A1c measurement. Patients with lower (vs higher) food security were more likely to be on insulin and have higher A1c levels at baseline. Moreover, the disparity in glucose control by food security status persisted throughout the next 2 years. Although results were based on one multi-site FQHC, potentially limiting their generalizability, they seem to suggest that among Type 2 diabetes patients, low food security directly impairs glucose control-even when patients receive full access to comprehensive medical management-thereby increasing their long-term risks of high morbidity, early mortality, and high

  7. 17 CFR 240.15c3-5 - Risk management controls for brokers or dealers with market access.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 17 Commodity and Securities Exchanges 3 2013-04-01 2013-04-01 false Risk management controls for... Markets § 240.15c3-5 Risk management controls for brokers or dealers with market access. (a) For the... system provided by a broker-dealer operator of an alternative trading system to a non-broker-dealer. (2...

  8. 17 CFR 240.15c3-5 - Risk management controls for brokers or dealers with market access.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 17 Commodity and Securities Exchanges 4 2014-04-01 2014-04-01 false Risk management controls for... Markets § 240.15c3-5 Risk management controls for brokers or dealers with market access. (a) For the... system provided by a broker-dealer operator of an alternative trading system to a non-broker-dealer. (2...

  9. 49 CFR 1544.228 - Access to cargo and cargo screening: Security threat assessments for cargo personnel in the...

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... cargo enters an airport Security Identification Display Area or is transferred to another TSA-regulated... program accepts the cargo until the cargo— (A) Enters an airport Security Identification Display Area; (B... 49 Transportation 9 2012-10-01 2012-10-01 false Access to cargo and cargo screening: Security...

  10. 49 CFR 1544.228 - Access to cargo and cargo screening: Security threat assessments for cargo personnel in the...

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... cargo enters an airport Security Identification Display Area or is transferred to another TSA-regulated... program accepts the cargo until the cargo— (A) Enters an airport Security Identification Display Area; (B... 49 Transportation 9 2014-10-01 2014-10-01 false Access to cargo and cargo screening: Security...

  11. 49 CFR 1544.228 - Access to cargo and cargo screening: Security threat assessments for cargo personnel in the...

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... cargo enters an airport Security Identification Display Area or is transferred to another TSA-regulated... program accepts the cargo until the cargo— (A) Enters an airport Security Identification Display Area; (B... 49 Transportation 9 2013-10-01 2013-10-01 false Access to cargo and cargo screening: Security...

  12. 49 CFR 1544.228 - Access to cargo and cargo screening: Security threat assessments for cargo personnel in the...

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... cargo enters an airport Security Identification Display Area or is transferred to another TSA-regulated... program accepts the cargo until the cargo— (A) Enters an airport Security Identification Display Area; (B... 49 Transportation 9 2011-10-01 2011-10-01 false Access to cargo and cargo screening: Security...

  13. Maternal Strategies to Access Food Differ by Food Security Status

    PubMed Central

    Gorman, Kathleen S.; McCurdy, Karen; Kisler, Tiffani; Metallinos-Katsaras, Elizabeth

    2016-01-01

    Background Household food insecurity is associated with health and behavior risk. Much less is known about how food insecurity is related to strategies that adults use in accessing food: how and where they shop, use of alternative food sources and their ability to manage resources. Objective To examine how maternal behaviors including shopping, accessing alternative sources of food and managing resources are related to household food security status (HHFSS). Design Cross-sectional study collecting survey data on HHFSS, shopping behaviors, use of alternative food sources and managing resources obtained from low income mothers of preschoolers. Participants 164 low-income mothers of young children (55% Hispanic) from two communities in Rhode Island. Measures HHFSS was measured using ten items from the 18-item Core Food Security Module to assess adult food security. Mothers were surveyed about where, when and how often they shopped; the strategies they use when shopping; their use of alternative sources of food including federal, state and local assistance; and their ability to manage their resources. Statistical analyses Analysis of Variance and Chi-square analyses assessed the associations between demographic variables, shopping, accessing alternative food sources and managing resources, and HHFSS. Multivariate logistic regression assessed the associations between HHFSS and maternal demographic variables, food shopping strategies, alternative sources of food and ability to manage resources. Results Maternal age and language spoken at home were significantly associated with HHFSS; food insecurity was 10% more likely among older mothers (AOR=1.10; 95% CI 1.03-1.17) and 2.5 times more likely among Spanish speaking households (compared to non-Spanish speaking-AOR=3.57; 95% CI 1.25-10.18). Food insecurity was more likely among mothers reporting more informal strategies (AOR=1.98; 95% CI 1.28-3.01, p<.05) and perceiving greater inability to manage resources (AOR=1.60; 95

  14. Verification of Security Policy Enforcement in Enterprise Systems

    NASA Astrophysics Data System (ADS)

    Gupta, Puneet; Stoller, Scott D.

    Many security requirements for enterprise systems can be expressed in a natural way as high-level access control policies. A high-level policy may refer to abstract information resources, independent of where the information is stored; it controls both direct and indirect accesses to the information; it may refer to the context of a request, i.e., the request’s path through the system; and its enforcement point and enforcement mechanism may be unspecified. Enforcement of a high-level policy may depend on the system architecture and the configurations of a variety of security mechanisms, such as firewalls, host login permissions, file permissions, DBMS access control, and application-specific security mechanisms. This paper presents a framework in which all of these can be conveniently and formally expressed, a method to verify that a high-level policy is enforced, and an algorithm to determine a trusted computing base for each resource.

  15. 47 CFR 76.1204 - Availability of equipment performing conditional access or security functions.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... system; and (3) Does not provide access to any digital transmission of multichannel video programming or... COMMISSION (CONTINUED) BROADCAST RADIO SERVICES MULTICHANNEL VIDEO AND CABLE TELEVISION SERVICE Competitive... security functions. (a)(1) A multichannel video programming distributor that utilizes navigation devices to...

  16. 33 CFR 104.405 - Format of the Vessel Security Plan (VSP).

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ...) Communications; (9) Security systems and equipment maintenance; (10) Security measures for access control... 33 Navigation and Navigable Waters 1 2010-07-01 2010-07-01 false Format of the Vessel Security... SECURITY MARITIME SECURITY MARITIME SECURITY: VESSELS Vessel Security Plan (VSP) § 104.405 Format of the...

  17. The Security Factor in School Renovations.

    ERIC Educational Resources Information Center

    Fickes, Michael

    1998-01-01

    Discusses how one Indiana high school used its renovation as an opportunity to reevaluate the school's security design. Security considerations in the building's external and internal environment include lighting, directional signage, parking, access control technology, and issues regarding the use of closed circuit television. (GR)

  18. 10 CFR 36.23 - Access control.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 10 Energy 1 2011-01-01 2011-01-01 false Access control. 36.23 Section 36.23 Energy NUCLEAR... Requirements for Irradiators § 36.23 Access control. (a) Each entrance to a radiation room at a panoramic... radiation room at a panoramic irradiator must have an independent backup access control to detect personnel...

  19. 10 CFR 36.23 - Access control.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... 10 Energy 1 2013-01-01 2013-01-01 false Access control. 36.23 Section 36.23 Energy NUCLEAR... Requirements for Irradiators § 36.23 Access control. (a) Each entrance to a radiation room at a panoramic... radiation room at a panoramic irradiator must have an independent backup access control to detect personnel...

  20. 10 CFR 36.23 - Access control.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 10 Energy 1 2012-01-01 2012-01-01 false Access control. 36.23 Section 36.23 Energy NUCLEAR... Requirements for Irradiators § 36.23 Access control. (a) Each entrance to a radiation room at a panoramic... radiation room at a panoramic irradiator must have an independent backup access control to detect personnel...

  1. Autonomous Information Unit for Fine-Grain Data Access Control and Information Protection in a Net-Centric System

    NASA Technical Reports Server (NTRS)

    Chow, Edward T.; Woo, Simon S.; James, Mark; Paloulian, George K.

    2012-01-01

    As communication and networking technologies advance, networks will become highly complex and heterogeneous, interconnecting different network domains. There is a need to provide user authentication and data protection in order to further facilitate critical mission operations, especially in the tactical and mission-critical net-centric networking environment. The Autonomous Information Unit (AIU) technology was designed to provide the fine-grain data access and user control in a net-centric system-testing environment to meet these objectives. The AIU is a fundamental capability designed to enable fine-grain data access and user control in the cross-domain networking environments, where an AIU is composed of the mission data, metadata, and policy. An AIU provides a mechanism to establish trust among deployed AIUs based on recombining shared secrets, authentication and verify users with a username, X.509 certificate, enclave information, and classification level. AIU achieves data protection through (1) splitting data into multiple information pieces using the Shamir's secret sharing algorithm, (2) encrypting each individual information piece using military-grade AES-256 encryption, and (3) randomizing the position of the encrypted data based on the unbiased and memory efficient in-place Fisher-Yates shuffle method. Therefore, it becomes virtually impossible for attackers to compromise data since attackers need to obtain all distributed information as well as the encryption key and the random seeds to properly arrange the data. In addition, since policy can be associated with data in the AIU, different user access and data control strategies can be included. The AIU technology can greatly enhance information assurance and security management in the bandwidth-limited and ad hoc net-centric environments. In addition, AIU technology can be applicable to general complex network domains and applications where distributed user authentication and data protection are

  2. System access control study

    DOT National Transportation Integrated Search

    1974-06-01

    The report presents a summary of a study conducted for the Transportation Systems Center of promising access control techniques which are applicable to an aeronautical satellite system. Several frequency division multiple access (FDMA) and time divis...

  3. Enterprise systems security management: a framework for breakthrough protection

    NASA Astrophysics Data System (ADS)

    Farroha, Bassam S.; Farroha, Deborah L.

    2010-04-01

    Securing the DoD information network is a tremendous task due to its size, access locations and the amount of network intrusion attempts on a daily basis. This analysis investigates methods/architecture options to deliver capabilities for secure information sharing environment. Crypto-binding and intelligent access controls are basic requirements for secure information sharing in a net-centric environment. We introduce many of the new technology components to secure the enterprise. The cooperative mission requirements lead to developing automatic data discovery and data stewards granting access to Cross Domain (CD) data repositories or live streaming data. Multiple architecture models are investigated to determine best-of-breed approaches including SOA and Private/Public Clouds.

  4. 15. Front security entrance to the perimeter acquisition radar building, ...

    Library of Congress Historic Buildings Survey, Historic Engineering Record, Historic Landscapes Survey

    15. Front security entrance to the perimeter acquisition radar building, showing rotogates 1 and 2 and entrance door to security operations control center (SOCC), room #108 - Stanley R. Mickelsen Safeguard Complex, Perimeter Acquisition Radar Building, Limited Access Area, between Limited Access Patrol Road & Service Road A, Nekoma, Cavalier County, ND

  5. The Use of BS7799 Information Security Standard to Construct Mechanisms for the Management of Medical Organization Information Security

    NASA Astrophysics Data System (ADS)

    Liu, Shu-Fan; Chueh, Hao-En; Liao, Kuo-Hsiung

    According to surveys, 80 % of security related events threatening information in medical organizations is due to improper management. Most research on information security has focused on information and security technology, such as network security and access control; rarely addressing issues at the management issues. The main purpose of this study is to construct a BS7799 based mechanism for the management of information with regard to security as it applies to medical organizations. This study analyzes and identifies the most common events related to information security in medical organizations and categorizes these events as high-risk, transferable-risk, and controlled-risk to facilitate the management of such risk.

  6. An Extended Role-Based Access Control Model for Delegating Obligations

    NASA Astrophysics Data System (ADS)

    Ben-Ghorbel-Talbi, Meriam; Cuppens, Frédéric; Cuppens-Boulahia, Nora; Bouhoula, Adel

    The main aim of access control models is to provide means to simplify the management of the security policy, which is a fastidious and error-prone task. Supporting delegation is considered as an important mean to decentralize the administration and therefore to allow security policy to be more flexible and easier to manipulate. Our main contribution is the proposition of a unified model to the administration and delegation of obligations. Managing such delegations implies more requirements than managing traditional privileges delegation. In fact, delegating obligations may include two interpretations: the delegation of the obligation and the delegation of the responsibility related to this obligation. Therefore, it is important to deal with these two notions separately. Moreover, since delegating an obligation involves the delegation of sanctions, then the consent of the user who receives this delegation may be required in some cases. We address in this paper these requirements and we propose a formalism to deal with them.

  7. Maternal Strategies to Access Food Differ by Food Security Status.

    PubMed

    Gorman, Kathleen S; McCurdy, Karen; Kisler, Tiffani; Metallinos-Katsaras, Elizabeth

    2017-01-01

    Household food insecurity is associated with health and behavior risk. Much less is known about how food insecurity is related to strategies that adults use in accessing food: how and where they shop, use of alternative food sources, and their ability to manage resources. To examine how maternal behaviors, including shopping, accessing alternative sources of food, and managing resources, are related to household food security status (HHFSS). Cross-sectional study collecting survey data on HHFSS, shopping behaviors, use of alternative food sources, and managing resources obtained from low-income mothers of preschool-aged children. One hundred sixty-four low-income mothers of young children (55% Hispanic) from two communities in Rhode Island. HHFSS was measured using 10 items from the 18-item Core Food Security Module to assess adult food security. Mothers were surveyed about where, when, and how often they shopped; the strategies they use when shopping; their use of alternative sources of food, including federal, state, and local assistance; and their ability to manage their resources. Analysis of variance and χ 2 analyses assessed the associations between demographic variables, shopping, accessing alternative food sources, and managing resources, and HHFSS. Multivariate logistic regression assessed the associations between HHFSS and maternal demographic variables, food shopping, strategies, alternative sources of food, and ability to manage resources. Maternal age and language spoken at home were significantly associated with HHFSS; food insecurity was 10% more likely among older mothers (adjusted odds ratio [aOR] 1.10, 95% CI 1.03 to 1.17) and 2.5 times more likely among Spanish-speaking households (compared with non-Spanish speaking [aOR 3.57, 95% CI 1.25 to 10.18]). Food insecurity was more likely among mothers reporting more informal strategies (aOR 1.98, 95% CI 1.28 to 3.01; P<0.05) and perceiving greater inability to manage resources (aOR 1.60, 95% CI 1

  8. Access Control in Location-Based Services

    NASA Astrophysics Data System (ADS)

    Ardagna, Claudio A.; Cremonini, Marco; de Capitani di Vimercati, Sabrina; Samarati, Pierangela

    Recent enhancements in location technologies reliability and precision are fostering the development of a new wave of applications that make use of the location information of users. Such applications introduces new aspects of access control which should be addressed. On the one side, precise location information may play an important role and can be used to develop Location-based Access Control (LBAC) systems that integrate traditional access control mechanisms with conditions based on the physical position of users. On the other side, location information of users can be considered sensitive and access control solutions should be developed to protect it against unauthorized accesses and disclosures. In this chapter, we address these two aspects related to the use and protection of location information, discussing existing solutions, open issues, and some research directions.

  9. New Advanced Technologies to Provide Decentralised and Secure Access to Medical Records: Case Studies in Oncology

    PubMed Central

    Quantin, Catherine; Coatrieux, Gouenou; Allaert, François André; Fassa, Maniane; Bourquard, Karima; Boire, Jean-Yves; de Vlieger, Paul; Maigne, Lydia; Breton, Vincent

    2009-01-01

    The main problem for health professionals and patients in accessing information is that this information is very often distributed over many medical records and locations. This problem is particularly acute in cancerology because patients may be treated for many years and undergo a variety of examinations. Recent advances in technology make it feasible to gain access to medical records anywhere and anytime, allowing the physician or the patient to gather information from an “ephemeral electronic patient record”. However, this easy access to data is accompanied by the requirement for improved security (confidentiality, traceability, integrity, ...) and this issue needs to be addressed. In this paper we propose and discuss a decentralised approach based on recent advances in information sharing and protection: Grid technologies and watermarking methodologies. The potential impact of these technologies for oncology is illustrated by the examples of two experimental cases: a cancer surveillance network and a radiotherapy treatment plan. It is expected that the proposed approach will constitute the basis of a future secure “google-like” access to medical records. PMID:19718446

  10. 49 CFR 1544.228 - Access to cargo and cargo screening: Security threat assessments for cargo personnel in the...

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... threat assessments for cargo personnel in the United States. 1544.228 Section 1544.228 Transportation... COMMERCIAL OPERATORS Operations § 1544.228 Access to cargo and cargo screening: Security threat assessments... paragraph (b) of this section— (1) Each individual must successfully complete a security threat assessment...

  11. Semantically Enriched Data Access Policies in eHealth.

    PubMed

    Drozdowicz, Michał; Ganzha, Maria; Paprzycki, Marcin

    2016-11-01

    Internet of Things (IoT) requires novel solutions to facilitate autonomous, though controlled, resource access. Access policies have to facilitate interactions between heterogeneous entities (devices and humans). Here, we focus our attention on access control in eHealth. We propose an approach based on enriching policies, based on well-known and widely-used eXtensible Access Control Markup Language, with semantics. In the paper we describe an implementation of a Policy Information Point integrated with the HL7 Security and Privacy Ontology.

  12. 33 CFR 106.405 - Format and content of the Facility Security Plan (FSP).

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ...; (9) Security systems and equipment maintenance; (10) Security measures for access control; (11... Facility Security Plan (FSP). 106.405 Section 106.405 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MARITIME SECURITY MARINE SECURITY: OUTER CONTINENTAL SHELF (OCS) FACILITIES...

  13. Aviation Security: Background and Policy Options for Screening and Securing Air Cargo

    DTIC Science & Technology

    2008-02-25

    today, employees with unescorted access privileges to security identification display areas ( SIDAs ) may access secured areas and aircraft without...where all-cargo aircraft are loaded and unloaded, as security identification display areas ( SIDAs ). This effectively elevates the required security

  14. Control System Applicable Use Assessment of the Secure Computing Corporation - Secure Firewall (Sidewinder)

    DOE Office of Scientific and Technical Information (OSTI.GOV)

    Hadley, Mark D.; Clements, Samuel L.

    2009-01-01

    Battelle’s National Security & Defense objective is, “applying unmatched expertise and unique facilities to deliver homeland security solutions. From detection and protection against weapons of mass destruction to emergency preparedness/response and protection of critical infrastructure, we are working with industry and government to integrate policy, operational, technological, and logistical parameters that will secure a safe future”. In an ongoing effort to meet this mission, engagements with industry that are intended to improve operational and technical attributes of commercial solutions that are related to national security initiatives are necessary. This necessity will ensure that capabilities for protecting critical infrastructure assets aremore » considered by commercial entities in their development, design, and deployment lifecycles thus addressing the alignment of identified deficiencies and improvements needed to support national cyber security initiatives. The Secure Firewall (Sidewinder) appliance by Secure Computing was assessed for applicable use in critical infrastructure control system environments, such as electric power, nuclear and other facilities containing critical systems that require augmented protection from cyber threat. The testing was performed in the Pacific Northwest National Laboratory’s (PNNL) Electric Infrastructure Operations Center (EIOC). The Secure Firewall was tested in a network configuration that emulates a typical control center network and then evaluated. A number of observations and recommendations are included in this report relating to features currently included in the Secure Firewall that support critical infrastructure security needs.« less

  15. Self-Determination and Access to Postsecondary Education in Transitioning Youths Receiving Supplemental Security Income

    ERIC Educational Resources Information Center

    Berry, Hugh G.; Ward, Michael; Caplan, Leslie

    2012-01-01

    Using data from the National Longitudinal Transition Study-2, this article examines the relationships among three of Wehmeyer's components of self-determination (autonomy, empowerment, and self-realization) and subsequent reported access to postsecondary education in transitioning youths receiving Supplemental Security Income benefits. Results of…

  16. Research and realization of info-net security controlling system

    NASA Astrophysics Data System (ADS)

    Xu, Tao; Zhang, Wei; Li, Xuhong; Wang, Xia; Pan, Wenwen

    2017-03-01

    The thesis introduces some relative concepts about Network Cybernetics, and we design and realize a new info-net security controlling system based on Network Cybernetics. The system can control the endpoints, safely save files, encrypt communication, supervise actions of users and show security conditions, in order to realize full-scale security management. At last, we simulate the functions of the system. The results show, the system can ensure the controllability of users and devices, and supervise them real-time. The system can maximize the security of the network and users.

  17. 47 CFR 95.645 - Control accessibility.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... 47 Telecommunication 5 2013-10-01 2013-10-01 false Control accessibility. 95.645 Section 95.645 Telecommunication FEDERAL COMMUNICATIONS COMMISSION (CONTINUED) SAFETY AND SPECIAL RADIO SERVICES PERSONAL RADIO SERVICES Technical Regulations Certification Requirements § 95.645 Control accessibility. (a) No control...

  18. 47 CFR 95.645 - Control accessibility.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 47 Telecommunication 5 2014-10-01 2014-10-01 false Control accessibility. 95.645 Section 95.645 Telecommunication FEDERAL COMMUNICATIONS COMMISSION (CONTINUED) SAFETY AND SPECIAL RADIO SERVICES PERSONAL RADIO SERVICES Technical Regulations Certification Requirements § 95.645 Control accessibility. (a) No control...

  19. 47 CFR 95.645 - Control accessibility.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 47 Telecommunication 5 2010-10-01 2010-10-01 false Control accessibility. 95.645 Section 95.645 Telecommunication FEDERAL COMMUNICATIONS COMMISSION (CONTINUED) SAFETY AND SPECIAL RADIO SERVICES PERSONAL RADIO SERVICES Technical Regulations Certification Requirements § 95.645 Control accessibility. (a) No control...

  20. 47 CFR 95.645 - Control accessibility.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... 47 Telecommunication 5 2011-10-01 2011-10-01 false Control accessibility. 95.645 Section 95.645 Telecommunication FEDERAL COMMUNICATIONS COMMISSION (CONTINUED) SAFETY AND SPECIAL RADIO SERVICES PERSONAL RADIO SERVICES Technical Regulations Certification Requirements § 95.645 Control accessibility. (a) No control...

  1. Secure public cloud platform for medical images sharing.

    PubMed

    Pan, Wei; Coatrieux, Gouenou; Bouslimi, Dalel; Prigent, Nicolas

    2015-01-01

    Cloud computing promises medical imaging services offering large storage and computing capabilities for limited costs. In this data outsourcing framework, one of the greatest issues to deal with is data security. To do so, we propose to secure a public cloud platform devoted to medical image sharing by defining and deploying a security policy so as to control various security mechanisms. This policy stands on a risk assessment we conducted so as to identify security objectives with a special interest for digital content protection. These objectives are addressed by means of different security mechanisms like access and usage control policy, partial-encryption and watermarking.

  2. Security Controls in the Stockpoint Logistics Integrated Communications Environment (SPLICE).

    DTIC Science & Technology

    1985-03-01

    call programs as authorized after checks by the Terminal Management Subsystem on SAS databases . SAS overlays the TANDEM GUARDIAN operating system to...Security Access Profile database (SAP) and a query capability generating various security reports. SAS operates with the System Monitor (SMON) subsystem...system to DDN and other components. The first SAS component to be reviewed is the SAP database . SAP is organized into two types of files. Relational

  3. Household access to traditional and indigenous foods positively associated with food security and dietary diversity in Botswana.

    PubMed

    Kasimba, Salome Nduku; Motswagole, Boitumelo Stokie; Covic, Namukolo Margaret; Claasen, Nicole

    2018-04-01

    To determine access to traditional and indigenous foods (TIF) and the association with household food security, dietary diversity and women's BMI in low socio-economic households. Sequential explanatory mixed-methods design, including a random household cross-sectional survey on household food insecurity access (HFIA), household dietary diversity (HDD) and women's BMI, followed by focus group discussions. Two rural and two urban areas of Botswana. Persons responsible for food preparation or an adult in a household (n 400); for BMI, non-pregnant women aged 18-49 years (n 253). Almost two-thirds of households experienced moderate or severe food insecurity (28·8 and 37·3 %, respectively), but more than half of women were overweight or obese (26·9 and 26·9 %, respectively). Median HDD score was 6 (interquartile range 5-7) out of a total of 12. A positive correlation was found between number of TIF accessed and HDD score (r=0·457; P<0·001) and a negative correlation between number of TIF accessed and HFIA score (r=-0·272; P<0·001). There was no correlation between number of TIF accessed and women's BMI (r=-0·066; P=0·297). TIF were perceived as healthy but with declining consumption due to preference for modern foods. TIF may potentially have an important role in household food security and dietary diversity. There is need to explore potential benefits that may be associated with their optimal use on food security and nutrition outcomes.

  4. Disclosure Control of Natural Language Information to Enable Secure and Enjoyable Communication over the Internet

    NASA Astrophysics Data System (ADS)

    Kataoka, Haruno; Utsumi, Akira; Hirose, Yuki; Yoshiura, Hiroshi

    Disclosure control of natural language information (DCNL), which we are trying to realize, is described. DCNL will be used for securing human communications over the internet, such as through blogs and social network services. Before sentences in the communications are disclosed, they are checked by DCNL and any phrases that could reveal sensitive information are transformed or omitted so that they are no longer revealing. DCNL checks not only phrases that directly represent sensitive information but also those that indirectly suggest it. Combinations of phrases are also checked. DCNL automatically learns the knowledge of sensitive phrases and the suggestive relations between phrases by using co-occurrence analysis and Web retrieval. The users' burden is therefore minimized, i.e., they do not need to define many disclosure control rules. DCNL complements the traditional access control in the fields where reliability needs to be balanced with enjoyment and objects classes for the access control cannot be predefined.

  5. Health Information Security in Hospitals: the Application of Security Safeguards.

    PubMed

    Mehraeen, Esmaeil; Ayatollahi, Haleh; Ahmadi, Maryam

    2016-02-01

    A hospital information system has potentials to improve the accessibility of clinical information and the quality of health care. However, the use of this system has resulted in new challenges, such as concerns over health information security. This paper aims to assess the status of information security in terms of administrative, technical and physical safeguards in the university hospitals. This was a survey study in which the participants were information technology (IT) managers (n=36) who worked in the hospitals affiliated to the top ranked medical universities (university A and university B). Data were collected using a questionnaire. The content validity of the questionnaire was examined by the experts and the reliability of the questionnaire was determined using Cronbach's coefficient alpha (α=0.75). The results showed that the administrative safeguards were arranged at a medium level. In terms of the technical safeguards and the physical safeguards, the IT managers rated them at a strong level. According to the results, among three types of security safeguards, the administrative safeguards were assessed at the medium level. To improve it, developing security policies, implementing access control models and training users are recommended.

  6. Linear Time Algorithms to Restrict Insider Access using Multi-Policy Access Control Systems

    PubMed Central

    Mell, Peter; Shook, James; Harang, Richard; Gavrila, Serban

    2017-01-01

    An important way to limit malicious insiders from distributing sensitive information is to as tightly as possible limit their access to information. This has always been the goal of access control mechanisms, but individual approaches have been shown to be inadequate. Ensemble approaches of multiple methods instantiated simultaneously have been shown to more tightly restrict access, but approaches to do so have had limited scalability (resulting in exponential calculations in some cases). In this work, we take the Next Generation Access Control (NGAC) approach standardized by the American National Standards Institute (ANSI) and demonstrate its scalability. The existing publicly available reference implementations all use cubic algorithms and thus NGAC was widely viewed as not scalable. The primary NGAC reference implementation took, for example, several minutes to simply display the set of files accessible to a user on a moderately sized system. In our approach, we take these cubic algorithms and make them linear. We do this by reformulating the set theoretic approach of the NGAC standard into a graph theoretic approach and then apply standard graph algorithms. We thus can answer important access control decision questions (e.g., which files are available to a user and which users can access a file) using linear time graph algorithms. We also provide a default linear time mechanism to visualize and review user access rights for an ensemble of access control mechanisms. Our visualization appears to be a simple file directory hierarchy but in reality is an automatically generated structure abstracted from the underlying access control graph that works with any set of simultaneously instantiated access control policies. It also provide an implicit mechanism for symbolic linking that provides a powerful access capability. Our work thus provides the first efficient implementation of NGAC while enabling user privilege review through a novel visualization approach. This

  7. Empowering citizens with access control mechanisms to their personal health resources.

    PubMed

    Calvillo, J; Román, I; Roa, L M

    2013-01-01

    are essential keys for this approach and they are accomplished by using semantic technologies (i.e., ontologies, rule languages, and inference engines). The results are mainly focused on the security and access control of the proposed scenario. An ontology has been designed and developed for the POVO covering the terminology of the scenario and easing the automation of administration tasks. Over that ontology, an access control mechanism based on rule languages allows specifying access control policies, and an inference engine performs the decision making process automatically. The usability of solutions to ease administration tasks to the SoC is improved by the Me-As-An-Admin (M3A) application. This guides the SoC through the specification of personal access control policies to his/her distributed resources by using semantic technologies (e.g., metamodeling, model-to-text transformations, etc.). All results are developed as services and included in an architecture in accordance with standards and principles of openness and interoperability. Current technology can bring health, social and well-being care actually centered on citizens, and granting each person the management of his/her health information. However, the application of technology without adopting methodologies or normalized guidelines will reduce the interoperability of solutions developed, failing in the development of advanced services and improved scenarios for health delivery. Standards and reference architectures can be cornerstones for future-proof and powerful developments. Finally, not only technology must follow citizen-centric approaches, but also the gaps needing legislative efforts that support these new paradigms of healthcare delivery must be identified and addressed. Copyright © 2012 Elsevier Ireland Ltd. All rights reserved.

  8. Communication Security for Control Systems in Smart Grid

    NASA Astrophysics Data System (ADS)

    Robles, Rosslin John; Kim, Tai-Hoon

    As an example of Control System, Supervisory Control and Data Acquisition systems can be relatively simple, such as one that monitors environmental conditions of a small office building, or incredibly complex, such as a system that monitors all the activity in a nuclear power plant or the activity of a municipal water system. SCADA systems are basically Process Control Systems, designed to automate systems such as traffic control, power grid management, waste processing etc. Connecting SCADA to the Internet can provide a lot of advantages in terms of control, data viewing and generation. SCADA infrastructures like electricity can also be a part of a Smart Grid. Connecting SCADA to a public network can bring a lot of security issues. To answer the security issues, a SCADA communication security solution is proposed.

  9. A Security Framework for Online Distance Learning and Training.

    ERIC Educational Resources Information Center

    Furnell, S. M.; Onions, P. D.; Bleimann, U.; Gojny, U.; Knahl, M.; Roder, H. F.; Sanders, P. W.

    1998-01-01

    Presents a generic reference model for online distance learning and discusses security issues for each stage (enrollment, study, completion, termination, suspension). Discusses a security framework (authentication and accountability, access control, intrusion detection, network communications, nonrepudiation, learning resources provider…

  10. How to implement security controls for an information security program at CBRN facilities

    DOE Office of Scientific and Technical Information (OSTI.GOV)

    Lenaeus, Joseph D.; O'Neil, Lori Ross; Leitch, Rosalyn M.

    This document was prepared by PNNL within the framework of Project 19 of the European Union Chemical Biological Radiological and Nuclear Risk Mitigation Centres of Excellence Initiative entitled, ''Development of procedures and guidelines to create and improve secure information management systems and data exchange mechanisms for CBRN materials under regulatory control.'' It provides management and workers at CBRN facilities, parent organization managers responsible for those facilities, and regulatory agencies (governmental and nongovernmental) with guidance on the best practices for protecting information security. The security mitigation approaches presented in this document were chosen because they present generally accepted guidance in anmore » easy-to-understand manner, making it easier for facility personnel to grasp key concepts and envision how security controls could be implemented by the facility. This guidance is presented from a risk management perspective.« less

  11. Secure Control Systems for the Energy Sector

    DOE Office of Scientific and Technical Information (OSTI.GOV)

    Smith, Rhett; Campbell, Jack; Hadley, Mark

    2012-03-31

    Schweitzer Engineering Laboratories (SEL) will conduct the Hallmark Project to address the need to reduce the risk of energy disruptions because of cyber incidents on control systems. The goals is to develop solutions that can be both applied to existing control systems and designed into new control systems to add the security measures needed to mitigate energy network vulnerabilities. The scope of the Hallmark Project contains four primary elements: 1. Technology transfer of the Secure Supervisory Control and Data Acquisition (SCADA) Communications Protocol (SSCP) from Pacific Northwest National Laboratories (PNNL) to Schweitzer Engineering Laboratories (SEL). The project shall use thismore » technology to develop a Federal Information Processing Standard (FIPS) 140-2 compliant original equipment manufacturer (OEM) module to be called a Cryptographic Daughter Card (CDC) with the ability to directly connect to any PC enabling that computer to securely communicate across serial to field devices. Validate the OEM capabilities with another vendor. 2. Development of a Link Authenticator Module (LAM) using the FIPS 140-2 validated Secure SCADA Communications Protocol (SSCP) CDC module with a central management software kit. 3. Validation of the CDC and Link Authenticator modules via laboratory and field tests. 4. Creation of documents that record the impact of the Link Authenticator to the operators of control systems and on the control system itself. The information in the documents can assist others with technology deployment and maintenance.« less

  12. The climate sensitivity of food security in Mali - a historical perspective on availability and access dimensions

    NASA Astrophysics Data System (ADS)

    Giannini, A.; Krishnamurthy, P. K.; Cousin, R.; Choularton, R. J.

    2011-12-01

    We present results based on an analysis of a 2005 livelihood survey of ~2000 rural households in ~200 villages scattered across Mali, a sparsely populated, large land-locked country in West Africa, to elucidate the role of climate variability and change in shaping availability and access dimensions of food security. The Comprehensive Food Security Vulnerability Analysis is a recurrent survey carried out by the World Food Programme and in-country partners to map out nutritional and socio-economic status during normal (~food secure) conditions in the hope of understanding underlying cause(s) and prevent the next food security crisis. We set the spatial characterization of food security that emerges from the CFSVA against the background of a varying climate, on intra-seasonal, interannual and multi-decadal time scales: through elucidation of the influence of climate on agricultural production we arrive at an interpretation of structural and conjunctural events affecting food security. We conclude with a discussion of possible interventions to reduce vulnerability.

  13. An Attribute Based Access Control Framework for Healthcare System

    NASA Astrophysics Data System (ADS)

    Afshar, Majid; Samet, Saeed; Hu, Ting

    2018-01-01

    Nowadays, access control is an indispensable part of the Personal Health Record and supplies for its confidentiality by enforcing policies and rules to ensure that only authorized users gain access to requested resources in the system. In other words, the access control means protecting patient privacy in healthcare systems. Attribute-Based Access Control (ABAC) is a new access control model that can be used instead of other traditional types of access control such as Discretionary Access Control, Mandatory Access Control, and Role-Based Access Control. During last five years ABAC has shown some applications in both recent academic fields and industry purposes. ABAC by using user’s attributes and resources, makes a decision according to an access request. In this paper, we propose an ABAC framework for healthcare system. We use the engine of ABAC for rendering and enforcing healthcare policies. Moreover, we handle emergency situations in this framework.

  14. Access control for electronic patient records.

    PubMed

    Glagola, M J

    1998-01-01

    The transition from hardcopy records to electronic records is in the forefront for healthcare today. For healthcare facilities, a major issue is determining who can access patients' medical information and how access to this information can be controlled. There are three components to access control: identification, authentication and authorization. Checking proof of identity is a means of authenticating someone--through a driver's license, passport or their fingerprints. Similar processes are needed in a computer environment, through the use of passwords, one-time passwords or smartcards, encryption and kerberos, and call-back procedures. New in the area of access control are biometric devices, which are hardware/software combinations that digitize a physical characteristic and compare the sample with previously stored samples. Fingerprints, voiceprints and facial features are examples. Their cost is currently prohibitive, but in time, they may become more common. Digital certificates and certification authorities are other means used to authenticate identify. When a system challenges a user's identity at log on, the user provides a certification that tells the system to go to the issuing certification authority and find proof the user's claim is valid. Low-level certifications offer little value for sensitive data, but high-level certification is now being introduced. It requires more specific, detailed information on the applicant. Authorization, the final component of access control, establishes what a specific user can and cannot access. To have effective access control, transaction logging and system monitoring are needed to ensure the various techniques are being used and performing properly.

  15. Printable, scannable biometric templates for secure documents and materials

    NASA Astrophysics Data System (ADS)

    Cambier, James L.; Musgrave, Clyde

    2000-04-01

    Biometric technology has been widely acknowledged as an effective means for enhancing private and public security through applications in physical access control, computer and computer network access control, medical records protection, banking security, public identification programs, and others. Nearly all of these applications involve use of a biometric token to control access to a physical entity or private information. There are also unique benefits to be derived from attaching a biometric template to a physical entity such as a document, package, laboratory sample, etc. Such an association allows fast, reliable, and highly accurate association of an individual person's identity to the physical entity, and can be used to enhance security, convenience, and privacy in many types of transactions. Examples include authentication of documents, tracking of laboratory samples in a testing environment, monitoring the movement of physical evidence within the criminal justice system, and authenticating the identity of both sending and receiving parties in shipment of high value parcels. A system is described which combines a biometric technology based on iris recognition with a printing and scanning technology for high-density bar codes.

  16. 21 CFR 1301.75 - Physical security controls for practitioners.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 21 Food and Drugs 9 2012-04-01 2012-04-01 false Physical security controls for practitioners. 1301.75 Section 1301.75 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION....75 Physical security controls for practitioners. (a) Controlled substances listed in Schedule I shall...

  17. 21 CFR 1301.75 - Physical security controls for practitioners.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 21 Food and Drugs 9 2010-04-01 2010-04-01 false Physical security controls for practitioners. 1301.75 Section 1301.75 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION....75 Physical security controls for practitioners. (a) Controlled substances listed in Schedule I shall...

  18. 21 CFR 1301.75 - Physical security controls for practitioners.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 21 Food and Drugs 9 2011-04-01 2011-04-01 false Physical security controls for practitioners. 1301.75 Section 1301.75 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION....75 Physical security controls for practitioners. (a) Controlled substances listed in Schedule I shall...

  19. 21 CFR 1301.75 - Physical security controls for practitioners.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 21 Food and Drugs 9 2013-04-01 2013-04-01 false Physical security controls for practitioners. 1301.75 Section 1301.75 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION....75 Physical security controls for practitioners. (a) Controlled substances listed in Schedule I shall...

  20. 21 CFR 1301.75 - Physical security controls for practitioners.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 21 Food and Drugs 9 2014-04-01 2014-04-01 false Physical security controls for practitioners. 1301.75 Section 1301.75 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION....75 Physical security controls for practitioners. (a) Controlled substances listed in Schedule I shall...

  1. Secure access to patient's health records using SpeechXRays a mutli-channel biometrics platform for user authentication.

    PubMed

    Spanakis, Emmanouil G; Spanakis, Marios; Karantanas, Apostolos; Marias, Kostas

    2016-08-01

    The most commonly used method for user authentication in ICT services or systems is the application of identification tools such as passwords or personal identification numbers (PINs). The rapid development in ICT technology regarding smart devices (laptops, tablets and smartphones) has allowed also the advance of hardware components that capture several biometric traits such as fingerprints and voice. These components are aiming among others to overcome weaknesses and flaws of password usage under the prism of improved user authentication with higher level of security, privacy and usability. To this respect, the potential application of biometrics for secure user authentication regarding access in systems with sensitive data (i.e. patient's data from electronic health records) shows great potentials. SpeechXRays aims to provide a user recognition platform based on biometrics of voice acoustics analysis and audio-visual identity verification. Among others, the platform aims to be applied as an authentication tool for medical personnel in order to gain specific access to patient's electronic health records. In this work a short description of SpeechXrays implementation tool regarding eHealth is provided and analyzed. This study explores security and privacy issues, and offers a comprehensive overview of biometrics technology applications in addressing the e-Health security challenges. We present and describe the necessary requirement for an eHealth platform concerning biometric security.

  2. Secure distribution for high resolution remote sensing images

    NASA Astrophysics Data System (ADS)

    Liu, Jin; Sun, Jing; Xu, Zheng Q.

    2010-09-01

    The use of remote sensing images collected by space platforms is becoming more and more widespread. The increasing value of space data and its use in critical scenarios call for adoption of proper security measures to protect these data against unauthorized access and fraudulent use. In this paper, based on the characteristics of remote sensing image data and application requirements on secure distribution, a secure distribution method is proposed, including users and regions classification, hierarchical control and keys generation, and multi-level encryption based on regions. The combination of the three parts can make that the same remote sensing images after multi-level encryption processing are distributed to different permission users through multicast, but different permission users can obtain different degree information after decryption through their own decryption keys. It well meets user access control and security needs in the process of high resolution remote sensing image distribution. The experimental results prove the effectiveness of the proposed method which is suitable for practical use in the secure transmission of remote sensing images including confidential information over internet.

  3. Secure DBMS Auditor

    DTIC Science & Technology

    1990-07-01

    i k RAYMOND P. URTZ, JR. Technical Director Directorate of Command & Control FOR TH!E C0OKANDER: IGOR G. PLONISCH Directorate of Plans & Programs If...access controls and for thwarting inference and aggregation attacks ae generally considered inadequate for high usurance systems. Consequently, thee is...requirements was to have been based on a state-of-the-art survey involving interviews with TDBMS researchers and developers and security officers and auditors

  4. A new data collaboration service based on cloud computing security

    NASA Astrophysics Data System (ADS)

    Ying, Ren; Li, Hua-Wei; Wang, Li na

    2017-09-01

    With the rapid development of cloud computing, the storage and usage of data have undergone revolutionary changes. Data owners can store data in the cloud. While bringing convenience, it also brings many new challenges to cloud data security. A key issue is how to support a secure data collaboration service that supports access and updates to cloud data. This paper proposes a secure, efficient and extensible data collaboration service, which prevents data leaks in cloud storage, supports one to many encryption mechanisms, and also enables cloud data writing and fine-grained access control.

  5. Security and SCADA protocols

    DOE Office of Scientific and Technical Information (OSTI.GOV)

    Igure, V. M.; Williams, R. D.

    2006-07-01

    Supervisory control and data acquisition (SCADA) networks have replaced discrete wiring for many industrial processes, and the efficiency of the network alternative suggests a trend toward more SCADA networks in the future. This paper broadly considers SCADA to include distributed control systems (DCS) and digital control systems. These networks offer many advantages, but they also introduce potential vulnerabilities that can be exploited by adversaries. Inter-connectivity exposes SCADA networks to many of the same threats that face the public internet and many of the established defenses therefore show promise if adapted to the SCADA differences. This paper provides an overview ofmore » security issues in SCADA networks and ongoing efforts to improve the security of these networks. Initially, a few samples from the range of threats to SCADA network security are offered. Next, attention is focused on security assessment of SCADA communication protocols. Three challenges must be addressed to strengthen SCADA networks. Access control mechanisms need to be introduced or strengthened, improvements are needed inside of the network to enhance security and network monitoring, and SCADA security management improvements and policies are needed. This paper discusses each of these challenges. This paper uses the Profibus protocol as an example to illustrate some of the vulnerabilities that arise within SCADA networks. The example Profibus security assessment establishes a network model and an attacker model before proceeding to a list of example attacks. (authors)« less

  6. A Healthy Approach to Fitness Center Security.

    ERIC Educational Resources Information Center

    Sturgeon, Julie

    2000-01-01

    Examines techniques for keeping college fitness centers secure while maintaining an inviting atmosphere. Building access control, preventing locker room theft, and suppressing causes for physical violence are discussed. (GR)

  7. Security in Distributed Collaborative Environments: Limitations and Solutions

    NASA Astrophysics Data System (ADS)

    Saadi, Rachid; Pierson, Jean-Marc; Brunie, Lionel

    The main goal of establishing collaboration between heterogeneous environment is to create such as Pervasive context which provide nomadic users with ubiquitous access to digital information and surrounding resources. However, the constraints of mobility and heterogeneity arise a number of crucial issues related to security, especially authentication access control and privacy. First of all, in this chapter we explore the trust paradigm, specially the transitive capability to enable a trust peer to peer collaboration. In this manner, when each organization sets its own security policy to recognize (authenticate) users members of a trusted community and provide them a local access (access control), the trust transitivity between peers will allows users to gain a broad, larger and controlled access inside the pervasive environment. Next, we study the problem of user's privacy. In fact in pervasive and ubiquitous environments, nomadic users gather and exchange certificates or credential which providing them rights to access by transitivity unknown and trusted environments. These signed documents embeds increasing number of attribute that require to be filtered according to such contextual situation. In this chapter, we propose a new morph signature enabling each certificate owner to preserve his privacy by discloses or blinds some sensitive attributes according to faced situation.

  8. A case study of the Secure Anonymous Information Linkage (SAIL) Gateway: A privacy-protecting remote access system for health-related research and evaluation☆

    PubMed Central

    Jones, Kerina H.; Ford, David V.; Jones, Chris; Dsilva, Rohan; Thompson, Simon; Brooks, Caroline J.; Heaven, Martin L.; Thayer, Daniel S.; McNerney, Cynthia L.; Lyons, Ronan A.

    2014-01-01

    With the current expansion of data linkage research, the challenge is to find the balance between preserving the privacy of person-level data whilst making these data accessible for use to their full potential. We describe a privacy-protecting safe haven and secure remote access system, referred to as the Secure Anonymised Information Linkage (SAIL) Gateway. The Gateway provides data users with a familiar Windows interface and their usual toolsets to access approved anonymously-linked datasets for research and evaluation. We outline the principles and operating model of the Gateway, the features provided to users within the secure environment, and how we are approaching the challenges of making data safely accessible to increasing numbers of research users. The Gateway represents a powerful analytical environment and has been designed to be scalable and adaptable to meet the needs of the rapidly growing data linkage community. PMID:24440148

  9. Health information security: a case study of three selected medical centers in iran.

    PubMed

    Hajrahimi, Nafiseh; Dehaghani, Sayed Mehdi Hejazi; Sheikhtaheri, Abbas

    2013-03-01

    Health Information System (HIS) is considered a unique factor in improving the quality of health care activities and cost reduction, but today with the development of information technology and use of internet and computer networks, patients' electronic records and health information systems have become a source for hackers. This study aims at checking health information security of three selected medical centers in Iran using AHP fuzzy and TOPSIS compound model. To achieve that security measures were identified, based on the research literature and decision making matrix using experts' points of view. Among the 27 indicators, seven indicators were selected as effective indicators and Fuzzy AHP technique was used to determine the importance of security indicators. Based on the comparisons made between the three selected medical centers to assess the security of health information, it is concluded that Chamran hospital has the most acceptable level of security and attention in three indicators of "verification and system design, user access management, access control system", Al Zahra Hospital in two indicators of "access management and network access control" and Amin Hospital in "equipment safety and system design". In terms of information security, Chamran Hospital ranked first, Al-Zahra Hospital ranked second and Al- Zahra hospital has the third place.

  10. Common Badging and Access Control System (CBACS)

    NASA Technical Reports Server (NTRS)

    Dischinger, Portia

    2005-01-01

    This slide presentation presents NASA's Common Badging and Access Control System. NASA began a Smart Card implementation in January 2004. Following site surveys, it was determined that NASA's badging and access control systems required upgrades to common infrastructure in order to provide flexibly, usability, and return on investment prior to a smart card implantation. Common Badging and Access Control System (CBACS) provides the common infrastructure from which FIPS-201 compliant processes, systems, and credentials can be developed and used.

  11. Logical Access Control Mechanisms in Computer Systems.

    ERIC Educational Resources Information Center

    Hsiao, David K.

    The subject of access control mechanisms in computer systems is concerned with effective means to protect the anonymity of private information on the one hand, and to regulate the access to shareable information on the other hand. Effective means for access control may be considered on three levels: memory, process and logical. This report is a…

  12. 12 CFR 1204.8 - How are records secured?

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... § 1204.8 How are records secured? (a) What controls must FHFA have in place? Each FHFA office must establish administrative and physical controls to prevent unauthorized access to its systems of records... stringency of these controls should correspond to the sensitivity of the records that the controls protect...

  13. OVERALL view OF CONTROL BUILDING AND SECURITY GATE. view TO ...

    Library of Congress Historic Buildings Survey, Historic Engineering Record, Historic Landscapes Survey

    OVERALL view OF CONTROL BUILDING AND SECURITY GATE. view TO EAST. - Plattsburgh Air Force Base, Security Police Entry Control Building, Off Perimeter Road in Weapons Storage Area, Plattsburgh, Clinton County, NY

  14. OVERALL VIEW OF CONTROL BUILDING AND SECURITY GATE. VIEW TO ...

    Library of Congress Historic Buildings Survey, Historic Engineering Record, Historic Landscapes Survey

    OVERALL VIEW OF CONTROL BUILDING AND SECURITY GATE. VIEW TO NORTH. - Plattsburgh Air Force Base, Security Police Entry Control Building, Off Perimeter Road in SAC Alert Area, Plattsburgh, Clinton County, NY

  15. Arms Control and National Security: An Introduction. Advance Edition.

    ERIC Educational Resources Information Center

    Arms Control Association, Washington, DC.

    Suitable for use with high school students, this booklet on arms control and national security provides background information, describes basic concepts, reviews recent history, and offers suggestions for further reading. The first section, on American attitudes toward national security and arms control, defines five types of limits on weapons…

  16. Research on Quantum Authentication Methods for the Secure Access Control Among Three Elements of Cloud Computing

    NASA Astrophysics Data System (ADS)

    Dong, Yumin; Xiao, Shufen; Ma, Hongyang; Chen, Libo

    2016-12-01

    Cloud computing and big data have become the developing engine of current information technology (IT) as a result of the rapid development of IT. However, security protection has become increasingly important for cloud computing and big data, and has become a problem that must be solved to develop cloud computing. The theft of identity authentication information remains a serious threat to the security of cloud computing. In this process, attackers intrude into cloud computing services through identity authentication information, thereby threatening the security of data from multiple perspectives. Therefore, this study proposes a model for cloud computing protection and management based on quantum authentication, introduces the principle of quantum authentication, and deduces the quantum authentication process. In theory, quantum authentication technology can be applied in cloud computing for security protection. This technology cannot be cloned; thus, it is more secure and reliable than classical methods.

  17. A case study of the Secure Anonymous Information Linkage (SAIL) Gateway: a privacy-protecting remote access system for health-related research and evaluation.

    PubMed

    Jones, Kerina H; Ford, David V; Jones, Chris; Dsilva, Rohan; Thompson, Simon; Brooks, Caroline J; Heaven, Martin L; Thayer, Daniel S; McNerney, Cynthia L; Lyons, Ronan A

    2014-08-01

    With the current expansion of data linkage research, the challenge is to find the balance between preserving the privacy of person-level data whilst making these data accessible for use to their full potential. We describe a privacy-protecting safe haven and secure remote access system, referred to as the Secure Anonymised Information Linkage (SAIL) Gateway. The Gateway provides data users with a familiar Windows interface and their usual toolsets to access approved anonymously-linked datasets for research and evaluation. We outline the principles and operating model of the Gateway, the features provided to users within the secure environment, and how we are approaching the challenges of making data safely accessible to increasing numbers of research users. The Gateway represents a powerful analytical environment and has been designed to be scalable and adaptable to meet the needs of the rapidly growing data linkage community. Copyright © 2014 The Aurthors. Published by Elsevier Inc. All rights reserved.

  18. Security Encryption Scheme for Communication of Web Based Control Systems

    NASA Astrophysics Data System (ADS)

    Robles, Rosslin John; Kim, Tai-Hoon

    A control system is a device or set of devices to manage, command, direct or regulate the behavior of other devices or systems. The trend in most systems is that they are connected through the Internet. Traditional Supervisory Control and Data Acquisition Systems (SCADA) is connected only in a limited private network Since the internet Supervisory Control and Data Acquisition Systems (SCADA) facility has brought a lot of advantages in terms of control, data viewing and generation. Along with these advantages, are security issues regarding web SCADA, operators are pushed to connect Control Systems through the internet. Because of this, many issues regarding security surfaced. In this paper, we discuss web SCADA and the issues regarding security. As a countermeasure, a web SCADA security solution using crossed-crypto-scheme is proposed to be used in the communication of SCADA components.

  19. Usable SPACE: Security, Privacy, and Context for the Mobile User

    NASA Astrophysics Data System (ADS)

    Jutla, Dawn

    Users breach the security of data within many financial applications daily as human and/or business expediency to access and use information wins over corporate security policy guidelines. Recognizing that changing user context often requires different security mechanisms, we discuss end-to-end solutions combining several security and context mechanisms for relevant security control and information presentation in various mobile user situations. We illustrate key concepts using Dimitri Kanevskys (IBM Research) early 2000s patented inventions for voice security and classification.

  20. 13 CFR 102.33 - Security of systems of records.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... 13 Business Credit and Assistance 1 2010-01-01 2010-01-01 false Security of systems of records....33 Security of systems of records. (a) Each Program/Support Office Head or designee shall establish administrative and physical controls to prevent unauthorized access to its systems of records, to prevent...

  1. Recommended Practice for Securing Control System Modems

    DOE Office of Scientific and Technical Information (OSTI.GOV)

    James R. Davidson; Jason L. Wright

    2008-01-01

    This paper addresses an often overlooked “backdoor” into critical infrastructure control systems created by modem connections. A modem’s connection to the public telephone system is similar to a corporate network connection to the Internet. By tracing typical attack paths into the system, this paper provides the reader with an analysis of the problem and then guides the reader through methods to evaluate existing modem security. Following the analysis, a series of methods for securing modems is provided. These methods are correlated to well-known networking security methods.

  2. Access control mechanism of wireless gateway based on open flow

    NASA Astrophysics Data System (ADS)

    Peng, Rong; Ding, Lei

    2017-08-01

    In order to realize the access control of wireless gateway and improve the access control of wireless gateway devices, an access control mechanism of SDN architecture which is based on Open vSwitch is proposed. The mechanism utilizes the features of the controller--centralized control and programmable. Controller send access control flow table based on the business logic. Open vSwitch helps achieve a specific access control strategy based on the flow table.

  3. Approach to spatial information security based on digital certificate

    NASA Astrophysics Data System (ADS)

    Cong, Shengri; Zhang, Kai; Chen, Baowen

    2005-11-01

    With the development of the online applications of geographic information systems (GIS) and the spatial information services, the spatial information security becomes more important. This work introduced digital certificates and authorization schemes into GIS to protect the crucial spatial information combining the techniques of the role-based access control (RBAC), the public key infrastructure (PKI) and the privilege management infrastructure (PMI). We investigated the spatial information granularity suited for sensitivity marking and digital certificate model that fits the need of GIS security based on the semantics analysis of spatial information. It implements a secure, flexible, fine-grained data access based on public technologies in GIS in the world.

  4. IT Security Support for Spaceport Command and Control System

    NASA Technical Reports Server (NTRS)

    McLain, Jeffrey

    2013-01-01

    During the fall 2013 semester, I worked at the Kennedy Space Center as an IT Security Intern in support of the Spaceport Command and Control System under the guidance of the IT Security Lead Engineer. Some of my responsibilities included assisting with security plan documentation collection, system hardware and software inventory, and malicious code and malware scanning. Throughout the semester, I had the opportunity to work on a wide range of security related projects. However, there are three projects in particular that stand out. The first project I completed was updating a large interactive spreadsheet that details the SANS Institutes Top 20 Critical Security Controls. My task was to add in all of the new commercial of the shelf (COTS) software listed on the SANS website that can be used to meet their Top 20 controls. In total, there are 153 unique security tools listed by SANS that meet one or more of their 20 controls. My second project was the creation of a database that will allow my mentor to keep track of the work done by the contractors that report to him in a more efficient manner by recording events as they occur throughout the quarter. Lastly, I expanded upon a security assessment of the Linux machines being used on center that I began last semester. To do this, I used a vulnerability and configuration tool that scans hosts remotely through the network and presents the user with an abundance of information detailing each machines configuration. The experience I gained from working on each of these projects has been invaluable, and I look forward to returning in the spring semester to continue working with the IT Security team.

  5. SecurePhone: a mobile phone with biometric authentication and e-signature support for dealing secure transactions on the fly

    NASA Astrophysics Data System (ADS)

    Ricci, R.; Chollet, G.; Crispino, M. V.; Jassim, S.; Koreman, J.; Olivar-Dimas, M.; Garcia-Salicetti, S.; Soria-Rodriguez, P.

    2006-05-01

    This article presents an overview of the SecurePhone project, with an account of the first results obtained. SecurePhone's primary aim is to realise a mobile phone prototype - the 'SecurePhone' - in which biometrical authentication enables users to deal secure, dependable transactions over a mobile network. The SecurePhone is based on a commercial PDA-phone, supplemented with specific software modules and a customised SIM card. It integrates in a single environment a number of advanced features: access to cryptographic keys through strong multimodal biometric authentication; appending and verification of digital signatures; real-time exchange and interactive modification of (esigned) documents and voice recordings. SecurePhone's 'biometric recogniser' is based on original research. A fused combination of three different biometric methods - speaker, face and handwritten signature verification - is exploited, with no need for dedicated hardware components. The adoption of non-intrusive, psychologically neutral biometric techniques is expected to mitigate rejection problems that often inhibit the social use of biometrics, and speed up the spread of e-signature technology. Successful biometric authentication grants access to SecurePhone's built-in esignature services through a user-friendly interface. Special emphasis is accorded to the definition of a trustworthy security chain model covering all aspects of system operation. The SecurePhone is expected to boost m-commerce and open new scenarios for m-business and m-work, by changing the way people interact and by improving trust and confidence in information technologies, often considered intimidating and difficult to use. Exploitation plans will also explore other application domains (physical and logical access control, securised mobile communications).

  6. Re-designing the PhEDEx Security Model

    NASA Astrophysics Data System (ADS)

    C-H, Huang; Wildish, T.; X, Zhang

    2014-06-01

    PhEDEx, the data-placement tool used by the CMS experiment at the LHC, was conceived in a more trusting time. The security model provided a safe environment for site agents and operators, but offerred little more protection than that. Data was not sufficiently protected against loss caused by operator error or software bugs or by deliberate manipulation of the database. Operators were given high levels of access to the database, beyond what was actually needed to accomplish their tasks. This exposed them to the risk of suspicion should an incident occur. Multiple implementations of the security model led to difficulties maintaining code, which can lead to degredation of security over time. In order to meet the simultaneous goals of protecting CMS data, protecting the operators from undue exposure to risk, increasing monitoring capabilities and improving maintainability of the security model, the PhEDEx security model was redesigned and re-implemented. Security was moved from the application layer into the database itself, fine-grained access roles were established, and tools and procedures created to control the evolution of the security model over time. In this paper we describe this work, we describe the deployment of the new security model, and we show how these enhancements improve security on several fronts simultaneously.

  7. Security Implications of OPC, OLE, DCOM, and RPC in Control Systems

    DOE Office of Scientific and Technical Information (OSTI.GOV)

    Not Available

    2006-01-01

    OPC is a collection of software programming standards and interfaces used in the process control industry. It is intended to provide open connectivity and vendor equipment interoperability. The use of OPC technology simplifies the development of control systems that integrate components from multiple vendors and support multiple control protocols. OPC-compliant products are available from most control system vendors, and are widely used in the process control industry. OPC was originally known as OLE for Process Control; the first standards for OPC were based on underlying services in the Microsoft Windows computing environment. These underlying services (OLE [Object Linking and Embedding],more » DCOM [Distributed Component Object Model], and RPC [Remote Procedure Call]) have been the source of many severe security vulnerabilities. It is not feasible to automatically apply vendor patches and service packs to mitigate these vulnerabilities in a control systems environment. Control systems using the original OPC data access technology can thus inherit the vulnerabilities associated with these services. Current OPC standardization efforts are moving away from the original focus on Microsoft protocols, with a distinct trend toward web-based protocols that are independent of any particular operating system. However, the installed base of OPC equipment consists mainly of legacy implementations of the OLE for Process Control protocols.« less

  8. Protection of data carriers using secure optical codes

    NASA Astrophysics Data System (ADS)

    Peters, John A.; Schilling, Andreas; Staub, René; Tompkin, Wayne R.

    2006-02-01

    Smartcard technologies, combined with biometric-enabled access control systems, are required for many high-security government ID card programs. However, recent field trials with some of the most secure biometric systems have indicated that smartcards are still vulnerable to well equipped and highly motivated counterfeiters. In this paper, we present the Kinegram Secure Memory Technology which not only provides a first-level visual verification procedure, but also reinforces the existing chip-based security measures. This security concept involves the use of securely-coded data (stored in an optically variable device) which communicates with the encoded hashed information stored in the chip memory via a smartcard reader device.

  9. Cyber Security Testing and Training Programs for Industrial Control Systems

    DOE Office of Scientific and Technical Information (OSTI.GOV)

    Daniel Noyes

    2012-03-01

    Service providers rely on industrial control systems (ICS) to manage the flow of water at dams, open breakers on power grids, control ventilation and cooling in nuclear power plants, and more. In today's interconnected environment, this can present a serious cyber security challenge. To combat this growing challenge, government, private industry, and academia are working together to reduce cyber risks. The Idaho National Laboratory (INL) is a key contributor to the Department of Energy National SCADA Test Bed (NSTB) and the Department of Homeland Security (DHS) Control Systems Security Program (CSSP), both of which focus on improving the overall securitymore » posture of ICS in the national critical infrastructure. In support of the NSTB, INL hosts a dedicated SCADA testing facility which consists of multiple control systems supplied by leading national and international manufacturers. Within the test bed, INL researchers systematically examine control system components and work to identify vulnerabilities. In support of the CSSP, INL develops and conducts training courses which are designed to increase awareness and defensive capabilities for IT/Control System professionals. These trainings vary from web-based cyber security trainings for control systems engineers to more advanced hands-on training that culminates with a Red Team/ Blue Team exercise that is conducted within an actual control systems environment. INL also provides staffing and operational support to the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Security Operations Center which responds to and analyzes control systems cyber incidents across the 18 US critical infrastructure sectors.« less

  10. Survey of methods for secure connection to the internet

    NASA Astrophysics Data System (ADS)

    Matsui, Shouichi

    1994-04-01

    This paper describes a study of a security method of protecting inside network computers against outside miscreants and unwelcome visitors and a control method when these computers are connected with the Internet. In the present Internet, a method to encipher all data cannot be used, so that it is necessary to utilize PEM (Privacy Enhanced Mail) capable of the encipherment and conversion of secret information. For preventing miscreant access by eavesdropping password, one-time password is effective. The most cost-effective method is a firewall system. This system lies between the outside and inside network. By limiting computers that directly communicate with the Internet, control is centralized and inside network security is protected. If the security of firewall systems is strictly controlled under correct setting, security within the network can be secured even in open networks such as the Internet.

  11. 49 CFR 8.31 - Industrial security.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... 49 Transportation 1 2011-10-01 2011-10-01 false Industrial security. 8.31 Section 8.31.../ACCESS Access to Information § 8.31 Industrial security. (a) Background. The National Industrial Security... classified pursuant to Executive Order 12356 of April 2, 1982, National Security Information, or its...

  12. 49 CFR 8.31 - Industrial security.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... 49 Transportation 1 2012-10-01 2012-10-01 false Industrial security. 8.31 Section 8.31.../ACCESS Access to Information § 8.31 Industrial security. (a) Background. The National Industrial Security... classified pursuant to Executive Order 12356 of April 2, 1982, National Security Information, or its...

  13. Laboratory security and emergency response guidance for laboratories working with select agents. Centers for Disease Control and Prevention.

    PubMed

    Richmond, Jonathan Y; Nesby-O'Dell, Shanna L

    2002-12-06

    In recent years, concern has increased regarding use of biologic materials as agents of terrorism, but these same agents are often necessary tools in clinical and research microbiology laboratories. Traditional biosafety guidelines for laboratories have emphasized use of optimal work practices, appropriate containment equipment, well-designed facilities, and administrative controls to minimize risk of worker injury and to ensure safeguards against laboratory contamination. The guidelines discussed in this report were first published in 1999 (U.S. Department of Health and Human Services/CDC and National Institutes of Health. Biosafety in microbiological and biomedical laboratories [BMBL]. Richmond JY, McKinney RW, eds. 4th ed. Washington, DC: US Department of Health and Human Services, 1999 [Appendix F]). In that report, physical security concerns were addressed, and efforts were focused on preventing unauthorized entry to laboratory areas and preventing unauthorized removal of dangerous biologic agents from the laboratory. Appendix F of BMBL is now being revised to include additional information regarding personnel risk assessments, and inventory controls. The guidelines contained in this report are intended for laboratories working with select agents under biosafety-level 2, 3, or 4 conditions as described in Sections II and III of BMBL. These recommendations include conducting facility risk assessments and developing comprehensive security plans to minimize the probability of misuse of select agents. Risk assessments should include systematic, site-specific reviews of 1) physical security; 2) security of data and electronic technology systems; 3) employee security; 4) access controls to laboratory and animal areas; 5) procedures for agent inventory and accountability; 6) shipping/transfer and receiving of select agents; 7) unintentional incident and injury policies; 8) emergency response plans; and 9) policies that address breaches in security. The security plan

  14. Securing Secrets and Managing Trust in Modern Computing Applications

    ERIC Educational Resources Information Center

    Sayler, Andy

    2016-01-01

    The amount of digital data generated and stored by users increases every day. In order to protect this data, modern computing systems employ numerous cryptographic and access control solutions. Almost all of such solutions, however, require the keeping of certain secrets as the basis of their security models. How best to securely store and control…

  15. [Development of a secure and cost-effective infrastructure for the access of arbitrary web-based image distribution systems].

    PubMed

    Hackländer, T; Kleber, K; Schneider, H; Demabre, N; Cramer, B M

    2004-08-01

    To build an infrastructure that enables radiologists on-call and external users a teleradiological access to the HTML-based image distribution system inside the hospital via internet. In addition, no investment costs should arise on the user side and the image data should be sent renamed using cryptographic techniques. A pure HTML-based system manages the image distribution inside the hospital, with an open source project extending this system through a secure gateway outside the firewall of the hospital. The gateway handles the communication between the external users and the HTML server within the network of the hospital. A second firewall is installed between the gateway and the external users and builds up a virtual private network (VPN). A connection between the gateway and the external user is only acknowledged if the computers involved authenticate each other via certificates and the external users authenticate via a multi-stage password system. All data are transferred encrypted. External users get only access to images that have been renamed to a pseudonym by means of automated processing before. With an ADSL internet access, external users achieve an image load frequency of 0.4 CT images per second. More than 90 % of the delay during image transfer results from security checks within the firewalls. Data passing the gateway induce no measurable delay. Project goals were realized by means of an infrastructure that works vendor independently with any HTML-based image distribution systems. The requirements of data security were realized using state-of-the-art web techniques. Adequate access and transfer speed lead to a widespread acceptance of the system on the part of external users.

  16. The Flask Security Architecture: System Support for Diverse Security Policies

    DTIC Science & Technology

    2006-01-01

    Flask microkernel -based operating sys­ tem, that successfully overcomes these obstacles to pol- icy flexibility. The cleaner separation of mechanism and...other object managers in the system to en- force those access control decisions. Although the pro­ totype system is microkernel -based, the security...mecha­ nisms do not depend on a microkernel architecture and will easily generalize beyond it. The resulting system provides policy flexibility. It sup

  17. Controlled Secure Direct Communication with Seven-Qubit Entangled States

    NASA Astrophysics Data System (ADS)

    Wang, Shu-Kai; Zha, Xin-Wei; Wu, Hao

    2018-01-01

    In this paper, a new controlled secure direct communication protocol based on a maximally seven-qubit entangled state is proposed. the outcomes of measurement is performed by the sender and the controller, the receiver can obtain different secret messages in a deterministic way with unit successful probability.In this scheme,by using entanglement swapping, no qubits carrying secret messages are transmitted.Therefore, the protocol is completely secure.

  18. Re-designing the PhEDEx Security Model

    DOE Office of Scientific and Technical Information (OSTI.GOV)

    Huang, C.-H.; Wildish, T.; Zhang, X.

    2014-01-01

    PhEDEx, the data-placement tool used by the CMS experiment at the LHC, was conceived in a more trusting time. The security model provided a safe environment for site agents and operators, but offerred little more protection than that. Data was not sufficiently protected against loss caused by operator error or software bugs or by deliberate manipulation of the database. Operators were given high levels of access to the database, beyond what was actually needed to accomplish their tasks. This exposed them to the risk of suspicion should an incident occur. Multiple implementations of the security model led to difficulties maintainingmore » code, which can lead to degredation of security over time. In order to meet the simultaneous goals of protecting CMS data, protecting the operators from undue exposure to risk, increasing monitoring capabilities and improving maintainability of the security model, the PhEDEx security model was redesigned and re-implemented. Security was moved from the application layer into the database itself, fine-grained access roles were established, and tools and procedures created to control the evolution of the security model over time. In this paper we describe this work, we describe the deployment of the new security model, and we show how these enhancements improve security on several fronts simultaneously.« less

  19. Security and privacy issues of personal health.

    PubMed

    Blobel, Bernd; Pharow, Peter

    2007-01-01

    While health systems in developed countries and increasingly also in developing countries are moving from organisation-centred to person-centred health service delivery, the supporting communication and information technology is faced with new risks regarding security and privacy of stakeholders involved. The comprehensively distributed environment puts special burden on guaranteeing communication security services, but even more on guaranteeing application security services dealing with privilege management, access control and audit regarding social implication and connected sensitivity of personal information recorded, processed, communicated and stored in an even internationally distributed environment.

  20. 10 CFR 1046.14 - Access authorization.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... authorization for the highest level of classified matter to which they potentially have access. Security police... by the site security organization and approved by the Head of the Field Element. Security police officers shall possess a minimum of an “L” or DOE Secret access authorization. Security police officers...

  1. Auditing Albaha University Network Security using in-house Developed Penetration Tool

    NASA Astrophysics Data System (ADS)

    Alzahrani, M. E.

    2018-03-01

    Network security becomes very important aspect in any enterprise/organization computer network. If important information of the organization can be accessed by anyone it may be used against the organization for further own interest. Thus, network security comes into it roles. One of important aspect of security management is security audit. Security performance of Albaha university network is relatively low (in term of the total controls outlined in the ISO 27002 security control framework). This paper proposes network security audit tool to address issues in Albaha University network. The proposed penetration tool uses Nessus and Metasploit tool to find out the vulnerability of a site. A regular self-audit using inhouse developed tool will increase the overall security and performance of Albaha university network. Important results of the penetration test are discussed.

  2. Implementing Patient Access to Electronic Health Records Under HIPAA: Lessons Learned

    PubMed Central

    Wang, Tiffany; Pizziferri, Lisa; Volk, Lynn A; Mikels, Debra A; Grant, Karen G; Wald, Jonathan S; Bates, David W

    2004-01-01

    In 2001, the Institute of Medicine (IOM) and the Health Insurance Portability and Accountability Act (HIPAA) emphasized the need for patients to have greater control over their health information. We describe a Boston healthcare system's approach to providing patients access to their electronic health records (EHRs) via Patient Gateway, a secure, Web-based portal. Implemented in 19 clinic sites to date, Patient Gateway allows patients to access information from their medical charts via the Internet in a secure manner. Since 2002, over 19,000 patients have enrolled in Patient Gateway, more than 125,000 patients have logged into the system, and over 37,000 messages have been sent by patients to their practices. There have been no major security concerns. By providing access to EHR data, secure systems like Patient Gateway allow patients a greater role in their healthcare process, as envisioned by the IOM and HIPAA. PMID:18066391

  3. Distributed Secure Coordinated Control for Multiagent Systems Under Strategic Attacks.

    PubMed

    Feng, Zhi; Wen, Guanghui; Hu, Guoqiang

    2017-05-01

    This paper studies a distributed secure consensus tracking control problem for multiagent systems subject to strategic cyber attacks modeled by a random Markov process. A hybrid stochastic secure control framework is established for designing a distributed secure control law such that mean-square exponential consensus tracking is achieved. A connectivity restoration mechanism is considered and the properties on attack frequency and attack length rate are investigated, respectively. Based on the solutions of an algebraic Riccati equation and an algebraic Riccati inequality, a procedure to select the control gains is provided and stability analysis is studied by using Lyapunov's method.. The effect of strategic attacks on discrete-time systems is also investigated. Finally, numerical examples are provided to illustrate the effectiveness of theoretical analysis.

  4. DOE/DHS INDUSTRIAL CONTROL SYSTEM CYBER SECURITY PROGRAMS: A MODEL FOR USE IN NUCLEAR FACILITY SAFEGUARDS AND SECURITY

    DOE Office of Scientific and Technical Information (OSTI.GOV)

    Robert S. Anderson; Mark Schanfein; Trond Bjornard

    2011-07-01

    Many critical infrastructure sectors have been investigating cyber security issues for several years especially with the help of two primary government programs. The U.S. Department of Energy (DOE) National SCADA Test Bed and the U.S. Department of Homeland Security (DHS) Control Systems Security Program have both implemented activities aimed at securing the industrial control systems that operate the North American electric grid along with several other critical infrastructure sectors (ICS). These programs have spent the last seven years working with industry including asset owners, educational institutions, standards and regulating bodies, and control system vendors. The programs common mission is tomore » provide outreach, identification of cyber vulnerabilities to ICS and mitigation strategies to enhance security postures. The success of these programs indicates that a similar approach can be successfully translated into other sectors including nuclear operations, safeguards, and security. The industry regulating bodies have included cyber security requirements and in some cases, have incorporated sets of standards with penalties for non-compliance such as the North American Electric Reliability Corporation Critical Infrastructure Protection standards. These DOE and DHS programs that address security improvements by both suppliers and end users provide an excellent model for nuclear facility personnel concerned with safeguards and security cyber vulnerabilities and countermeasures. It is not a stretch to imagine complete surreptitious collapse of protection against the removal of nuclear material or even initiation of a criticality event as witnessed at Three Mile Island or Chernobyl in a nuclear ICS inadequately protected against the cyber threat.« less

  5. Detection and response to unauthorized access to a communication device

    DOEpatents

    Smith, Rhett; Gordon, Colin

    2015-09-08

    A communication gateway consistent with the present disclosure may detect unauthorized physical or electronic access and implement security actions in response thereto. A communication gateway may provide a communication path to an intelligent electronic device (IED) using an IED communications port configured to communicate with the IED. The communication gateway may include a physical intrusion detection port and a network port. The communication gateway may further include control logic configured to evaluate physical intrusion detection signal. The control logic may be configured to determine that the physical intrusion detection signal is indicative of an attempt to obtain unauthorized access to one of the communication gateway, the IED, and a device in communication with the gateway; and take a security action based upon the determination that the indication is indicative of the attempt to gain unauthorized access.

  6. PCASSO: a design for secure communication of personal health information via the internet.

    PubMed

    Baker, D B; Masys, D R

    1999-05-01

    The Internet holds both promise and peril for the communications of person-identifiable health information. Because of technical features designed to promote accessibility and interoperability rather than security, Internet addressing conventions and transport protocols are vulnerable to compromise by malicious persons and programs. In addition, most commonly used personal computer (PC) operating systems currently lack the hardware-based system software protection and process isolation that are essential for ensuring the integrity of trusted applications. Security approaches designed for electronic commerce, that trade known security weaknesses for limited financial liability, are not sufficient for personal health data, where the personal damage caused by unintentional disclosure may be far more serious. To overcome these obstacles, we are developing and evaluating an Internet-based communications system called PCASSO (Patient-centered access to secure systems online) that applies state of the art security to health information. PCASSO includes role-based access control, multi-level security, strong device and user authentication, session-specific encryption and audit trails. Unlike Internet-based electronic commerce 'solutions,' PCASSO secures data end-to-end: in the server; in the data repository; across the network; and on the client. PCASSO is designed to give patients as well as providers access to personal health records via the Internet.

  7. Cyber security challenges in Smart Cities: Safety, security and privacy

    PubMed Central

    Elmaghraby, Adel S.; Losavio, Michael M.

    2014-01-01

    The world is experiencing an evolution of Smart Cities. These emerge from innovations in information technology that, while they create new economic and social opportunities, pose challenges to our security and expectations of privacy. Humans are already interconnected via smart phones and gadgets. Smart energy meters, security devices and smart appliances are being used in many cities. Homes, cars, public venues and other social systems are now on their path to the full connectivity known as the “Internet of Things.” Standards are evolving for all of these potentially connected systems. They will lead to unprecedented improvements in the quality of life. To benefit from them, city infrastructures and services are changing with new interconnected systems for monitoring, control and automation. Intelligent transportation, public and private, will access a web of interconnected data from GPS location to weather and traffic updates. Integrated systems will aid public safety, emergency responders and in disaster recovery. We examine two important and entangled challenges: security and privacy. Security includes illegal access to information and attacks causing physical disruptions in service availability. As digital citizens are more and more instrumented with data available about their location and activities, privacy seems to disappear. Privacy protecting systems that gather data and trigger emergency response when needed are technological challenges that go hand-in-hand with the continuous security challenges. Their implementation is essential for a Smart City in which we would wish to live. We also present a model representing the interactions between person, servers and things. Those are the major element in the Smart City and their interactions are what we need to protect. PMID:25685517

  8. Cyber security challenges in Smart Cities: Safety, security and privacy.

    PubMed

    Elmaghraby, Adel S; Losavio, Michael M

    2014-07-01

    The world is experiencing an evolution of Smart Cities. These emerge from innovations in information technology that, while they create new economic and social opportunities, pose challenges to our security and expectations of privacy. Humans are already interconnected via smart phones and gadgets. Smart energy meters, security devices and smart appliances are being used in many cities. Homes, cars, public venues and other social systems are now on their path to the full connectivity known as the "Internet of Things." Standards are evolving for all of these potentially connected systems. They will lead to unprecedented improvements in the quality of life. To benefit from them, city infrastructures and services are changing with new interconnected systems for monitoring, control and automation. Intelligent transportation, public and private, will access a web of interconnected data from GPS location to weather and traffic updates. Integrated systems will aid public safety, emergency responders and in disaster recovery. We examine two important and entangled challenges: security and privacy. Security includes illegal access to information and attacks causing physical disruptions in service availability. As digital citizens are more and more instrumented with data available about their location and activities, privacy seems to disappear. Privacy protecting systems that gather data and trigger emergency response when needed are technological challenges that go hand-in-hand with the continuous security challenges. Their implementation is essential for a Smart City in which we would wish to live. We also present a model representing the interactions between person, servers and things. Those are the major element in the Smart City and their interactions are what we need to protect.

  9. Emerging Technology for School Security

    ERIC Educational Resources Information Center

    Doss, Kevin T.

    2012-01-01

    Locks and keys ring up huge costs for education institutions. No wonder many facility directors and public-safety directors have turned to automated access-control systems with magnetic-stripe cards, proximity cards and, most recently, smart cards. Smart cards can provide a host of on- and off-campus services beyond security. In addition to…

  10. Task Delegation Based Access Control Models for Workflow Systems

    NASA Astrophysics Data System (ADS)

    Gaaloul, Khaled; Charoy, François

    e-Government organisations are facilitated and conducted using workflow management systems. Role-based access control (RBAC) is recognised as an efficient access control model for large organisations. The application of RBAC in workflow systems cannot, however, grant permissions to users dynamically while business processes are being executed. We currently observe a move away from predefined strict workflow modelling towards approaches supporting flexibility on the organisational level. One specific approach is that of task delegation. Task delegation is a mechanism that supports organisational flexibility, and ensures delegation of authority in access control systems. In this paper, we propose a Task-oriented Access Control (TAC) model based on RBAC to address these requirements. We aim to reason about task from organisational perspectives and resources perspectives to analyse and specify authorisation constraints. Moreover, we present a fine grained access control protocol to support delegation based on the TAC model.

  11. Intelligent Facial Recognition Systems: Technology advancements for security applications

    DOE Office of Scientific and Technical Information (OSTI.GOV)

    Beer, C.L.

    1993-07-01

    Insider problems such as theft and sabotage can occur within the security and surveillance realm of operations when unauthorized people obtain access to sensitive areas. A possible solution to these problems is a means to identify individuals (not just credentials or badges) in a given sensitive area and provide full time personnel accountability. One approach desirable at Department of Energy facilities for access control and/or personnel identification is an Intelligent Facial Recognition System (IFRS) that is non-invasive to personnel. Automatic facial recognition does not require the active participation of the enrolled subjects, unlike most other biological measurement (biometric) systems (e.g.,more » fingerprint, hand geometry, or eye retinal scan systems). It is this feature that makes an IFRS attractive for applications other than access control such as emergency evacuation verification, screening, and personnel tracking. This paper discusses current technology that shows promising results for DOE and other security applications. A survey of research and development in facial recognition identified several companies and universities that were interested and/or involved in the area. A few advanced prototype systems were also identified. Sandia National Laboratories is currently evaluating facial recognition systems that are in the advanced prototype stage. The initial application for the evaluation is access control in a controlled environment with a constant background and with cooperative subjects. Further evaluations will be conducted in a less controlled environment, which may include a cluttered background and subjects that are not looking towards the camera. The outcome of the evaluations will help identify areas of facial recognition systems that need further development and will help to determine the effectiveness of the current systems for security applications.« less

  12. Poverty, food security and universal access to sexual and reproductive health services: a call for cross-movement advocacy against neoliberal globalisation.

    PubMed

    Sundari Ravindran, T K

    2014-05-01

    Universal access to sexual and reproductive health services is one of the goals of the International Conference on Population and Development of 1994. The Millennium Development Goals were intended above all to end poverty. Universal access to health and health services are among the goals being considered for the post-2015 agenda, replacing or augmenting the MDGs. Yet we are not only far from reaching any of these goals but also appear to have lost our way somewhere along the line. Poverty and lack of food security have, through their multiple linkages to health and access to health care, deterred progress towards universal access to health services, including for sexual and reproductive health needs. A more insidious influence is neoliberal globalisation. This paper describes neoliberal globalisation and the economic policies it has engendered, the ways in which it influences poverty and food security, and the often unequal impact it has had on women as compared to men. It explores the effects of neoliberal economic policies on health, health systems, and universal access to health care services, and the implications for access to sexual and reproductive health. To be an advocate for universal access to health and health care is to become an advocate against neoliberal globalisation. Copyright © 2014 Reproductive Health Matters. Published by Elsevier Ltd. All rights reserved.

  13. 48 CFR 1352.237-72 - Security processing requirements-national security contracts.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    .... National Security Contracts require contractor employees to gain access to national security information in.... (c) Security Procedures. Position sensitivity/risk assessments must be conducted on all functions... same manner as assessment of those functions performed by government employees. The Contracting Officer...

  14. 48 CFR 1352.237-72 - Security processing requirements-national security contracts.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    .... National Security Contracts require contractor employees to gain access to national security information in.... (c) Security procedures. Position sensitivity/risk assessments must be conducted on all functions... same manner as assessment of those functions performed by government employees. The Contracting Officer...

  15. 48 CFR 1352.237-72 - Security processing requirements-national security contracts.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    .... National Security Contracts require contractor employees to gain access to national security information in.... (c) Security procedures. Position sensitivity/risk assessments must be conducted on all functions... same manner as assessment of those functions performed by government employees. The Contracting Officer...

  16. 48 CFR 1352.237-72 - Security processing requirements-national security contracts.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    .... National Security Contracts require contractor employees to gain access to national security information in.... (c) Security Procedures. Position sensitivity/risk assessments must be conducted on all functions... same manner as assessment of those functions performed by government employees. The Contracting Officer...

  17. 33 CFR 104.270 - Security measures for restricted areas.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... surveillance equipment and systems and their controls and lighting system controls; (3) Ventilation and air-conditioning systems and other similar spaces; (4) Spaces with access to potable water tanks, pumps, or... security and surveillance equipment and systems; and (6) Protect cargo and vessel stores from tampering. (b...

  18. Review of SDDOT's highway access control process

    DOT National Transportation Integrated Search

    2000-02-01

    This report presents the results and recommendations of a review of the South Dakota Department of Transportation's (SDDOT's) highway access control process. This document presents recommendations that improve South Dakota's access policy. The docume...

  19. Typing for Conflict Detection in Access Control Policies

    NASA Astrophysics Data System (ADS)

    Adi, Kamel; Bouzida, Yacine; Hattak, Ikhlass; Logrippo, Luigi; Mankovskii, Serge

    In this paper we present an access control model that considers both abstract and concrete access control policies specifications. Permissions and prohibitions are expressed within this model with contextual conditions. This situation may lead to conflicts. We propose a type system that is applied to the different rules in order to check for inconsistencies. If a resource is well typed, it is guaranteed that access rules to the resource contain no conflicts.

  20. 32 CFR 154.67 - Access restrictions.

    Code of Federal Regulations, 2012 CFR

    2012-07-01

    ... 32 National Defense 1 2012-07-01 2012-07-01 false Access restrictions. 154.67 Section 154.67 National Defense Department of Defense OFFICE OF THE SECRETARY OF DEFENSE SECURITY DEPARTMENT OF DEFENSE... restrictions. Access to personnel security investigative reports and personnel security clearance determination...

  1. SPCC- Software Elements for Security Partition Communication Controller

    NASA Astrophysics Data System (ADS)

    Herpel, H. J.; Willig, G.; Montano, G.; Tverdyshev, S.; Eckstein, K.; Schoen, M.

    2016-08-01

    Future satellite missions like Earth Observation, Telecommunication or any other kind are likely to be exposed to various threats aiming at exploiting vulnerabilities of the involved systems and communications. Moreover, the growing complexity of systems coupled with more ambitious types of operational scenarios imply increased security vulnerabilities in the future. In the paper we will describe an architecture and software elements to ensure high level of security on-board a spacecraft. First the threats to the Security Partition Communication Controller (SPCC) will be addressed including the identification of specific vulnerabilities to the SPCC. Furthermore, appropriate security objectives and security requirements are identified to be counter the identified threats. The security evaluation of the SPCC will be done in accordance to the Common Criteria (CC). The Software Elements for SPCC has been implemented on flight representative hardware which consists of two major elements: the I/O board and the SPCC board. The SPCC board provides the interfaces with ground while the I/O board interfaces with typical spacecraft equipment busses. Both boards are physically interconnected by a high speed spacewire (SpW) link.

  2. Data security.

    PubMed

    2016-09-01

    A government-commissioned review of data security across health and care has led to the proposal of new standards for security and options for a consent/opt-out model. Standards include that all staff complete appropriate annual data security training and pass a mandatory test provided through the revised Information Governance Toolkit, that personal confidential data is only accessible to staff who need it for their current role, and that access is removed as soon as it is no longer required. The consent/opt-out model is outlined under 8 statements, and includes certain circumstances where it will not apply, for example, where there is an overriding public interest, or mandatory legal requirement.

  3. Building Multilevel Secure Web Services-Based Components for the Global Information Grid

    DTIC Science & Technology

    2006-05-01

    unclassified Standard Form 298 (Rev. 8-98) Prescribed by ANSI Std Z39-18 Transforming: Business , Security ,Warfighting 16 CROSSTALK The Journal of Defense...A Single Step of the BAC Table 1: A Single Step of the Block Access Controller Transforming: Business , Security ,Warfighting 18 CROSSTALK The Journal

  4. Security Concepts for Satellite Links

    NASA Astrophysics Data System (ADS)

    Tobehn, C.; Penné, B.; Rathje, R.; Weigl, A.; Gorecki, Ch.; Michalik, H.

    2008-08-01

    The high costs to develop, launch and maintain a satellite network makes protecting the assets imperative. Attacks may be passive such as eavesdropping on the payload data. More serious threat are active attacks that try to gain control of the satellite, which may lead to the total lost of the satellite asset. To counter these threats, new satellite and ground systems are using cryptographic technologies to provide a range of services: confidentiality, entity & message authentication, and data integrity. Additionally, key management cryptographic services are required to support these services. This paper describes the key points of current satellite control and operations, that are authentication of the access to the satellite TMTC link and encryption of security relevant TM/TC data. For payload data management the key points are multi-user ground station access and high data rates both requiring frequent updates and uploads of keys with the corresponding key management methods. For secure satellite management authentication & key negotiation algorithms as HMAC-RIPEMD160, EC- DSA and EC-DH are used. Encryption of data uses algorithms as IDEA, AES, Triple-DES, or other. A channel coding and encryption unit for payload data provides download data rates up to Nx250 Mbps. The presented concepts are based on our experience and heritage of the security systems for all German MOD satellite projects (SATCOMBw2, SAR-Lupe multi- satellite system and German-French SAR-Lupe-Helios- II systems inter-operability) as well as for further international (KOMPSAT-II Payload data link system) and ESA activities (TMTC security and GMES).

  5. Secured web-based video repository for multicenter studies

    PubMed Central

    Yan, Ling; Hicks, Matt; Winslow, Korey; Comella, Cynthia; Ludlow, Christy; Jinnah, H. A; Rosen, Ami R; Wright, Laura; Galpern, Wendy R; Perlmutter, Joel S

    2015-01-01

    Background We developed a novel secured web-based dystonia video repository for the Dystonia Coalition, part of the Rare Disease Clinical Research network funded by the Office of Rare Diseases Research and the National Institute of Neurological Disorders and Stroke. A critical component of phenotypic data collection for all projects of the Dystonia Coalition includes a standardized video of each participant. We now describe our method for collecting, serving and securing these videos that is widely applicable to other studies. Methods Each recruiting site uploads standardized videos to a centralized secured server for processing to permit website posting. The streaming technology used to view the videos from the website does not allow downloading of video files. With appropriate institutional review board approval and agreement with the hosting institution, users can search and view selected videos on the website using customizable, permissions-based access that maintains security yet facilitates research and quality control. Results This approach provides a convenient platform for researchers across institutions to evaluate and analyze shared video data. We have applied this methodology for quality control, confirmation of diagnoses, validation of rating scales, and implementation of new research projects. Conclusions We believe our system can be a model for similar projects that require access to common video resources. PMID:25630890

  6. SPI/U3.2. Security Profile Inspector for UNIX Systems

    DOE Office of Scientific and Technical Information (OSTI.GOV)

    Bartoletti, A.

    1994-08-01

    SPI/U3.2 consists of five tools used to assess and report the security posture of computers running the UNIX operating system. The tools are: Access Control Test: A rule-based system which identifies sequential dependencies in UNIX access controls. Binary Authentication Tool: Evaluates the release status of system binaries by comparing a crypto-checksum to provide table entries. Change Detection Tool: Maintains and applies a snapshot of critical system files and attributes for purposes of change detection. Configuration Query Language: Accepts CQL-based scripts (provided) to evaluate queries over the status of system files, configuration of services and many other elements of UNIX systemmore » security. Password Security Inspector: Tests for weak or aged passwords. The tools are packaged with a forms-based user interface providing on-line context-sensistive help, job scheduling, parameter management and output report management utilities. Tools may be run independent of the UI.« less

  7. Securing the Global Airspace System Via Identity-Based Security

    NASA Technical Reports Server (NTRS)

    Ivancic, William D.

    2015-01-01

    Current telecommunications systems have very good security architectures that include authentication and authorization as well as accounting. These three features enable an edge system to obtain access into a radio communication network, request specific Quality-of-Service (QoS) requirements and ensure proper billing for service. Furthermore, the links are secure. Widely used telecommunication technologies are Long Term Evolution (LTE) and Worldwide Interoperability for Microwave Access (WiMAX) This paper provides a system-level view of network-centric operations for the global airspace system and the problems and issues with deploying new technologies into the system. The paper then focuses on applying the basic security architectures of commercial telecommunication systems and deployment of federated Authentication, Authorization and Accounting systems to provide a scalable, evolvable reliable and maintainable solution to enable a globally deployable identity-based secure airspace system.

  8. A novel and lightweight system to secure wireless medical sensor networks.

    PubMed

    He, Daojing; Chan, Sammy; Tang, Shaohua

    2014-01-01

    Wireless medical sensor networks (MSNs) are a key enabling technology in e-healthcare that allows the data of a patient's vital body parameters to be collected by the wearable or implantable biosensors. However, the security and privacy protection of the collected data is a major unsolved issue, with challenges coming from the stringent resource constraints of MSN devices, and the high demand for both security/privacy and practicality. In this paper, we propose a lightweight and secure system for MSNs. The system employs hash-chain based key updating mechanism and proxy-protected signature technique to achieve efficient secure transmission and fine-grained data access control. Furthermore, we extend the system to provide backward secrecy and privacy preservation. Our system only requires symmetric-key encryption/decryption and hash operations and is thus suitable for the low-power sensor nodes. This paper also reports the experimental results of the proposed system in a network of resource-limited motes and laptop PCs, which show its efficiency in practice. To the best of our knowledge, this is the first secure data transmission and access control system for MSNs until now.

  9. 7 CFR 274.11 - Issuance and inventory record retention, and forms security.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... processed within the State agency. The State agency shall use numbers, batching, inventory control logs, or...) Secure storage; (iii) Access limited to authorized personnel; (iv) Bulk inventory control records; (v... validation of inventory controls and records by parties not otherwise involved in maintaining control records...

  10. Air Traffic Control: Weak Computer Security Practices Jeopardize Flight Safety

    DOT National Transportation Integrated Search

    1998-05-01

    Given the paramount importance of computer security of Air Traffic Control (ATC) systems, Congress asked the General Accounting Office to determine (1) whether the Fedcral Aviation Administration (FAA) is effectively managing physical security at ATC...

  11. Health Information Security: A Case Study of Three Selected Medical Centers in Iran

    PubMed Central

    Hajrahimi, Nafiseh; Dehaghani, Sayed Mehdi Hejazi; Sheikhtaheri, Abbas

    2013-01-01

    Health Information System (HIS) is considered a unique factor in improving the quality of health care activities and cost reduction, but today with the development of information technology and use of internet and computer networks, patients’ electronic records and health information systems have become a source for hackers. Methods This study aims at checking health information security of three selected medical centers in Iran using AHP fuzzy and TOPSIS compound model. To achieve that security measures were identified, based on the research literature and decision making matrix using experts’ points of view. Results and discussion Among the 27 indicators, seven indicators were selected as effective indicators and Fuzzy AHP technique was used to determine the importance of security indicators. Based on the comparisons made between the three selected medical centers to assess the security of health information, it is concluded that Chamran hospital has the most acceptable level of security and attention in three indicators of “verification and system design, user access management, access control system”, Al Zahra Hospital in two indicators of “access management and network access control” and Amin Hospital in “equipment safety and system design”. In terms of information security, Chamran Hospital ranked first, Al-Zahra Hospital ranked second and Al- Zahra hospital has the third place. PMID:23572861

  12. The experience of living with sensory hyperreactivity-accessibility, financial security, and social relationships.

    PubMed

    Söderholm, Anna; Söderberg, Anna; Nordin, Steven

    2011-08-01

    Odor intolerance is a frequently reported problem, predominantly among women. Our purpose was to illuminate how individuals living with sensory hyperreactivity (SHR; a form of odor intolerance) experience its impact on accessibility, financial security, and social relationships. Data were collected by having 12 women with SHR write descriptive texts. These texts were analyzed with qualitative content analysis. Six themes were identified: Being limited in participating in society, being forced to behave incompatibly with one's personality, experiencing lack of understanding and respect from others, experiencing insecurity, being dependent on others, and being forced to choose between the plague and cholera.

  13. The role of optics in secure credentials

    NASA Astrophysics Data System (ADS)

    Lichtenstein, Terri L.

    2006-02-01

    The global need for secure ID credentials has grown rapidly over the last few years. This is evident both in government and commercial sectors. Governmental programs include national ID card programs, permanent resident cards for noncitizens, biometric visas or border crossing cards, foreign worker ID programs and secure vehicle registration programs. The commercial need for secure credentials includes secure banking and financial services, security and access control systems and digital healthcare record cards. All of these programs necessitate the use of multiple tamper and counterfeit resistant features for credential authentication and cardholder verification. It is generally accepted that a secure credential should include a combination of overt, covert and forensic security features. The LaserCard optical memory card is a proven example of a secure credential that uses a variety of optical features to enhance its counterfeit resistance and reliability. This paper will review those features and how they interact to create a better credential.

  14. Security model for VM in cloud

    NASA Astrophysics Data System (ADS)

    Kanaparti, Venkataramana; Naveen K., R.; Rajani, S.; Padmvathamma, M.; Anitha, C.

    2013-03-01

    Cloud computing is a new approach emerged to meet ever-increasing demand for computing resources and to reduce operational costs and Capital Expenditure for IT services. As this new way of computation allows data and applications to be stored away from own corporate server, it brings more issues in security such as virtualization security, distributed computing, application security, identity management, access control and authentication. Even though Virtualization forms the basis for cloud computing it poses many threats in securing cloud. As most of Security threats lies at Virtualization layer in cloud we proposed this new Security Model for Virtual Machine in Cloud (SMVC) in which every process is authenticated by Trusted-Agent (TA) in Hypervisor as well as in VM. Our proposed model is designed to with-stand attacks by unauthorized process that pose threat to applications related to Data Mining, OLAP systems, Image processing which requires huge resources in cloud deployed on one or more VM's.

  15. Assurance: the power behind PCASSO security.

    PubMed Central

    Baker, D. B.; Masys, D. R.; Jones, R. L.; Barnhart, R. M.

    1999-01-01

    The need for security protection in Internet-based healthcare applications is generally acknowledged. Most healthcare applications that use the Internet have at least implemented some kind of encryption. Most applications also enforce user authentication and access control policies, and many audit user actions. However, most fall short on providing strong assurances that the security mechanisms are behaving as expected and that they cannot be subverted. While no system can claim to be totally "bulletproof," PCASSO provides assurance of correct operation through formal, disciplined design and development methodologies, as well as through functional and penetration testing. Through its security mechanisms, backed by strong system assurances, PCASSO is demonstrating "safe" use of public data networks for health care. PMID:10566443

  16. An Overview of Public Access Computer Software Management Tools for Libraries

    ERIC Educational Resources Information Center

    Wayne, Richard

    2004-01-01

    An IT decision maker gives an overview of public access PC software that's useful in controlling session length and scheduling, Internet access, print output, security, and the latest headaches: spyware and adware. In this article, the author describes a representative sample of software tools in several important categories such as setup…

  17. 21 CFR 1301.73 - Physical security controls for non-practitioners; compounders for narcotic treatment programs...

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 21 Food and Drugs 9 2010-04-01 2010-04-01 false Physical security controls for non-practitioners..., DISTRIBUTORS, AND DISPENSERS OF CONTROLLED SUBSTANCES Security Requirements § 1301.73 Physical security... adequate security for the area or building. If such security requires an alarm, such alarm, upon...

  18. 17 CFR 200.510 - Access by historical researchers.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 17 Commodity and Securities Exchanges 2 2011-04-01 2011-04-01 false Access by historical researchers. 200.510 Section 200.510 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION... Security Information and Material § 200.510 Access by historical researchers. (a) Persons outside the...

  19. 17 CFR 200.510 - Access by historical researchers.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 17 Commodity and Securities Exchanges 2 2012-04-01 2012-04-01 false Access by historical researchers. 200.510 Section 200.510 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION... Security Information and Material § 200.510 Access by historical researchers. (a) Persons outside the...

  20. 17 CFR 200.510 - Access by historical researchers.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 17 Commodity and Securities Exchanges 2 2013-04-01 2013-04-01 false Access by historical researchers. 200.510 Section 200.510 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION... Security Information and Material § 200.510 Access by historical researchers. (a) Persons outside the...

  1. Patient privacy protection using anonymous access control techniques.

    PubMed

    Weerasinghe, D; Rajarajan, M; Elmufti, K; Rakocevic, V

    2008-01-01

    The objective of this study is to develop a solution to preserve security and privacy in a healthcare environment where health-sensitive information will be accessed by many parties and stored in various distributed databases. The solution should maintain anonymous medical records and it should be able to link anonymous medical information in distributed databases into a single patient medical record with the patient identity. In this paper we present a protocol that can be used to authenticate and authorize patients to healthcare services without providing the patient identification. Healthcare service can identify the patient using separate temporary identities in each identification session and medical records are linked to these temporary identities. Temporary identities can be used to enable record linkage and reverse track real patient identity in critical medical situations. The proposed protocol provides main security and privacy services such as user anonymity, message privacy, message confidentiality, user authentication, user authorization and message replay attacks. The medical environment validates the patient at the healthcare service as a real and registered patient for the medical services. Using the proposed protocol, the patient anonymous medical records at different healthcare services can be linked into one single report and it is possible to securely reverse track anonymous patient into the real identity. The protocol protects the patient privacy with a secure anonymous authentication to healthcare services and medical record registries according to the European and the UK legislations, where the patient real identity is not disclosed with the distributed patient medical records.

  2. Restricted access processor - An application of computer security technology

    NASA Technical Reports Server (NTRS)

    Mcmahon, E. M.

    1985-01-01

    This paper describes a security guard device that is currently being developed by Computer Sciences Corporation (CSC). The methods used to provide assurance that the system meets its security requirements include the system architecture, a system security evaluation, and the application of formal and informal verification techniques. The combination of state-of-the-art technology and the incorporation of new verification procedures results in a demonstration of the feasibility of computer security technology for operational applications.

  3. A Security-façade Library for Virtual-observatory Software

    NASA Astrophysics Data System (ADS)

    Rixon, G.

    2009-09-01

    The security-façade library implements, for Java, IVOA's security standards. It supports the authentication mechanisms for SOAP and REST web-services, the sign-on mechanisms (with MyProxy, AstroGrid Accounts protocol or local credential-caches), the delegation protocol, and RFC3820-enabled HTTPS for Apache Tomcat. Using the façade, a developer who is not a security specialist can easily add access control to a virtual-observatory service and call secured services from an application. The library has been an internal part of AstroGrid software for some time and it is now offered for use by other developers.

  4. A Pilot Examination of the Methods Used to Counteract Insider Threat Security Risks Associated with the Use of Radioactive Materials in the Research and Clinical Setting.

    PubMed

    Tsenov, B G; Emery, R J; Whitehead, L W; Gonzalez, J Reingle; Gemeinhardt, G L

    2018-03-01

    While many organizations maintain multiple layers of security control methodologies to prevent outsiders from gaining unauthorized access, persons such as employees or contractors who have been granted legitimate access can represent an "insider threat" risk. Interestingly, some of the most notable radiological events involving the purposeful contamination or exposure of individuals appear to have been perpetrated by insiders. In the academic and medical settings, radiation safety professionals focus their security efforts on (1) ensuring controls are in place to prevent unauthorized access or removal of sources, and (2) increasing security controls for the unescorted accessing of large sources of radioactivity (known as "quantities of concern"). But these controls may not completely address the threat insiders represent when radioactive materials below these quantities are present. The goal of this research project was to characterize the methodologies currently employed to counteract the insider security threat for the misuse or purposeful divergence of radioactive materials used in the academic and medical settings. A web-based survey was used to assess how practicing radiation safety professionals in academic and medical settings anticipate, evaluate, and control insider threat security risks within their institutions. While all respondents indicated that radioactive sources are being used in amounts below quantities of concern, only 6 % consider insider threat security issues as part of the protocol review for the use of general radioactive materials. The results of this survey identify several opportunities for improvement for institutions to address security gaps.

  5. Apparatus and method supporting wireless access to multiple security layers in an industrial control and automation system or other system

    DOEpatents

    Chen, Yu-Gene T.

    2013-04-16

    A method includes receiving a message at a first wireless node. The first wireless node is associated with a first wired network, and the first wired network is associated with a first security layer. The method also includes transmitting the message over the first wired network when at least one destination of the message is located in the first security layer. The method further includes wirelessly transmitting the message for delivery to a second wireless node when at least one destination of the message is located in a second security layer. The second wireless node is associated with a second wired network, and the second wired network is associated with the second security layer. The first and second security layers may be associated with different security paradigms and/or different security domains. Also, the message could be associated with destinations in the first and second security layers.

  6. Control and Non-Payload Communications (CNPC) Prototype Radio - Generation 2 Security Architecture Lab Test Report

    NASA Technical Reports Server (NTRS)

    Iannicca, Dennis C.; McKim, James H.; Stewart, David H.; Thadhani, Suresh K.; Young, Daniel P.

    2015-01-01

    NASA Glenn Research Center, in cooperation with Rockwell Collins, is working to develop a prototype Control and Non-Payload Communications (CNPC) radio platform as part of NASA Integrated Systems Research Program's (ISRP) Unmanned Aircraft Systems (UAS) Integration in the National Airspace System (NAS) project. A primary focus of the project is to work with the FAA and industry standards bodies to build and demonstrate a safe, secure, and efficient CNPC architecture that can be used by industry to evaluate the feasibility of deploying a system using these technologies in an operational capacity. GRC has been working in conjunction with these groups to assess threats, identify security requirements, and to develop a system of standards-based security controls that can be applied to the current GRC prototype CNPC architecture as a demonstration platform. The security controls were integrated into a lab test bed mock-up of the Mobile IPv6 architecture currently being used for NASA flight testing, and a series of network tests were conducted to evaluate the security overhead of the controls compared to the baseline CNPC link without any security. The aim of testing was to evaluate the performance impact of the additional security control overhead when added to the Mobile IPv6 architecture in various modes of operation. The statistics collected included packet captures at points along the path to gauge packet size as the sample data traversed the CNPC network, round trip latency, jitter, and throughput. The effort involved a series of tests of the baseline link, a link with Robust Header Compression (ROHC) and without security controls, a link with security controls and without ROHC, and finally a link with both ROHC and security controls enabled. The effort demonstrated that ROHC is both desirable and necessary to offset the additional expected overhead of applying security controls to the CNPC link.

  7. How Drug Control Policy and Practice Undermine Access to Controlled Medicines

    PubMed Central

    Csete, Joanne; Wilson, Duncan; Fox, Edward; Wolfe, Daniel; Rasanathan, Jennifer J. K.

    2017-01-01

    Abstract Drug conventions serve as the cornerstone for domestic drug laws and impose a dual obligation upon states to prevent the misuse of controlled substances while ensuring their adequate availability for medical and scientific purposes. Despite the mandate that these obligations be enforced equally, the dominant paradigm enshrined in the drug conventions is an enforcement-heavy criminal justice response to controlled substances that prohibits and penalizes their misuse. Prioritizing restrictive control is to the detriment of ensuring adequate availability of and access to controlled medicines, thereby violating the rights of people who need them. This paper argues that the drug conventions’ prioritization of criminal justice measures—including efforts to prevent non-medical use of controlled substances—undermines access to medicines and infringes upon the right to health and the right to enjoy the benefits of scientific progress. While the effects of criminalization under drug policy limit the right to health in multiple ways, we draw on research and documented examples to highlight the impact of drug control and criminalization on access to medicines. The prioritization and protection of human rights—specifically the right to health and the right to enjoy the benefits of scientific progress—are critical to rebalancing drug policy. PMID:28630556

  8. How Drug Control Policy and Practice Undermine Access to Controlled Medicines.

    PubMed

    Burke-Shyne, Naomi; Csete, Joanne; Wilson, Duncan; Fox, Edward; Wolfe, Daniel; Rasanathan, Jennifer J K

    2017-06-01

    Drug conventions serve as the cornerstone for domestic drug laws and impose a dual obligation upon states to prevent the misuse of controlled substances while ensuring their adequate availability for medical and scientific purposes. Despite the mandate that these obligations be enforced equally, the dominant paradigm enshrined in the drug conventions is an enforcement-heavy criminal justice response to controlled substances that prohibits and penalizes their misuse. Prioritizing restrictive control is to the detriment of ensuring adequate availability of and access to controlled medicines, thereby violating the rights of people who need them. This paper argues that the drug conventions' prioritization of criminal justice measures-including efforts to prevent non-medical use of controlled substances-undermines access to medicines and infringes upon the right to health and the right to enjoy the benefits of scientific progress. While the effects of criminalization under drug policy limit the right to health in multiple ways, we draw on research and documented examples to highlight the impact of drug control and criminalization on access to medicines. The prioritization and protection of human rights-specifically the right to health and the right to enjoy the benefits of scientific progress-are critical to rebalancing drug policy.

  9. Spatiotemporal Access Model Based on Reputation for the Sensing Layer of the IoT

    PubMed Central

    Guo, Yunchuan; Yin, Lihua; Li, Chao

    2014-01-01

    Access control is a key technology in providing security in the Internet of Things (IoT). The mainstream security approach proposed for the sensing layer of the IoT concentrates only on authentication while ignoring the more general models. Unreliable communications and resource constraints make the traditional access control techniques barely meet the requirements of the sensing layer of the IoT. In this paper, we propose a model that combines space and time with reputation to control access to the information within the sensing layer of the IoT. This model is called spatiotemporal access control based on reputation (STRAC). STRAC uses a lattice-based approach to decrease the size of policy bases. To solve the problem caused by unreliable communications, we propose both nondeterministic authorizations and stochastic authorizations. To more precisely manage the reputation of nodes, we propose two new mechanisms to update the reputation of nodes. These new approaches are the authority-based update mechanism (AUM) and the election-based update mechanism (EUM). We show how the model checker UPPAAL can be used to analyze the spatiotemporal access control model of an application. Finally, we also implement a prototype system to demonstrate the efficiency of our model. PMID:25177731

  10. Spatiotemporal access model based on reputation for the sensing layer of the IoT.

    PubMed

    Guo, Yunchuan; Yin, Lihua; Li, Chao; Qian, Junyan

    2014-01-01

    Access control is a key technology in providing security in the Internet of Things (IoT). The mainstream security approach proposed for the sensing layer of the IoT concentrates only on authentication while ignoring the more general models. Unreliable communications and resource constraints make the traditional access control techniques barely meet the requirements of the sensing layer of the IoT. In this paper, we propose a model that combines space and time with reputation to control access to the information within the sensing layer of the IoT. This model is called spatiotemporal access control based on reputation (STRAC). STRAC uses a lattice-based approach to decrease the size of policy bases. To solve the problem caused by unreliable communications, we propose both nondeterministic authorizations and stochastic authorizations. To more precisely manage the reputation of nodes, we propose two new mechanisms to update the reputation of nodes. These new approaches are the authority-based update mechanism (AUM) and the election-based update mechanism (EUM). We show how the model checker UPPAAL can be used to analyze the spatiotemporal access control model of an application. Finally, we also implement a prototype system to demonstrate the efficiency of our model.

  11. A systematic literature review on security and privacy of electronic health record systems: technical perspectives.

    PubMed

    Rezaeibagha, Fatemeh; Win, Khin Than; Susilo, Willy

    Even though many safeguards and policies for electronic health record (EHR) security have been implemented, barriers to the privacy and security protection of EHR systems persist. This article presents the results of a systematic literature review regarding frequently adopted security and privacy technical features of EHR systems. Our inclusion criteria were full articles that dealt with the security and privacy of technical implementations of EHR systems published in English in peer-reviewed journals and conference proceedings between 1998 and 2013; 55 selected studies were reviewed in detail. We analysed the review results using two International Organization for Standardization (ISO) standards (29100 and 27002) in order to consolidate the study findings. Using this process, we identified 13 features that are essential to security and privacy in EHRs. These included system and application access control, compliance with security requirements, interoperability, integration and sharing, consent and choice mechanism, policies and regulation, applicability and scalability and cryptography techniques. This review highlights the importance of technical features, including mandated access control policies and consent mechanisms, to provide patients' consent, scalability through proper architecture and frameworks, and interoperability of health information systems, to EHR security and privacy requirements.

  12. Programmable Direct-Memory-Access Controller

    NASA Technical Reports Server (NTRS)

    Hendry, David F.

    1990-01-01

    Proposed programmable direct-memory-access controller (DMAC) operates with computer systems of 32000 series, which have 32-bit data buses and use addresses of 24 (or potentially 32) bits. Controller functions with or without help of central processing unit (CPU) and starts itself. Includes such advanced features as ability to compare two blocks of memory for equality and to search block of memory for specific value. Made as single very-large-scale integrated-circuit chip.

  13. Controlled quantum secure direct communication by entanglement distillation or generalized measurement

    NASA Astrophysics Data System (ADS)

    Tan, Xiaoqing; Zhang, Xiaoqian

    2016-05-01

    We propose two controlled quantum secure communication schemes by entanglement distillation or generalized measurement. The sender Alice, the receiver Bob and the controllers David and Cliff take part in the whole schemes. The supervisors David and Cliff can control the information transmitted from Alice to Bob by adjusting the local measurement angles θ _4 and θ _3. Bob can verify his secret information by classical one-way function after communication. The average amount of information is analyzed and compared for these two methods by MATLAB. The generalized measurement is a better scheme. Our schemes are secure against some well-known attacks because classical encryption and decoy states are used to ensure the security of the classical channel and the quantum channel.

  14. Security in the CernVM File System and the Frontier Distributed Database Caching System

    NASA Astrophysics Data System (ADS)

    Dykstra, D.; Blomer, J.

    2014-06-01

    Both the CernVM File System (CVMFS) and the Frontier Distributed Database Caching System (Frontier) distribute centrally updated data worldwide for LHC experiments using http proxy caches. Neither system provides privacy or access control on reading the data, but both control access to updates of the data and can guarantee the authenticity and integrity of the data transferred to clients over the internet. CVMFS has since its early days required digital signatures and secure hashes on all distributed data, and recently Frontier has added X.509-based authenticity and integrity checking. In this paper we detail and compare the security models of CVMFS and Frontier.

  15. 17 CFR 242.610 - Access to quotations.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Access to quotations. 242.610...-Regulation of the National Market System § 242.610 Access to quotations. (a) Quotations of SRO trading... national securities exchange or national securities association to the quotations in an NMS stock displayed...

  16. 32 CFR 1909.18 - Termination of access.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... Requests for Historical Access § 1909.18 Termination of access. The Coordinator shall cancel any authorization whenever the Director of Personnel Security cancels the security clearance of a requester (or...

  17. Main control computer security model of closed network systems protection against cyber attacks

    NASA Astrophysics Data System (ADS)

    Seymen, Bilal

    2014-06-01

    The model that brings the data input/output under control in closed network systems, that maintains the system securely, and that controls the flow of information through the Main Control Computer which also brings the network traffic under control against cyber-attacks. The network, which can be controlled single-handedly thanks to the system designed to enable the network users to make data entry into the system or to extract data from the system securely, intends to minimize the security gaps. Moreover, data input/output record can be kept by means of the user account assigned for each user, and it is also possible to carry out retroactive tracking, if requested. Because the measures that need to be taken for each computer on the network regarding cyber security, do require high cost; it has been intended to provide a cost-effective working environment with this model, only if the Main Control Computer has the updated hardware.

  18. Derived virtual devices: a secure distributed file system mechanism

    NASA Technical Reports Server (NTRS)

    VanMeter, Rodney; Hotz, Steve; Finn, Gregory

    1996-01-01

    This paper presents the design of derived virtual devices (DVDs). DVDs are the mechanism used by the Netstation Project to provide secure shared access to network-attached peripherals distributed in an untrusted network environment. DVDs improve Input/Output efficiency by allowing user processes to perform I/O operations directly from devices without intermediate transfer through the controlling operating system kernel. The security enforced at the device through the DVD mechanism includes resource boundary checking, user authentication, and restricted operations, e.g., read-only access. To illustrate the application of DVDs, we present the interactions between a network-attached disk and a file system designed to exploit the DVD abstraction. We further discuss third-party transfer as a mechanism intended to provide for efficient data transfer in a typical NAP environment. We show how DVDs facilitate third-party transfer, and provide the security required in a more open network environment.

  19. Security and privacy in electronic health records: a systematic literature review.

    PubMed

    Fernández-Alemán, José Luis; Señor, Inmaculada Carrión; Lozoya, Pedro Ángel Oliver; Toval, Ambrosio

    2013-06-01

    To report the results of a systematic literature review concerning the security and privacy of electronic health record (EHR) systems. Original articles written in English found in MEDLINE, ACM Digital Library, Wiley InterScience, IEEE Digital Library, Science@Direct, MetaPress, ERIC, CINAHL and Trip Database. Only those articles dealing with the security and privacy of EHR systems. The extraction of 775 articles using a predefined search string, the outcome of which was reviewed by three authors and checked by a fourth. A total of 49 articles were selected, of which 26 used standards or regulations related to the privacy and security of EHR data. The most widely used regulations are the Health Insurance Portability and Accountability Act (HIPAA) and the European Data Protection Directive 95/46/EC. We found 23 articles that used symmetric key and/or asymmetric key schemes and 13 articles that employed the pseudo anonymity technique in EHR systems. A total of 11 articles propose the use of a digital signature scheme based on PKI (Public Key Infrastructure) and 13 articles propose a login/password (seven of them combined with a digital certificate or PIN) for authentication. The preferred access control model appears to be Role-Based Access Control (RBAC), since it is used in 27 studies. Ten of these studies discuss who should define the EHR systems' roles. Eleven studies discuss who should provide access to EHR data: patients or health entities. Sixteen of the articles reviewed indicate that it is necessary to override defined access policies in the case of an emergency. In 25 articles an audit-log of the system is produced. Only four studies mention that system users and/or health staff should be trained in security and privacy. Recent years have witnessed the design of standards and the promulgation of directives concerning security and privacy in EHR systems. However, more work should be done to adopt these regulations and to deploy secure EHR systems. Copyright

  20. India’s Emerging Security Strategy, Missile Defense, and Arms Control

    DTIC Science & Technology

    2004-06-01

    and contemplate a security strategy. Starting in July 1998, a series of negotiations between Foreign Minister Jaswant Singh and US envoy Strobe...arms control.46 The Singh -Talbott discussions eventually led to the reaffirmation of civilian command-and-control and a doctrine of “minimum...Council (NSC), including Prime Minister Vajpayee, Minister of Foreign Affairs Singh , and Minister of Defense Fernandes, and appointed a National Security

  1. 10 CFR 95.51 - Retrieval of classified matter following suspension or revocation of access authorization.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ...) FACILITY SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.51 Retrieval of classified matter following suspension or revocation of access... 10 Energy 2 2014-01-01 2014-01-01 false Retrieval of classified matter following suspension or...

  2. 10 CFR 95.51 - Retrieval of classified matter following suspension or revocation of access authorization.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ...) FACILITY SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.51 Retrieval of classified matter following suspension or revocation of access... 10 Energy 2 2010-01-01 2010-01-01 false Retrieval of classified matter following suspension or...

  3. 10 CFR 95.51 - Retrieval of classified matter following suspension or revocation of access authorization.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ...) FACILITY SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.51 Retrieval of classified matter following suspension or revocation of access... 10 Energy 2 2013-01-01 2013-01-01 false Retrieval of classified matter following suspension or...

  4. 10 CFR 95.51 - Retrieval of classified matter following suspension or revocation of access authorization.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ...) FACILITY SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.51 Retrieval of classified matter following suspension or revocation of access... 10 Energy 2 2011-01-01 2011-01-01 false Retrieval of classified matter following suspension or...

  5. 10 CFR 95.51 - Retrieval of classified matter following suspension or revocation of access authorization.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ...) FACILITY SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.51 Retrieval of classified matter following suspension or revocation of access... 10 Energy 2 2012-01-01 2012-01-01 false Retrieval of classified matter following suspension or...

  6. Sharing Data and Analytical Resources Securely in a Biomedical Research Grid Environment

    PubMed Central

    Langella, Stephen; Hastings, Shannon; Oster, Scott; Pan, Tony; Sharma, Ashish; Permar, Justin; Ervin, David; Cambazoglu, B. Barla; Kurc, Tahsin; Saltz, Joel

    2008-01-01

    Objectives To develop a security infrastructure to support controlled and secure access to data and analytical resources in a biomedical research Grid environment, while facilitating resource sharing among collaborators. Design A Grid security infrastructure, called Grid Authentication and Authorization with Reliably Distributed Services (GAARDS), is developed as a key architecture component of the NCI-funded cancer Biomedical Informatics Grid (caBIG™). The GAARDS is designed to support in a distributed environment 1) efficient provisioning and federation of user identities and credentials; 2) group-based access control support with which resource providers can enforce policies based on community accepted groups and local groups; and 3) management of a trust fabric so that policies can be enforced based on required levels of assurance. Measurements GAARDS is implemented as a suite of Grid services and administrative tools. It provides three core services: Dorian for management and federation of user identities, Grid Trust Service for maintaining and provisioning a federated trust fabric within the Grid environment, and Grid Grouper for enforcing authorization policies based on both local and Grid-level groups. Results The GAARDS infrastructure is available as a stand-alone system and as a component of the caGrid infrastructure. More information about GAARDS can be accessed at http://www.cagrid.org. Conclusions GAARDS provides a comprehensive system to address the security challenges associated with environments in which resources may be located at different sites, requests to access the resources may cross institutional boundaries, and user credentials are created, managed, revoked dynamically in a de-centralized manner. PMID:18308979

  7. Navy Commercial Access Control System Did Not Effectively Mitigate Access Control Risks

    DTIC Science & Technology

    2013-09-16

    fOR OFFICL’tb HSE OtuN Contents Introduction Objective 1 Background 1 Review of Internal Controls 4 Finding A. NCACS Did Not Effectively...8fHh’ DODIC.-20 13·134 I v FOR OFFICL’tb HSE ONI-X Introduction Objective The objective of the audit was to determine whether the Navy... HSE ONb\\’ authorized a Common Access Card. In order to avoid the appearance of endorsing Rapidgate, Eid Passport’s trademarked product, in May 2011

  8. School Security.

    ERIC Educational Resources Information Center

    Bete, Tim, Ed.

    1998-01-01

    Presents the opinions of four security experts on the issue of guns in schools. The experts respond to the following questions: will schools ever be free of weapons; will card access systems become common in public schools; will metal detectors solve school security problems; and will students ever be issued bullet-proof vests along with…

  9. Security breaches: tips for assessing and limiting your risks.

    PubMed

    Coons, Leeanne R

    2011-01-01

    As part of their compliance planning, medical practices should undergo a risk assessment to determine any vulnerability within the practice relative to security breaches. Practices should also implement safeguards to limit their risks. Such safeguards include facility access controls, information and electronic media management, use of business associate agreements, and education and enforcement. Implementation of specific policies and procedures to address security incidents is another critical step that medical practices should take as part of their security incident prevention plan. Medical practices should not only develop policies and procedures to prevent, detect, contain, and correct security violations, but should make sure that such policies and procedures are actually implemented in their everyday operations.

  10. eHealth in Belgium, a new "secure" federal network: role of patients, health professions and social security services.

    PubMed

    France, Francis Roger

    2011-02-01

    eHealth platform is the official federal network in Belgium (created by law on 21 August 2008) devoted to a secure exchange of health data in many types of applications, such as health care purposes, simplification of administrative procedures and contribution to health policy. It implies a controlled access to decentralized databases and uses encrypted personal data. The national identification number has been chosen in order to authenticate the requester, the patient, and the receiver of information exchange. Authorizations have to be respected in order to obtain personal health data. Several questions are raised about its security: the lack of mandatory request for systematic journaling on accesses to the electronic patient record as well as the absence of explicit procedures for sanctions in case of unauthorized access, the new role of social security administration in managing security where a eHealth manager can be both judge and party (in the function of trusted third party for health data encryption and of a required lawyer for texts proposed by physicians to the Commission for the protection of private life). Another critic concerns the number of physicians in minority and the absence of patients' delegates in the eHealth Board. At a time when the patient is becoming a partner in the care team, should not he be the gate-keeper for the access to his own health record? How could networks help him to get the appropriate knowledge to contribute to care and to write his testament of life? Recent laws (on private life, patient rights and euthanasia) have contributed to a behavioural change in citizens and physician attitudes. Recommendations are made in order to improve the acceptability of eHealth platform. Copyright © 2010 Elsevier Ireland Ltd. All rights reserved.

  11. Experience with ActiveX control for simple channel access

    DOE Office of Scientific and Technical Information (OSTI.GOV)

    Timossi, C.; Nishimura, H.; McDonald, J.

    2003-05-15

    Accelerator control system applications at Berkeley Lab's Advanced Light Source (ALS) are typically deployed on operator consoles running Microsoft Windows 2000 and utilize EPICS[2]channel access for data access. In an effort to accommodate the wide variety of Windows based development tools and developers with little experience in network programming, ActiveX controls have been deployed on the operator stations. Use of ActiveX controls for use in the accelerator control environment has been presented previously[1]. Here we report on some of our experiences with the use and development of these controls.

  12. Framework for Managing Metadata Security Tags as the Basis for Making Security Decisions.

    DTIC Science & Technology

    2002-12-01

    and Performance,” D.H. Associates, Inc., Sep 2001. [3] Deitel , H. M., and Deitel , P. J., Java How to Program , 3rd Edition, Prentice Hall Inc...1999. [4] Deitel , H. M., Deitel , P. J., and Nieto, T. R., Internet and The World Wide Web: How to Program , 2nd Edition, 2002. [5] Grohn, M. J., A...words) This thesis presents an analysis of a capability to employ CAPCO (Controlled Access Program Coordination Office) compliant Metadata security

  13. Security culture for nuclear facilities

    NASA Astrophysics Data System (ADS)

    Gupta, Deeksha; Bajramovic, Edita

    2017-01-01

    Natural radioactive elements are part of our environment and radioactivity is a natural phenomenon. There are numerous beneficial applications of radioactive elements (radioisotopes) and radiation, starting from power generation to usages in medical, industrial and agriculture applications. But the risk of radiation exposure is always attached to operational workers, the public and the environment. Hence, this risk has to be assessed and controlled. The main goal of safety and security measures is to protect human life, health, and the environment. Currently, nuclear security considerations became essential along with nuclear safety as nuclear facilities are facing rapidly increase in cybersecurity risks. Therefore, prevention and adequate protection of nuclear facilities from cyberattacks is the major task. Historically, nuclear safety is well defined by IAEA guidelines while nuclear security is just gradually being addressed by some new guidance, especially the IAEA Nuclear Security Series (NSS), IEC 62645 and some national regulations. At the overall level, IAEA NSS 7 describes nuclear security as deterrence and detection of, and response to, theft, sabotage, unauthorized access, illegal transfer or other malicious acts involving nuclear, other radioactive substances and their associated facilities. Nuclear security should be included throughout nuclear facilities. Proper implementation of a nuclear security culture leads to staff vigilance and a high level of security posture. Nuclear security also depends on policy makers, regulators, managers, individual employees and members of public. Therefore, proper education and security awareness are essential in keeping nuclear facilities safe and secure.

  14. A Security Architecture for Grid-enabling OGC Web Services

    NASA Astrophysics Data System (ADS)

    Angelini, Valerio; Petronzio, Luca

    2010-05-01

    In the proposed presentation we describe an architectural solution for enabling a secure access to Grids and possibly other large scale on-demand processing infrastructures through OGC (Open Geospatial Consortium) Web Services (OWS). This work has been carried out in the context of the security thread of the G-OWS Working Group. G-OWS (gLite enablement of OGC Web Services) is an international open initiative started in 2008 by the European CYCLOPS , GENESI-DR, and DORII Project Consortia in order to collect/coordinate experiences in the enablement of OWS's on top of the gLite Grid middleware. G-OWS investigates the problem of the development of Spatial Data and Information Infrastructures (SDI and SII) based on the Grid/Cloud capacity in order to enable Earth Science applications and tools. Concerning security issues, the integration of OWS compliant infrastructures and gLite Grids needs to address relevant challenges, due to their respective design principles. In fact OWS's are part of a Web based architecture that demands security aspects to other specifications, whereas the gLite middleware implements the Grid paradigm with a strong security model (the gLite Grid Security Infrastructure: GSI). In our work we propose a Security Architectural Framework allowing the seamless use of Grid-enabled OGC Web Services through the federation of existing security systems (mostly web based) with the gLite GSI. This is made possible mediating between different security realms, whose mutual trust is established in advance during the deployment of the system itself. Our architecture is composed of three different security tiers: the user's security system, a specific G-OWS security system, and the gLite Grid Security Infrastructure. Applying the separation-of-concerns principle, each of these tiers is responsible for controlling the access to a well-defined resource set, respectively: the user's organization resources, the geospatial resources and services, and the Grid

  15. Speed control system for an access gate

    DOE Office of Scientific and Technical Information (OSTI.GOV)

    Bzorgi, Fariborz M

    2012-03-20

    An access control apparatus for an access gate. The access gate typically has a rotator that is configured to rotate around a rotator axis at a first variable speed in a forward direction. The access control apparatus may include a transmission that typically has an input element that is operatively connected to the rotator. The input element is generally configured to rotate at an input speed that is proportional to the first variable speed. The transmission typically also has an output element that has an output speed that is higher than the input speed. The input element and the outputmore » element may rotate around a common transmission axis. A retardation mechanism may be employed. The retardation mechanism is typically configured to rotate around a retardation mechanism axis. Generally the retardation mechanism is operatively connected to the output element of the transmission and is configured to retard motion of the access gate in the forward direction when the first variable speed is above a control-limit speed. In many embodiments the transmission axis and the retardation mechanism axis are substantially co-axial. Some embodiments include a freewheel/catch mechanism that has an input connection that is operatively connected to the rotator. The input connection may be configured to engage an output connection when the rotator is rotated at the first variable speed in a forward direction and configured for substantially unrestricted rotation when the rotator is rotated in a reverse direction opposite the forward direction. The input element of the transmission is typically operatively connected to the output connection of the freewheel/catch mechanism.« less

  16. Accessibility, stabilizability, and feedback control of continuous orbital transfer.

    PubMed

    Gurfil, Pini

    2004-05-01

    This paper investigates the problem of low-thrust orbital transfer using orbital element feedback from a control-theoretic standpoint, concepts of controllability, feedback stabilizability, and their interaction. The Gauss variational equations (GVEs) are used to model the state-space dynamics. First, the notion of accessibility, a weaker form of controllability, is presented. It is then shown that the GVEs are globally accessible. Based on the accessibility result, a nonlinear feedback controller is derived that asymptotically steers a vehicle from an initial elliptic Keplerian orbit to any given elliptic Keplerian orbit. The performance of the new controller is illustrated by simulating an orbital transfer between two geosynchronous Earth orbits. It is shown that the low-thrust controller requires less fuel than an impulsive maneuver for the same transfer time. Closed-form, analytic expressions for the new orbital transfer controller are given. Finally, it is proved, based on a topological nonlinear stabilizability test, that there does not exist a continuous closed-loop controller that can transfer a spacecraft to a parabolic escape trajectory.

  17. Computer-Access-Code Matrices

    NASA Technical Reports Server (NTRS)

    Collins, Earl R., Jr.

    1990-01-01

    Authorized users respond to changing challenges with changing passwords. Scheme for controlling access to computers defeats eavesdroppers and "hackers". Based on password system of challenge and password or sign, challenge, and countersign correlated with random alphanumeric codes in matrices of two or more dimensions. Codes stored on floppy disk or plug-in card and changed frequently. For even higher security, matrices of four or more dimensions used, just as cubes compounded into hypercubes in concurrent processing.

  18. Electronic security device

    DOEpatents

    Eschbach, E.A.; LeBlanc, E.J.; Griffin, J.W.

    1992-03-17

    The present invention relates to a security device having a control box containing an electronic system and a communications loop over which the system transmits a signal. The device is constructed so that the communications loop can extend from the control box across the boundary of a portal such as a door into a sealed enclosure into which access is restricted whereby the loop must be damaged or moved in order for an entry to be made into the enclosure. The device is adapted for detecting unauthorized entries into such enclosures such as rooms or containers and for recording the time at which such entries occur for later reference. Additionally, the device detects attempts to tamper or interfere with the operation of the device itself and records the time at which such events take place. In the preferred embodiment, the security device includes a microprocessor-based electronic system and a detection module capable of registering changes in the voltage and phase of the signal transmitted over the loop. 11 figs.

  19. Electronic security device

    DOEpatents

    Eschbach, Eugene A.; LeBlanc, Edward J.; Griffin, Jeffrey W.

    1992-01-01

    The present invention relates to a security device having a control box (12) containing an electronic system (50) and a communications loop (14) over which the system transmits a signal. The device is constructed so that the communications loop can extend from the control box across the boundary of a portal such as a door into a sealed enclosure into which access is restricted whereby the loop must be damaged or moved in order for an entry to be made into the enclosure. The device is adapted for detecting unauthorized entries into such enclosures such as rooms or containers and for recording the time at which such entries occur for later reference. Additionally, the device detects attempts to tamper or interfere with the operation of the device itself and records the time at which such events take place. In the preferred embodiment, the security device includes a microprocessor-based electronic system (50) and a detection module (72) capable of registering changes in the voltage and phase of the signal transmitted over the loop.

  20. IT Security Support for the Spaceport Command Control Systems Development Ground Support Development Operations

    NASA Technical Reports Server (NTRS)

    Branch, Drew A.

    2014-01-01

    Security is one of the most if not the most important areas today. After the several attacks on the United States, security everywhere has heightened from airports to the communication among the military branches legionnaires. With advanced persistent threats (APT's) on the rise following Stuxnet, government branches and agencies are required, more than ever, to follow several standards, policies and procedures to reduce the likelihood of a breach. Attack vectors today are very advanced and are going to continue to get more and more advanced as security controls advance. This creates a need for networks and systems to be in an updated and secured state in a launch control system environment. FISMA is a law that is mandated by the government to follow when government agencies secure networks and devices. My role on this project is to ensure network devices and systems are in compliance with NIST, as outlined in FISMA. I will achieve this by providing assistance with security plan documentation and collection, system hardware and software inventory, malicious code and malware scanning, and configuration of network devices i.e. routers and IDS's/IPS's. In addition, I will be completing security assessments on software and hardware, vulnerability assessments and reporting, and conducting patch management and risk assessments. A guideline that will help with compliance with NIST is the SANS Top 20 Critical Controls. SANS Top 20 Critical Controls as well as numerous security tools, security software and the conduction of research will be used to successfully complete the tasks given to me. This will ensure compliance with FISMA and NIST, secure systems and a secured network. By the end of this project, I hope to have carried out the tasks stated above as well as gain an immense knowledge about compliance, security tools, networks and network devices, as well as policies and procedures.

  1. IT Security Support for the Spaceport Command Control Systems Development Ground Support Development Operations

    NASA Technical Reports Server (NTRS)

    Branch, Drew

    2013-01-01

    Security is one of the most if not the most important areas today. After the several attacks on the United States, security everywhere was heightened from Airports to the communication among the military branches legionnaires. With advanced persistent threats (APTs) on the rise following Stuxnet, government branches and agencies are required, more than ever, to follow several standards, policies and procedures to reduce the likelihood of a breach. Attack vectors today are very advanced and are going to continue to get more and more advanced as security controls advance. This creates a need for networks and systems to be in an updated and secured state in a launch control system environment. FISMA is a law that is mandated by the government to follow when government agencies secure networks and devices. My role on this project is to ensure network devices and systems are in compliance with NIST, as outlined in FISMA. I will achieve this by providing assistance with security plan documentation and collection, system hardware and software inventory, malicious code and malware scanning and configuration of network devices i.e. routers and IDSsIPSs. In addition I will be completing security assessments on software and hardware, vulnerability assessments and reporting, conducting patch management and risk assessments. A guideline that will help with compliance with NIST is the SANS Top 20 Critical Controls. SANS Top 20 Critical Controls as well as numerous security tools, security software and the conduction of research will be used to successfully complete the tasks given to me. This will ensure compliance with FISMA and NIST, secure systems and a secured network. By the end of this project, I hope to have carried out stated above as well as gain an immense knowledge about compliance, security tools, networks and network devices, policies and procedures.

  2. Inhibitory Control Mediates the Association between Perceived Stress and Secure Relationship Quality.

    PubMed

    Herd, Toria; Li, Mengjiao; Maciejewski, Dominique; Lee, Jacob; Deater-Deckard, Kirby; King-Casas, Brooks; Kim-Spoon, Jungmeen

    2018-01-01

    Past research has demonstrated negative associations between exposure to stressors and quality of interpersonal relationships among children and adolescents. Nevertheless, underlying mechanisms of this association remain unclear. Chronic stress has been shown to disrupt prefrontal functioning in the brain, including inhibitory control abilities, and evidence is accumulating that inhibitory control may play an important role in secure interpersonal relationship quality, including peer problems and social competence. In this prospective longitudinal study, we examine whether changes in inhibitory control, measured at both behavioral and neural levels, mediate the association between stress and changes in secure relationship quality with parents and peers. The sample included 167 adolescents (53% males) who were first recruited at age 13 or 14 years and assessed annually three times. Adolescents' inhibitory control was measured by their behavioral performance and brain activities, and adolescents self-reported perceived stress levels and relationship quality with mothers, fathers, and peers. Results suggest that behavioral inhibitory control mediates the association between perceived stress and adolescent's secure relationship quality with their mothers and fathers, but not their peers. In contrast, given that stress was not significantly correlated with neural inhibitory control, we did not further test the mediation path. Our results highlight the role of inhibitory control as a process through which stressful life experiences are related to impaired secure relationship quality between adolescents and their mothers and fathers.

  3. Inhibitory Control Mediates the Association between Perceived Stress and Secure Relationship Quality

    PubMed Central

    Herd, Toria; Li, Mengjiao; Maciejewski, Dominique; Lee, Jacob; Deater-Deckard, Kirby; King-Casas, Brooks; Kim-Spoon, Jungmeen

    2018-01-01

    Past research has demonstrated negative associations between exposure to stressors and quality of interpersonal relationships among children and adolescents. Nevertheless, underlying mechanisms of this association remain unclear. Chronic stress has been shown to disrupt prefrontal functioning in the brain, including inhibitory control abilities, and evidence is accumulating that inhibitory control may play an important role in secure interpersonal relationship quality, including peer problems and social competence. In this prospective longitudinal study, we examine whether changes in inhibitory control, measured at both behavioral and neural levels, mediate the association between stress and changes in secure relationship quality with parents and peers. The sample included 167 adolescents (53% males) who were first recruited at age 13 or 14 years and assessed annually three times. Adolescents’ inhibitory control was measured by their behavioral performance and brain activities, and adolescents self-reported perceived stress levels and relationship quality with mothers, fathers, and peers. Results suggest that behavioral inhibitory control mediates the association between perceived stress and adolescent’s secure relationship quality with their mothers and fathers, but not their peers. In contrast, given that stress was not significantly correlated with neural inhibitory control, we did not further test the mediation path. Our results highlight the role of inhibitory control as a process through which stressful life experiences are related to impaired secure relationship quality between adolescents and their mothers and fathers. PMID:29535664

  4. Open versus Controlled-Access Data | Office of Cancer Genomics

    Cancer.gov

    OCG employs stringent human subjects’ protection and data access policies to protect the privacy and confidentiality of the research participants. Depending on the risk of patient identification, OCG programs data are available to the scientific community in two tiers: open or controlled access. Both types of data can be accessed through its corresponding OCG program-specific data matrix or portal. Open-access Data

  5. The Ins and Outs of Access Control.

    ERIC Educational Resources Information Center

    Longworth, David

    1999-01-01

    Presents basic considerations when school districts plan to acquire an access-control system for their education facilities. Topics cover cards and readers, controllers, software, automation, card technology, expandability, price, specification of needs beyond the canned specifications already supplied, and proper usage training to cardholders.…

  6. 6. LAUNCH CONTROL SUPPORT BUILDING. INTERIOR OF SECURITY OFFICE. VIEW ...

    Library of Congress Historic Buildings Survey, Historic Engineering Record, Historic Landscapes Survey

    6. LAUNCH CONTROL SUPPORT BUILDING. INTERIOR OF SECURITY OFFICE. VIEW TO WEST. - Minuteman III ICBM Launch Control Facility November-1, 1.5 miles North of New Raymer & State Highway 14, New Raymer, Weld County, CO

  7. 7. LAUNCH CONTROL SUPPORT BUILDING. INTERIOR OF SECURITY OFFICE. VIEW ...

    Library of Congress Historic Buildings Survey, Historic Engineering Record, Historic Landscapes Survey

    7. LAUNCH CONTROL SUPPORT BUILDING. INTERIOR OF SECURITY OFFICE. VIEW TO NORTH. - Minuteman III ICBM Launch Control Facility November-1, 1.5 miles North of New Raymer & State Highway 14, New Raymer, Weld County, CO

  8. 10 CFR 76.111 - Physical security, material control and accounting, and protection of certain information.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 10 Energy 2 2012-01-01 2012-01-01 false Physical security, material control and accounting, and protection of certain information. 76.111 Section 76.111 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.111 Physical security, material control...

  9. 10 CFR 76.111 - Physical security, material control and accounting, and protection of certain information.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 10 Energy 2 2011-01-01 2011-01-01 false Physical security, material control and accounting, and protection of certain information. 76.111 Section 76.111 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.111 Physical security, material control...

  10. 10 CFR 76.111 - Physical security, material control and accounting, and protection of certain information.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 10 Energy 2 2014-01-01 2014-01-01 false Physical security, material control and accounting, and protection of certain information. 76.111 Section 76.111 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.111 Physical security, material control...

  11. 10 CFR 76.111 - Physical security, material control and accounting, and protection of certain information.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... 10 Energy 2 2013-01-01 2013-01-01 false Physical security, material control and accounting, and protection of certain information. 76.111 Section 76.111 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.111 Physical security, material control...

  12. Cheating in OSCEs: The Impact of Simulated Security Breaches on OSCE Performance.

    PubMed

    Gotzmann, Andrea; De Champlain, André; Homayra, Fahmida; Fotheringham, Alexa; de Vries, Ingrid; Forgie, Melissa; Pugh, Debra

    2017-01-01

    Construct: Valid score interpretation is important for constructs in performance assessments such as objective structured clinical examinations (OSCEs). An OSCE is a type of performance assessment in which a series of standardized patients interact with the student or candidate who is scored by either the standardized patient or a physician examiner. In high-stakes examinations, test security is an important issue. Students accessing unauthorized test materials can create an unfair advantage and lead to examination scores that do not reflect students' true ability level. The purpose of this study was to assess the impact of various simulated security breaches on OSCE scores. Seventy-six 3rd-year medical students participated in an 8-station OSCE and were randomized to either a control group or to 1 of 2 experimental conditions simulating test security breaches: station topic (i.e., providing a list of station topics prior to the examination) or egregious security breach (i.e., providing detailed content information prior to the examination). Overall total scores were compared for the 3 groups using both a one-way between-subjects analysis of variance and a repeated measure analysis of variance to compare the checklist, rating scales, and oral question subscores across the three conditions. Overall total scores were highest for the egregious security breach condition (81.8%), followed by the station topic condition (73.6%), and they were lowest for the control group (67.4%). This trend was also found with checklist subscores only (79.1%, 64.9%, and 60.3%, respectively for the security breach, station topic, and control conditions). Rating scale subscores were higher for both the station topic and egregious security breach conditions compared to the control group (82.6%, 83.1%, and 77.6%, respectively). Oral question subscores were significantly higher for the egregious security breach condition (88.8%) followed by the station topic condition (64.3%), and they were

  13. Preserving Smart Objects Privacy through Anonymous and Accountable Access Control for a M2M-Enabled Internet of Things

    PubMed Central

    Hernández-Ramos, José L.; Bernabe, Jorge Bernal; Moreno, M. Victoria; Skarmeta, Antonio F.

    2015-01-01

    As we get into the Internet of Things era, security and privacy concerns remain as the main obstacles in the development of innovative and valuable services to be exploited by society. Given the Machine-to-Machine (M2M) nature of these emerging scenarios, the application of current privacy-friendly technologies needs to be reconsidered and adapted to be deployed in such global ecosystem. This work proposes different privacy-preserving mechanisms through the application of anonymous credential systems and certificateless public key cryptography. The resulting alternatives are intended to enable an anonymous and accountable access control approach to be deployed on large-scale scenarios, such as Smart Cities. Furthermore, the proposed mechanisms have been deployed on constrained devices, in order to assess their suitability for a secure and privacy-preserving M2M-enabled Internet of Things. PMID:26140349

  14. Preserving Smart Objects Privacy through Anonymous and Accountable Access Control for a M2M-Enabled Internet of Things.

    PubMed

    Hernández-Ramos, José L; Bernabe, Jorge Bernal; Moreno, M Victoria; Skarmeta, Antonio F

    2015-07-01

    As we get into the Internet of Things era, security and privacy concerns remain as the main obstacles in the development of innovative and valuable services to be exploited by society. Given the Machine-to-Machine (M2M) nature of these emerging scenarios, the application of current privacy-friendly technologies needs to be reconsidered and adapted to be deployed in such global ecosystem. This work proposes different privacy-preserving mechanisms through the application of anonymous credential systems and certificateless public key cryptography. The resulting alternatives are intended to enable an anonymous and accountable access control approach to be deployed on large-scale scenarios, such as Smart Cities. Furthermore, the proposed mechanisms have been deployed on constrained devices, in order to assess their suitability for a secure and privacy-preserving M2M-enabled Internet of Things.

  15. Interacting with a security system: The Argus user interface

    DOE Office of Scientific and Technical Information (OSTI.GOV)

    Behrin, E.; Davis, G.E.

    1993-12-31

    In the mid-1980s the Lawrence Livermore National Laboratory (LLNL) developed the Argus Security System. Key requirements were to eliminate the telephone as a verification device for opening and closing alarm stations and to allow need-to-know access through local enrollment at alarm stations. Resulting from these requirements was an LLNL-designed user interface called the Remote Access Panel (RAP). The Argus RAP interacts with Argus field processors to allow secure station mode changes and local station enrollment, provides user direction and response, and assists station maintenance personnel. It consists of a tamper-detecting housing containing a badge reader, a keypad with sight screen,more » special-purpose push buttons and a liquid-crystal display. This paper discusses Argus system concepts, RAP design, functional characteristics and its physical configurations. The paper also describes the RAP`s use in access-control booths, it`s integration with biometrics and its operation for multi-person-rule stations and compartmented facilities.« less

  16. Access control and privilege management in electronic health record: a systematic literature review.

    PubMed

    Jayabalan, Manoj; O'Daniel, Thomas

    2016-12-01

    This study presents a systematic literature review of access control for electronic health record systems to protect patient's privacy. Articles from 2006 to 2016 were extracted from the ACM Digital Library, IEEE Xplore Digital Library, Science Direct, MEDLINE, and MetaPress using broad eligibility criteria, and chosen for inclusion based on analysis of ISO22600. Cryptographic standards and methods were left outside the scope of this review. Three broad classes of models are being actively investigated and developed: access control for electronic health records, access control for interoperability, and access control for risk analysis. Traditional role-based access control models are extended with spatial, temporal, probabilistic, dynamic, and semantic aspects to capture contextual information and provide granular access control. Maintenance of audit trails and facilities for overriding normal roles to allow full access in emergency cases are common features. Access privilege frameworks utilizing ontology-based knowledge representation for defining the rules have attracted considerable interest, due to the higher level of abstraction that makes it possible to model domain knowledge and validate access requests efficiently.

  17. Game Theory Based Security in Wireless Body Area Network with Stackelberg Security Equilibrium

    PubMed Central

    Somasundaram, M.; Sivakumar, R.

    2015-01-01

    Wireless Body Area Network (WBAN) is effectively used in healthcare to increase the value of the patient's life and also the value of healthcare services. The biosensor based approach in medical care system makes it difficult to respond to the patients with minimal response time. The medical care unit does not deploy the accessing of ubiquitous broadband connections full time and hence the level of security will not be high always. The security issue also arises in monitoring the user body function records. Most of the systems on the Wireless Body Area Network are not effective in facing the security deployment issues. To access the patient's information with higher security on WBAN, Game Theory with Stackelberg Security Equilibrium (GTSSE) is proposed in this paper. GTSSE mechanism takes all the players into account. The patients are monitored by placing the power position authority initially. The position authority in GTSSE is the organizer and all the other players react to the organizer decision. Based on our proposed approach, experiment has been conducted on factors such as security ratio based on patient's health information, system flexibility level, energy consumption rate, and information loss rate. Stackelberg Security considerably improves the strength of solution with higher security. PMID:26759829

  18. Game Theory Based Security in Wireless Body Area Network with Stackelberg Security Equilibrium.

    PubMed

    Somasundaram, M; Sivakumar, R

    2015-01-01

    Wireless Body Area Network (WBAN) is effectively used in healthcare to increase the value of the patient's life and also the value of healthcare services. The biosensor based approach in medical care system makes it difficult to respond to the patients with minimal response time. The medical care unit does not deploy the accessing of ubiquitous broadband connections full time and hence the level of security will not be high always. The security issue also arises in monitoring the user body function records. Most of the systems on the Wireless Body Area Network are not effective in facing the security deployment issues. To access the patient's information with higher security on WBAN, Game Theory with Stackelberg Security Equilibrium (GTSSE) is proposed in this paper. GTSSE mechanism takes all the players into account. The patients are monitored by placing the power position authority initially. The position authority in GTSSE is the organizer and all the other players react to the organizer decision. Based on our proposed approach, experiment has been conducted on factors such as security ratio based on patient's health information, system flexibility level, energy consumption rate, and information loss rate. Stackelberg Security considerably improves the strength of solution with higher security.

  19. Semi-quantum communication: protocols for key agreement, controlled secure direct communication and dialogue

    NASA Astrophysics Data System (ADS)

    Shukla, Chitra; Thapliyal, Kishore; Pathak, Anirban

    2017-12-01

    Semi-quantum protocols that allow some of the users to remain classical are proposed for a large class of problems associated with secure communication and secure multiparty computation. Specifically, first-time semi-quantum protocols are proposed for key agreement, controlled deterministic secure communication and dialogue, and it is shown that the semi-quantum protocols for controlled deterministic secure communication and dialogue can be reduced to semi-quantum protocols for e-commerce and private comparison (socialist millionaire problem), respectively. Complementing with the earlier proposed semi-quantum schemes for key distribution, secret sharing and deterministic secure communication, set of schemes proposed here and subsequent discussions have established that almost every secure communication and computation tasks that can be performed using fully quantum protocols can also be performed in semi-quantum manner. Some of the proposed schemes are completely orthogonal-state-based, and thus, fundamentally different from the existing semi-quantum schemes that are conjugate coding-based. Security, efficiency and applicability of the proposed schemes have been discussed with appropriate importance.

  20. 19 CFR 122.182 - Security provisions.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 19 Customs Duties 1 2014-04-01 2014-04-01 false Security provisions. 122.182 Section 122.182 Customs Duties U.S. CUSTOMS AND BORDER PROTECTION, DEPARTMENT OF HOMELAND SECURITY; DEPARTMENT OF THE TREASURY AIR COMMERCE REGULATIONS Access to Customs Security Areas § 122.182 Security provisions. (a...

  1. 19 CFR 122.182 - Security provisions.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 19 Customs Duties 1 2013-04-01 2013-04-01 false Security provisions. 122.182 Section 122.182 Customs Duties U.S. CUSTOMS AND BORDER PROTECTION, DEPARTMENT OF HOMELAND SECURITY; DEPARTMENT OF THE TREASURY AIR COMMERCE REGULATIONS Access to Customs Security Areas § 122.182 Security provisions. (a...

  2. 19 CFR 122.182 - Security provisions.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 19 Customs Duties 1 2012-04-01 2012-04-01 false Security provisions. 122.182 Section 122.182 Customs Duties U.S. CUSTOMS AND BORDER PROTECTION, DEPARTMENT OF HOMELAND SECURITY; DEPARTMENT OF THE TREASURY AIR COMMERCE REGULATIONS Access to Customs Security Areas § 122.182 Security provisions. (a...

  3. 76 FR 38293 - Risk Management Controls for Brokers or Dealers With Market Access

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-06-30

    ... securities to give broker- dealers with market access additional time to develop, test, and implement the... that exceed appropriate pre-set credit or capital thresholds,\\5\\ or that appear to be erroneous.\\6\\ The... satisfied on a pre-order entry basis,\\7\\ prevent the entry of orders that the broker- dealers or customer is...

  4. Securing a Lock on Safety.

    ERIC Educational Resources Information Center

    Daneman, Kathy

    1998-01-01

    Describes the integration of security systems to provide enhanced security that is both effective and long lasting. Examines combining card-access systems with camera surveillance, and highly visible emergency phones and security officers. as one of many possible combinations. Some systems most capable of being integrated are listed. (GR)

  5. A Framework for Context Sensitive Risk-Based Access Control in Medical Information Systems

    PubMed Central

    Choi, Donghee; Kim, Dohoon; Park, Seog

    2015-01-01

    Since the access control environment has changed and the threat of insider information leakage has come to the fore, studies on risk-based access control models that decide access permissions dynamically have been conducted vigorously. Medical information systems should protect sensitive data such as medical information from insider threat and enable dynamic access control depending on the context such as life-threatening emergencies. In this paper, we suggest an approach and framework for context sensitive risk-based access control suitable for medical information systems. This approach categorizes context information, estimating and applying risk through context- and treatment-based permission profiling and specifications by expanding the eXtensible Access Control Markup Language (XACML) to apply risk. The proposed framework supports quick responses to medical situations and prevents unnecessary insider data access through dynamic access authorization decisions in accordance with the severity of the context and treatment. PMID:26075013

  6. Control and Non-Payload Communications (CNPC) Prototype Radio - Generation 2 Security Flight Test Report

    NASA Technical Reports Server (NTRS)

    Iannicca, Dennis C.; Ishac, Joseph A.; Shalkhauser, Kurt A.

    2015-01-01

    NASA Glenn Research Center (GRC), in cooperation with Rockwell Collins, is working to develop a prototype Control and Non-Payload Communications (CNPC) radio platform as part of NASA Integrated Systems Research Program's (ISRP) Unmanned Aircraft Systems (UAS) Integration in the National Airspace System (NAS) project. A primary focus of the project is to work with the Federal Aviation Administration (FAA) and industry standards bodies to build and demonstrate a safe, secure, and efficient CNPC architecture that can be used by industry to evaluate the feasibility of deploying a system using these technologies in an operational capacity. GRC has been working in conjunction with these groups to assess threats, identify security requirements, and to develop a system of standards-based security controls that can be applied to the GRC prototype CNPC architecture as a demonstration platform. The proposed security controls were integrated into the GRC flight test system aboard our S-3B Viking surrogate aircraft and several network tests were conducted during a flight on November 15th, 2014 to determine whether the controls were working properly within the flight environment. The flight test was also the first to integrate Robust Header Compression (ROHC) as a means of reducing the additional overhead introduced by the security controls and Mobile IPv6. The effort demonstrated the complete end-to-end secure CNPC link in a relevant flight environment.

  7. A low power medium access control protocol for wireless medical sensor networks.

    PubMed

    Lamprinos, I; Prentza, A; Sakka, E; Koutsouris, D

    2004-01-01

    The concept of a wireless integrated network of sensors, already applied in several sectors of our everyday life, such as security, transportation and environment monitoring, can as well provide an advanced monitor and control resource for healthcare services. By networking medical sensors wirelessly, attaching them in patient's body, we create the appropriate infrastructure for continuous and real-time monitoring of patient without discomforting him. This infrastructure can improve healthcare by providing the means for flexible acquisition of vital signs, while at the same time it provides more convenience to the patient. Given the type of wireless network, traditional medium access control (MAC) protocols cannot take advantage of the application specific requirements and information characteristics occurring in medical sensor networks, such as the demand for low power consumption and the rather limited and asymmetric data traffic. In this paper, we present the architecture of a low power MAC protocol, designated to support wireless networks of medical sensors. This protocol aims to improve energy efficiency by exploiting the inherent application features and requirements. It is oriented towards the avoidance of main energy wastage sources, such as idle listening, collision and power outspending.

  8. OS friendly microprocessor architecture: Hardware level computer security

    NASA Astrophysics Data System (ADS)

    Jungwirth, Patrick; La Fratta, Patrick

    2016-05-01

    We present an introduction to the patented OS Friendly Microprocessor Architecture (OSFA) and hardware level computer security. Conventional microprocessors have not tried to balance hardware performance and OS performance at the same time. Conventional microprocessors have depended on the Operating System for computer security and information assurance. The goal of the OS Friendly Architecture is to provide a high performance and secure microprocessor and OS system. We are interested in cyber security, information technology (IT), and SCADA control professionals reviewing the hardware level security features. The OS Friendly Architecture is a switched set of cache memory banks in a pipeline configuration. For light-weight threads, the memory pipeline configuration provides near instantaneous context switching times. The pipelining and parallelism provided by the cache memory pipeline provides for background cache read and write operations while the microprocessor's execution pipeline is running instructions. The cache bank selection controllers provide arbitration to prevent the memory pipeline and microprocessor's execution pipeline from accessing the same cache bank at the same time. This separation allows the cache memory pages to transfer to and from level 1 (L1) caching while the microprocessor pipeline is executing instructions. Computer security operations are implemented in hardware. By extending Unix file permissions bits to each cache memory bank and memory address, the OSFA provides hardware level computer security.

  9. Digital security technology simplified.

    PubMed

    Scaglione, Bernard J

    2007-01-01

    Digital security technology is making great strides in replacing analog and other traditional security systems including CCTV card access, personal identification and alarm monitoring applications. Like any new technology, the author says, it is important to understand its benefits and limitations before purchasing and installing, to ensure its proper operation and effectiveness. This article is a primer for security directors on how digital technology works. It provides an understanding of the key components which make up the foundation for digital security systems, focusing on three key aspects of the digital security world: the security network, IP cameras and IP recorders.

  10. 14 CFR 1260.31 - National security.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... 14 Aeronautics and Space 5 2013-01-01 2013-01-01 false National security. 1260.31 Section 1260.31... Provisions § 1260.31 National security. National Security October 2000 Normally, NASA grants do not involve... who will have access to the information must obtain the appropriate security clearance in advance of...

  11. 14 CFR 1260.31 - National security.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 14 Aeronautics and Space 5 2012-01-01 2012-01-01 false National security. 1260.31 Section 1260.31... Provisions § 1260.31 National security. National Security October 2000 Normally, NASA grants do not involve... who will have access to the information must obtain the appropriate security clearance in advance of...

  12. 14 CFR 1260.31 - National security.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false National security. 1260.31 Section 1260.31... Provisions § 1260.31 National security. National Security October 2000 Normally, NASA grants do not involve... who will have access to the information must obtain the appropriate security clearance in advance of...

  13. 14 CFR 1260.31 - National security.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true National security. 1260.31 Section 1260.31... Provisions § 1260.31 National security. National Security October 2000 Normally, NASA grants do not involve... who will have access to the information must obtain the appropriate security clearance in advance of...

  14. Reconsidering non-traditional export agriculture and household food security: A case study in rural Guatemala.

    PubMed

    Méthot, Josée; Bennett, Elena M

    2018-01-01

    As the production of non-traditional export (NTX) crops by smallholder households in developing countries expands, there is a compelling need to understand the potential effects of this type of agricultural production on household food security and nutrition. We use two household surveys with a sample of 52 households, interviews, and focus groups to examine whether smallholder farmers who produce broccoli for export in a rural Guatemalan community have different household food security than farmers in the same community who are still growing traditional maize and bean crops. We explore and compare the food security status of broccoli farmers (adopters) and traditional farmers (non-adopters) across four dimensions of food security: availability, access, utilization, and stability. Adopters earned significantly more income (40%) than non-adopters, but higher incomes did not coincide with improvements in food availability, food access, or food utilization. Results indicate that adopters and non-adopters alike struggle with access to food, while the intensity of broccoli production may be undermining the ability of local agricultural systems to naturally control pests and regulate nutrients. More systematic approaches to food security assessment, especially those that consider all four dimensions of food security, are needed to better target interventions designed to alleviate food insecurity among rural smallholders.

  15. Reconsidering non-traditional export agriculture and household food security: A case study in rural Guatemala

    PubMed Central

    Bennett, Elena M.

    2018-01-01

    As the production of non-traditional export (NTX) crops by smallholder households in developing countries expands, there is a compelling need to understand the potential effects of this type of agricultural production on household food security and nutrition. We use two household surveys with a sample of 52 households, interviews, and focus groups to examine whether smallholder farmers who produce broccoli for export in a rural Guatemalan community have different household food security than farmers in the same community who are still growing traditional maize and bean crops. We explore and compare the food security status of broccoli farmers (adopters) and traditional farmers (non-adopters) across four dimensions of food security: availability, access, utilization, and stability. Adopters earned significantly more income (40%) than non-adopters, but higher incomes did not coincide with improvements in food availability, food access, or food utilization. Results indicate that adopters and non-adopters alike struggle with access to food, while the intensity of broccoli production may be undermining the ability of local agricultural systems to naturally control pests and regulate nutrients. More systematic approaches to food security assessment, especially those that consider all four dimensions of food security, are needed to better target interventions designed to alleviate food insecurity among rural smallholders. PMID:29795691

  16. Dynamic access control model for privacy preserving personalized healthcare in cloud environment.

    PubMed

    Son, Jiseong; Kim, Jeong-Dong; Na, Hong-Seok; Baik, Doo-Kwon

    2015-01-01

    When sharing and storing healthcare data in a cloud environment, access control is a central issue for preserving data privacy as a patient's personal health data may be accessed without permission from many stakeholders. Specifically, dynamic authorization for the access of data is required because personal health data is stored in cloud storage via wearable devices. Therefore, we propose a dynamic access control model for preserving the privacy of personal healthcare data in a cloud environment. The proposed model considers context information for dynamic access. According to the proposed model, access control can be dynamically determined by changing the context information; this means that even for a subject with the same role in the cloud, access permission is defined differently depending on the context information and access condition. Furthermore, we experiment the ability of the proposed model to provide correct responses by representing a dynamic access decision with real-life personalized healthcare system scenarios.

  17. Hormone-dependent control of developmental timing through regulation of chromatin accessibility

    PubMed Central

    Uyehara, Christopher M.; Nystrom, Spencer L.; Niederhuber, Matthew J.; Leatham-Jensen, Mary; Ma, Yiqin; Buttitta, Laura A.

    2017-01-01

    Specification of tissue identity during development requires precise coordination of gene expression in both space and time. Spatially, master regulatory transcription factors are required to control tissue-specific gene expression programs. However, the mechanisms controlling how tissue-specific gene expression changes over time are less well understood. Here, we show that hormone-induced transcription factors control temporal gene expression by regulating the accessibility of DNA regulatory elements. Using the Drosophila wing, we demonstrate that temporal changes in gene expression are accompanied by genome-wide changes in chromatin accessibility at temporal-specific enhancers. We also uncover a temporal cascade of transcription factors following a pulse of the steroid hormone ecdysone such that different times in wing development can be defined by distinct combinations of hormone-induced transcription factors. Finally, we show that the ecdysone-induced transcription factor E93 controls temporal identity by directly regulating chromatin accessibility across the genome. Notably, we found that E93 controls enhancer activity through three different modalities, including promoting accessibility of late-acting enhancers and decreasing accessibility of early-acting enhancers. Together, this work supports a model in which an extrinsic signal triggers an intrinsic transcription factor cascade that drives development forward in time through regulation of chromatin accessibility. PMID:28536147

  18. Integrating QoS and security functions in an IP-VPN gateway

    NASA Astrophysics Data System (ADS)

    Fan, Kuo-Pao; Chang, Shu-Hsin; Lin, Kuan-Ming; Pen, Mau-Jy

    2001-10-01

    IP-based Virtual Private Network becomes more and more popular. It can not only reduce the enterprise communication cost but also increase the revenue of the service provider. The common IP-VPN application types include Intranet VPN, Extranet VPN, and remote access VPN. For the large IP-VPN market, some vendors develop dedicated IP-VPN devices; while some vendors add the VPN functions into their existing network equipment such as router, access gateway, etc. The functions in the IP-VPN device include security, QoS, and management. The common security functions supported are IPSec (IP Security), IKE (Internet Key Exchange), and Firewall. The QoS functions include bandwidth control and packet scheduling. In the management component, policy-based network management is under standardization in IETF. In this paper, we discuss issues on how to integrate the QoS and security functions in an IP-VPN Gateway. We propose three approaches to do this. They are (1) perform Qos first (2) perform IPSec first and (3) reserve fixed bandwidth for IPSec. We also compare the advantages and disadvantages of the three proposed approaches.

  19. Creating a clinical video-conferencing facility in a security-constrained environment using open-source AccessGrid software and consumer hardware.

    PubMed

    Terrazas, Enrique; Hamill, Timothy R; Wang, Ye; Channing Rodgers, R P

    2007-10-11

    The Department of Laboratory Medicine at the University of California, San Francisco (UCSF) has been split into widely separated facilities, leading to much time being spent traveling between facilities for meetings. We installed an open-source AccessGrid multi-media-conferencing system using (largely) consumer-grade equipment, connecting 6 sites at 5 separate facilities. The system was accepted rapidly and enthusiastically, and was inexpensive compared to alternative approaches. Security was addressed by aspects of the AG software and by local network administrative practices. The chief obstacles to deployment arose from security restrictions imposed by multiple independent network administration regimes, requiring a drastically reduced list of network ports employed by AG components.

  20. Programmable Logic Controllers for Research on the Cyber Security of Industrial Power Plants

    DTIC Science & Technology

    2017-02-12

    group . 15. SUBJECT TERMS Industrial control systems, cyber security 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF a. REPORT b. ABSTRACT c. THIS...currently valid OMB control number. PLEASE DO NOT RETURN YOUR FORM TO THE ABOVE ADDRESS. 1. REPORT DATE (00-MM-YYYY) ,2. REPORT TYPE 3. DATES COVERED...From- To) 12/02/2017 Final 15 August 2015 - 12 February 2017 4. TITLE AND SUBTITLE Sa. CONTRACT NUMBER Programmable Logic Controllers for Research

  1. Integrating security in a group oriented distributed system

    NASA Technical Reports Server (NTRS)

    Reiter, Michael; Birman, Kenneth; Gong, LI

    1992-01-01

    A distributed security architecture is proposed for incorporation into group oriented distributed systems, and in particular, into the Isis distributed programming toolkit. The primary goal of the architecture is to make common group oriented abstractions robust in hostile settings, in order to facilitate the construction of high performance distributed applications that can tolerate both component failures and malicious attacks. These abstractions include process groups and causal group multicast. Moreover, a delegation and access control scheme is proposed for use in group oriented systems. The focus is the security architecture; particular cryptosystems and key exchange protocols are not emphasized.

  2. SAFE: SPARQL Federation over RDF Data Cubes with Access Control.

    PubMed

    Khan, Yasar; Saleem, Muhammad; Mehdi, Muntazir; Hogan, Aidan; Mehmood, Qaiser; Rebholz-Schuhmann, Dietrich; Sahay, Ratnesh

    2017-02-01

    Several query federation engines have been proposed for accessing public Linked Open Data sources. However, in many domains, resources are sensitive and access to these resources is tightly controlled by stakeholders; consequently, privacy is a major concern when federating queries over such datasets. In the Healthcare and Life Sciences (HCLS) domain real-world datasets contain sensitive statistical information: strict ownership is granted to individuals working in hospitals, research labs, clinical trial organisers, etc. Therefore, the legal and ethical concerns on (i) preserving the anonymity of patients (or clinical subjects); and (ii) respecting data ownership through access control; are key challenges faced by the data analytics community working within the HCLS domain. Likewise statistical data play a key role in the domain, where the RDF Data Cube Vocabulary has been proposed as a standard format to enable the exchange of such data. However, to the best of our knowledge, no existing approach has looked to optimise federated queries over such statistical data. We present SAFE: a query federation engine that enables policy-aware access to sensitive statistical datasets represented as RDF data cubes. SAFE is designed specifically to query statistical RDF data cubes in a distributed setting, where access control is coupled with source selection, user profiles and their access rights. SAFE proposes a join-aware source selection method that avoids wasteful requests to irrelevant and unauthorised data sources. In order to preserve anonymity and enforce stricter access control, SAFE's indexing system does not hold any data instances-it stores only predicates and endpoints. The resulting data summary has a significantly lower index generation time and size compared to existing engines, which allows for faster updates when sources change. We validate the performance of the system with experiments over real-world datasets provided by three clinical organisations as

  3. A New Cellular Architecture for Information Retrieval from Sensor Networks through Embedded Service and Security Protocols

    PubMed Central

    Shahzad, Aamir; Landry, René; Lee, Malrey; Xiong, Naixue; Lee, Jongho; Lee, Changhoon

    2016-01-01

    Substantial changes have occurred in the Information Technology (IT) sectors and with these changes, the demand for remote access to field sensor information has increased. This allows visualization, monitoring, and control through various electronic devices, such as laptops, tablets, i-Pads, PCs, and cellular phones. The smart phone is considered as a more reliable, faster and efficient device to access and monitor industrial systems and their corresponding information interfaces anywhere and anytime. This study describes the deployment of a protocol whereby industrial system information can be securely accessed by cellular phones via a Supervisory Control And Data Acquisition (SCADA) server. To achieve the study goals, proprietary protocol interconnectivity with non-proprietary protocols and the usage of interconnectivity services are considered in detail. They support the visualization of the SCADA system information, and the related operations through smart phones. The intelligent sensors are configured and designated to process real information via cellular phones by employing information exchange services between the proprietary protocol and non-proprietary protocols. SCADA cellular access raises the issue of security flaws. For these challenges, a cryptography-based security method is considered and deployed, and it could be considered as a part of a proprietary protocol. Subsequently, transmission flows from the smart phones through a cellular network. PMID:27314351

  4. A New Cellular Architecture for Information Retrieval from Sensor Networks through Embedded Service and Security Protocols.

    PubMed

    Shahzad, Aamir; Landry, René; Lee, Malrey; Xiong, Naixue; Lee, Jongho; Lee, Changhoon

    2016-06-14

    Substantial changes have occurred in the Information Technology (IT) sectors and with these changes, the demand for remote access to field sensor information has increased. This allows visualization, monitoring, and control through various electronic devices, such as laptops, tablets, i-Pads, PCs, and cellular phones. The smart phone is considered as a more reliable, faster and efficient device to access and monitor industrial systems and their corresponding information interfaces anywhere and anytime. This study describes the deployment of a protocol whereby industrial system information can be securely accessed by cellular phones via a Supervisory Control And Data Acquisition (SCADA) server. To achieve the study goals, proprietary protocol interconnectivity with non-proprietary protocols and the usage of interconnectivity services are considered in detail. They support the visualization of the SCADA system information, and the related operations through smart phones. The intelligent sensors are configured and designated to process real information via cellular phones by employing information exchange services between the proprietary protocol and non-proprietary protocols. SCADA cellular access raises the issue of security flaws. For these challenges, a cryptography-based security method is considered and deployed, and it could be considered as a part of a proprietary protocol. Subsequently, transmission flows from the smart phones through a cellular network.

  5. Enabling secure, distributed collaborations for adrenal tumor research.

    PubMed

    Stell, Anthony; Sinnott, Richard; Jiang, Jipu

    2010-01-01

    Many e-Health strategies rely on the secure integration of datasets that have previously resided in isolated locations, but can now in principle be accessed over the Internet. Of paramount importance in the health domain is the need for the security and privacy of data that is transmitted across these networks. One such collaboration, which spans several specialist centres across France, Germany, Italy and the UK, is ENSAT - the European Network for the Study of Adrenal Tumors. The rarity of the tumors under study means the value of accessing, aggregating and comparing data from many centres is great indeed. However this is especially challenging given that ENSAT require clinical and genomic data to be seamlessly linked, but in such a way that the information governance, ethics and privacy concerns of the patients and associated stakeholders involved are visibly satisfied. Key to this is the clear separation of clinical and genomic data sets and support for rigorous patient-identity protecting access control. This is especially challenging when such data sets exist across different organisational boundaries. In this paper we describe a prototype solution offering a security-oriented tailored portal supported by a layered encryption-driven linkage technology (VANGUARD) that offers precisely such patient-privacy protecting capabilities. We describe the architecture, implementation and use to date of this facility to support the ENSAT adrenal cancer research network.

  6. 10 CFR 20.1601 - Control of access to high radiation areas.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... 10 Energy 1 2010-01-01 2010-01-01 false Control of access to high radiation areas. 20.1601 Section 20.1601 Energy NUCLEAR REGULATORY COMMISSION STANDARDS FOR PROTECTION AGAINST RADIATION Control of Exposure From External Sources in Restricted Areas § 20.1601 Control of access to high radiation areas. (a...

  7. 10 CFR 20.1601 - Control of access to high radiation areas.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 10 Energy 1 2014-01-01 2014-01-01 false Control of access to high radiation areas. 20.1601 Section 20.1601 Energy NUCLEAR REGULATORY COMMISSION STANDARDS FOR PROTECTION AGAINST RADIATION Control of Exposure From External Sources in Restricted Areas § 20.1601 Control of access to high radiation areas. (a...

  8. 10 CFR 20.1601 - Control of access to high radiation areas.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... 10 Energy 1 2013-01-01 2013-01-01 false Control of access to high radiation areas. 20.1601 Section 20.1601 Energy NUCLEAR REGULATORY COMMISSION STANDARDS FOR PROTECTION AGAINST RADIATION Control of Exposure From External Sources in Restricted Areas § 20.1601 Control of access to high radiation areas. (a...

  9. 10 CFR 20.1601 - Control of access to high radiation areas.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 10 Energy 1 2011-01-01 2011-01-01 false Control of access to high radiation areas. 20.1601 Section 20.1601 Energy NUCLEAR REGULATORY COMMISSION STANDARDS FOR PROTECTION AGAINST RADIATION Control of Exposure From External Sources in Restricted Areas § 20.1601 Control of access to high radiation areas. (a...

  10. 10 CFR 20.1601 - Control of access to high radiation areas.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 10 Energy 1 2012-01-01 2012-01-01 false Control of access to high radiation areas. 20.1601 Section 20.1601 Energy NUCLEAR REGULATORY COMMISSION STANDARDS FOR PROTECTION AGAINST RADIATION Control of Exposure From External Sources in Restricted Areas § 20.1601 Control of access to high radiation areas. (a...

  11. TealLock 5.20 security software program for handheld devices.

    PubMed

    Tahil, Fatimah A

    2004-07-01

    The TealLock has a simple graphic interface, and the program is user-friendly with well thought out options to customize security settings. The program is inexpensive and works seamlessly with the Palm OS platform's built-in basic Security application. The developer offers a 30-day free trial version and there is no downside to trying it to see if it meets your needs. It seems to be an effective security software program for psychiatrists who keep confidential and sensitive patient information on their PDAs. In keeping with HIPAA regulations, the TealLock bolsters security for protected health information stored on PDAs or other handheld devices by providing safeguards that address authentication, access control, encryption, and selected aspects of transmission.

  12. Proximity-based access control for context-sensitive information provision in SOA-based systems

    NASA Astrophysics Data System (ADS)

    Rajappan, Gowri; Wang, Xiaofei; Grant, Robert; Paulini, Matthew

    2014-06-01

    Service Oriented Architecture (SOA) has enabled open-architecture integration of applications within an enterprise. For net-centric Command and Control (C2), this elucidates information sharing between applications and users, a critical requirement for mission success. The Information Technology (IT) access control schemes, which arbitrate who gets access to what information, do not yet have the contextual knowledge to dynamically allow this information sharing to happen dynamically. The access control might prevent legitimate users from accessing information relevant to the current mission context, since this context may be very different from the context for which the access privileges were configured. We evaluate a pair of data relevance measures - proximity and risk - and use these as the basis of dynamic access control. Proximity is a measure of the strength of connection between the user and the resource. However, proximity is not sufficient, since some data might have a negative impact, if leaked, which far outweighs importance to the subject's mission. For this, we use a risk measure to quantify the downside of data compromise. Given these contextual measures of proximity and risk, we investigate extending Attribute-Based Access Control (ABAC), which is used by the Department of Defense, and Role-Based Access Control (RBAC), which is widely used in the civilian market, so that these standards-based access control models are given contextual knowledge to enable dynamic information sharing. Furthermore, we consider the use of such a contextual access control scheme in a SOA-based environment, in particular for net-centric C2.

  13. 33 CFR 165.30 - Security zones.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... 33 Navigation and Navigable Waters 2 2010-07-01 2010-07-01 false Security zones. 165.30 Section... AND WATERWAYS SAFETY REGULATED NAVIGATION AREAS AND LIMITED ACCESS AREAS Security Zones § 165.30 Security zones. (a) A security zone is an area of land, water, or land and water which is so designated by...

  14. Security Tagged Architecture Co-Design (STACD)

    DTIC Science & Technology

    2015-09-01

    components have access to all other system components whether they need it or not. Microkernels [8, 9, 10] seek to reduce the kernel size to improve...does not provide the fine-grained control to allow for formal verification. Microkernels reduce the size of the kernel enough to allow for a formal...verification of the kernel. Tanenbaum [14] documents many of the security virtues of microkernels and argues that the Ring 3 Ring 2 Ring 1

  15. Implementation of QoSS (Quality-of-Security Service) for NoC-Based SoC Protection

    NASA Astrophysics Data System (ADS)

    Sepúlveda, Johanna; Pires, Ricardo; Strum, Marius; Chau, Wang Jiang

    Many of the current electronic systems embedded in a SoC (System-on-Chip) are used to capture, store, manipulate and access critical data, as well as to perform other key functions. In such a scenario, security is considered as an important issue. The Network-on-chip (NoC), as the foreseen communication structure of next-generation SoC devices, can be used to efficiently incorporate security. Our work proposes the implementation of QoSS (Quality of Security Service) to overcome present SoC vulnerabilities. QoSS is a novel concept for data protection that introduces security as a dimension of QoS. In this paper, we present the implementation of two security services (access control and authentication), that may be configured to assume one from several possible levels, the implementation of a technique to avoid denial-of-service (DoS) attacks, evaluate their effectiveness and estimate their impact on NoC performance.

  16. Access Control for Mobile Assessment Systems Using ID.

    PubMed

    Nakayama, Masaharu; Ishii, Tadashi; Morino, Kazuma

    2015-01-01

    The assessment of shelters during disaster is critical to ensure the health of evacuees and prevent pandemic. In the Ishinomaki area, one of the areas most damaged by the Great East Japan Earthquake, the highly organized assessment helped to successfully manage a total of 328 shelters with a total of 46,480 evacuees. The input and analysis of vast amounts of data was tedious work for staff members. However, a web-based assessment system that utilized mobile devices was thought to decrease workload and standardize the evaluation form. The necessary access of information should be controlled in order to maintain individuals' privacy. We successfully developed an access control system using IDs. By utilizing a unique numerical ID, users can access the input form or assessment table. This avoids unnecessary queries to the server, resulting in a quick response and easy availability, even with poor internet connection.

  17. Defining Information Security.

    PubMed

    Lundgren, Björn; Möller, Niklas

    2017-11-15

    This article proposes a new definition of information security, the 'Appropriate Access' definition. Apart from providing the basic criteria for a definition-correct demarcation and meaning concerning the state of security-it also aims at being a definition suitable for any information security perspective. As such, it bridges the conceptual divide between so-called 'soft issues' of information security (those including, e.g., humans, organizations, culture, ethics, policies, and law) and more technical issues. Because of this it is also suitable for various analytical purposes, such as analysing possible security breaches, or for studying conflicting attitudes on security in an organization. The need for a new definition is demonstrated by pointing to a number of problems for the standard definition type of information security-the so-called CIA definition. Besides being too broad as well as too narrow, it cannot properly handle the soft issues of information security, nor recognize the contextual and normative nature of security.

  18. Privacy aware access controls for medical data disclosure on European healthgrids.

    PubMed

    Rahmouni, Hanene Boussi; Solomonides, Tony; Mont, Marco Casassa; Shiu, Simon

    2010-01-01

    To be processed within a healthgrid environment, medical data goes through a complete lifecycle and several stages until it is finally used for the primary reason it has been collected for. This stage is not always the final occurrence of when the data would have been manipulated. The data could rather continue to be needed for secondary purposes of legitimate or non legitimate nature. Although other privacy issues are related to the processing of patient data while it is residing on a healthgrid environment, the control of data disclosure is our primary interest. When sharing medical data between different Healthcare and biomedical research organizations in Europe, it is important that the different parties involved in the sharing handle the data in the same way indicated by the legislation of the member state where the data was originally collected as the requirements might differ from one state to another. Privacy requirements, such as patient consent, may be subject to conflicting conditions between different national frameworks as well as between different legal and ethical frameworks within a single member state. These circumstances have made the compliance management process in European healthgrid very challenging. In this paper we are presenting an approach to tackle these issues by relying on several technologies contained in the semantic web stack. Our work suggests a direct mapping from high level legislation on privacy and data protection to operational level privacy aware controls. Additionally we suggest an architecture for the enforcement of these controls on access control models adopted by healthgrids security infrastructures.

  19. Controlled Bidirectional Quantum Secure Direct Communication

    PubMed Central

    Chou, Yao-Hsin; Lin, Yu-Ting; Zeng, Guo-Jyun; Lin, Fang-Jhu; Chen, Chi-Yuan

    2014-01-01

    We propose a novel protocol for controlled bidirectional quantum secure communication based on a nonlocal swap gate scheme. Our proposed protocol would be applied to a system in which a controller (supervisor/Charlie) controls the bidirectional communication with quantum information or secret messages between legitimate users (Alice and Bob). In this system, the legitimate users must obtain permission from the controller in order to exchange their respective quantum information or secret messages simultaneously; the controller is unable to obtain any quantum information or secret messages from the decoding process. Moreover, the presence of the controller also avoids the problem of one legitimate user receiving the quantum information or secret message before the other, and then refusing to help the other user decode the quantum information or secret message. Our proposed protocol is aimed at protecting against external and participant attacks on such a system, and the cost of transmitting quantum bits using our protocol is less than that achieved in other studies. Based on the nonlocal swap gate scheme, the legitimate users exchange their quantum information or secret messages without transmission in a public channel, thus protecting against eavesdroppers stealing the secret messages. PMID:25006596

  20. Securing the Aviation Transportation System

    DTIC Science & Technology

    2007-12-01

    accessed 27 May 2007) 13 Robert W. Poole, Jr., “ Airport Security : Time for a New Model,” Reason Foundation online article, January 2006, Available from...15 Robert W. Poole, Jr., “ Airport Security : Time for a New Model,” Reason Foundation online article, January 2006...commercial jetliners. 24 Peter St. John, Air Piracy, Airport Security , and International Terrorism

  1. Comprehensive security framework for the communication and storage of medical images

    NASA Astrophysics Data System (ADS)

    Slik, David; Montour, Mike; Altman, Tym

    2003-05-01

    Confidentiality, integrity verification and access control of medical imagery and associated metadata is critical for the successful deployment of integrated healthcare networks that extend beyond the department level. As medical imagery continues to become widely accessed across multiple administrative domains and geographically distributed locations, image data should be able to travel and be stored on untrusted infrastructure, including public networks and server equipment operated by external entities. Given these challenges associated with protecting large-scale distributed networks, measures must be taken to protect patient identifiable information while guarding against tampering, denial of service attacks, and providing robust audit mechanisms. The proposed framework outlines a series of security practices for the protection of medical images, incorporating Transport Layer Security (TLS), public and secret key cryptography, certificate management and a token based trusted computing base. It outlines measures that can be utilized to protect information stored within databases, online and nearline storage, and during transport over trusted and untrusted networks. In addition, it provides a framework for ensuring end-to-end integrity of image data from acquisition to viewing, and presents a potential solution to the challenges associated with access control across multiple administrative domains and institution user bases.

  2. 33 CFR 165.30 - Security zones.

    Code of Federal Regulations, 2014 CFR

    2014-07-01

    ... 33 Navigation and Navigable Waters 2 2014-07-01 2014-07-01 false Security zones. 165.30 Section 165.30 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) PORTS AND WATERWAYS SAFETY REGULATED NAVIGATION AREAS AND LIMITED ACCESS AREAS Security Zones § 165.30...

  3. 33 CFR 165.30 - Security zones.

    Code of Federal Regulations, 2013 CFR

    2013-07-01

    ... 33 Navigation and Navigable Waters 2 2013-07-01 2013-07-01 false Security zones. 165.30 Section 165.30 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) PORTS AND WATERWAYS SAFETY REGULATED NAVIGATION AREAS AND LIMITED ACCESS AREAS Security Zones § 165.30...

  4. 33 CFR 165.30 - Security zones.

    Code of Federal Regulations, 2012 CFR

    2012-07-01

    ... 33 Navigation and Navigable Waters 2 2012-07-01 2012-07-01 false Security zones. 165.30 Section 165.30 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) PORTS AND WATERWAYS SAFETY REGULATED NAVIGATION AREAS AND LIMITED ACCESS AREAS Security Zones § 165.30...

  5. 33 CFR 165.30 - Security zones.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... 33 Navigation and Navigable Waters 2 2011-07-01 2011-07-01 false Security zones. 165.30 Section 165.30 Navigation and Navigable Waters COAST GUARD, DEPARTMENT OF HOMELAND SECURITY (CONTINUED) PORTS AND WATERWAYS SAFETY REGULATED NAVIGATION AREAS AND LIMITED ACCESS AREAS Security Zones § 165.30...

  6. Lawrence Livermore National Laboratory safeguards and security quarterly progress report to the US Department of Energy quarter ending September 30, 1994

    DOE Office of Scientific and Technical Information (OSTI.GOV)

    Davis, G.; Mansur, D.L.; Ruhter, W.D.

    1994-10-01

    This report presents the details of the Lawrence Livermore National Laboratory safeguards and securities program. This program is focused on developing new technology, such as x- and gamma-ray spectrometry, for measurement of special nuclear materials. This program supports the Office of Safeguards and Securities in the following five areas; safeguards technology, safeguards and decision support, computer security, automated physical security, and automated visitor access control systems.

  7. Urban Studies: A Study of Bibliographic Access and Control.

    ERIC Educational Resources Information Center

    Anderson, Barbara E.

    This paper analyzes: (1) the bibliographic access to publications in urban studies via printed secondary sources; (2) development and scope of classification systems and of vocabulary control for urban studies; and (3) currently accessible automated collections of bibliographic citations. Urban studies is defined as "an agglomeration of…

  8. Open access publishing, article downloads, and citations: randomised controlled trial

    PubMed Central

    Lewenstein, Bruce V; Simon, Daniel H; Booth, James G; Connolly, Mathew J L

    2008-01-01

    Objective To measure the effect of free access to the scientific literature on article downloads and citations. Design Randomised controlled trial. Setting 11 journals published by the American Physiological Society. Participants 1619 research articles and reviews. Main outcome measures Article readership (measured as downloads of full text, PDFs, and abstracts) and number of unique visitors (internet protocol addresses). Citations to articles were gathered from the Institute for Scientific Information after one year. Interventions Random assignment on online publication of articles published in 11 scientific journals to open access (treatment) or subscription access (control). Results Articles assigned to open access were associated with 89% more full text downloads (95% confidence interval 76% to 103%), 42% more PDF downloads (32% to 52%), and 23% more unique visitors (16% to 30%), but 24% fewer abstract downloads (−29% to −19%) than subscription access articles in the first six months after publication. Open access articles were no more likely to be cited than subscription access articles in the first year after publication. Fifty nine per cent of open access articles (146 of 247) were cited nine to 12 months after publication compared with 63% (859 of 1372) of subscription access articles. Logistic and negative binomial regression analysis of article citation counts confirmed no citation advantage for open access articles. Conclusions Open access publishing may reach more readers than subscription access publishing. No evidence was found of a citation advantage for open access articles in the first year after publication. The citation advantage from open access reported widely in the literature may be an artefact of other causes. PMID:18669565

  9. From Fault-Diagnosis and Performance Recovery of a Controlled System to Chaotic Secure Communication

    NASA Astrophysics Data System (ADS)

    Hsu, Wen-Teng; Tsai, Jason Sheng-Hong; Guo, Fang-Cheng; Guo, Shu-Mei; Shieh, Leang-San

    Chaotic systems are often applied to encryption on secure communication, but they may not provide high-degree security. In order to improve the security of communication, chaotic systems may need to add other secure signals, but this may cause the system to diverge. In this paper, we redesign a communication scheme that could create secure communication with additional secure signals, and the proposed scheme could keep system convergence. First, we introduce the universal state-space adaptive observer-based fault diagnosis/estimator and the high-performance tracker for the sampled-data linear time-varying system with unanticipated decay factors in actuators/system states. Besides, robustness, convergence in the mean, and tracking ability are given in this paper. A residual generation scheme and a mechanism for auto-tuning switched gain is also presented, so that the introduced methodology is applicable for the fault detection and diagnosis (FDD) for actuator and state faults to yield a high tracking performance recovery. The evolutionary programming-based adaptive observer is then applied to the problem of secure communication. Whenever the tracker induces a large control input which might not conform to the input constraint of some physical systems, the proposed modified linear quadratic optimal tracker (LQT) can effectively restrict the control input within the specified constraint interval, under the acceptable tracking performance. The effectiveness of the proposed design methodology is illustrated through tracking control simulation examples.

  10. Effortful control mediates relations between children's attachment security and their regard for rules of conduct

    PubMed Central

    Nordling, Jamie Koenig; Boldt, Lea J.; O'Bleness, Jessica; Kochanska, Grazyna

    2015-01-01

    Although attachment security has been associated with children's rule-compatible conduct, the mechanism through which attachment influences early regard for rules is not well established. We hypothesized that effortful control would mediate the link between security and indicators of children's emerging regard for rules (discomfort following rule violations, internalization of parents' and experimenter's rules, few externalizing behaviors). In a longitudinal study, the Attachment Q-Set was completed by parents, effortful control was observed, and Regard for Rules was observed and rated by parents. The proposed model fit the data well: Children's security to mothers predicted their effortful control, which in turn had a direct link to a greater Regard for Rules. Children's security with fathers did not predict effortful control. The mother-child relationship appears particularly important for positive developmental cascades of self-regulation and socialization. PMID:27158193

  11. Creating a Clinical Video-Conferencing Facility in a Security-Constrained Environment Using Open-Source AccessGrid Software and Consumer Hardware

    PubMed Central

    Terrazas, Enrique; Hamill, Timothy R.; Wang, Ye; Channing Rodgers, R. P.

    2007-01-01

    The Department of Laboratory Medicine at the University of California, San Francisco (UCSF) has been split into widely separated facilities, leading to much time being spent traveling between facilities for meetings. We installed an open-source AccessGrid multi-media-conferencing system using (largely) consumer-grade equipment, connecting 6 sites at 5 separate facilities. The system was accepted rapidly and enthusiastically, and was inexpensive compared to alternative approaches. Security was addressed by aspects of the AG software and by local network administrative practices. The chief obstacles to deployment arose from security restrictions imposed by multiple independent network administration regimes, requiring a drastically reduced list of network ports employed by AG components. PMID:18693930

  12. InkTag: Secure Applications on an Untrusted Operating System.

    PubMed

    Hofmann, Owen S; Kim, Sangman; Dunn, Alan M; Lee, Michael Z; Witchel, Emmett

    2013-01-01

    InkTag is a virtualization-based architecture that gives strong safety guarantees to high-assurance processes even in the presence of a malicious operating system. InkTag advances the state of the art in untrusted operating systems in both the design of its hypervisor and in the ability to run useful applications without trusting the operating system. We introduce paraverification , a technique that simplifies the InkTag hypervisor by forcing the untrusted operating system to participate in its own verification. Attribute-based access control allows trusted applications to create decentralized access control policies. InkTag is also the first system of its kind to ensure consistency between secure data and metadata, ensuring recoverability in the face of system crashes.

  13. Fertility Effects of Abortion and Birth Control Pill Access for Minors

    PubMed Central

    GULDI, MELANIE

    2008-01-01

    This article empirically assesses whether age-restricted access to abortion and the birth control pill influence minors’ fertility in the United States. There is not a strong consensus in previous literature regarding the relationship between laws restricting minors’ access to abortion and minors’ birthrates. This is the first study to recognize that state laws in place prior to the 1973 Roe v. Wade decision enabled minors to legally consent to surgical treatment—including abortion—in some states but not in others, and to construct abortion access variables reflecting this. In this article, age-specific policy variables measure either a minor’s legal ability to obtain an abortion or to obtain the birth control pill without parental involvement. I find fairly strong evidence that young women’s birthrates dropped as a result of abortion access as well as evidence that birth control pill access led to a drop in birthrates among whites. PMID:19110899

  14. Fertility effects of abortion and birth control pill access for minors.

    PubMed

    Guldi, Melanie

    2008-11-01

    This article empirically assesses whether age-restricted access to abortion and the birth control pill influence minors' fertility in the United States. There is not a strong consensus in previous literature regarding the relationship between laws restricting minors' access to abortion and minors' birth rates. This is the first study to recognize that state laws in place prior to the 1973 Roe v. Wade decision enabled minors to legally consent to surgical treatment-including abortion-in some states but not in others, and to construct abortion access variables reflecting this. In this article, age-specific policy variables measure either a minor's legal ability to obtain an abortion or to obtain the birth control pill without parental involvement. I find fairly strong evidence that young women's birth rates dropped as a result of abortion access as well as evidence that birth control pill access led to a drop in birth rates among whites.

  15. 14 CFR § 1260.31 - National security.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 14 Aeronautics and Space 5 2014-01-01 2014-01-01 false National security. § 1260.31 Section Â... AGREEMENTS General Provisions § 1260.31 National security. National Security October 2000 Normally, NASA... performing on the grant who will have access to the information must obtain the appropriate security...

  16. Efficient Authorization of Rich Presence Using Secure and Composed Web Services

    NASA Astrophysics Data System (ADS)

    Li, Li; Chou, Wu

    This paper presents an extended Role-Based Access Control (RBAC) model for efficient authorization of rich presence using secure web services composed with an abstract presence data model. Following the information symmetry principle, the standard RBAC model is extended to support context sensitive social relations and cascaded authority. In conjunction with the extended RBAC model, we introduce an extensible presence architecture prototype using WS-Security and WS-Eventing to secure rich presence information exchanges based on PKI certificates. Applications and performance measurements of our presence system are presented to show that the proposed RBAC framework for presence and collaboration is well suited for real-time communication and collaboration.

  17. External access to ALICE controls conditions data

    NASA Astrophysics Data System (ADS)

    Jadlovský, J.; Jadlovská, A.; Sarnovský, J.; Jajčišin, Š.; Čopík, M.; Jadlovská, S.; Papcun, P.; Bielek, R.; Čerkala, J.; Kopčík, M.; Chochula, P.; Augustinus, A.

    2014-06-01

    ALICE Controls data produced by commercial SCADA system WINCCOA is stored in ORACLE database on the private experiment network. The SCADA system allows for basic access and processing of the historical data. More advanced analysis requires tools like ROOT and needs therefore a separate access method to the archives. The present scenario expects that detector experts create simple WINCCOA scripts, which retrieves and stores data in a form usable for further studies. This relatively simple procedure generates a lot of administrative overhead - users have to request the data, experts needed to run the script, the results have to be exported outside of the experiment network. The new mechanism profits from database replica, which is running on the CERN campus network. Access to this database is not restricted and there is no risk of generating a heavy load affecting the operation of the experiment. The developed tools presented in this paper allow for access to this data. The users can use web-based tools to generate the requests, consisting of the data identifiers and period of time of interest. The administrators maintain full control over the data - an authorization and authentication mechanism helps to assign privileges to selected users and restrict access to certain groups of data. Advanced caching mechanism allows the user to profit from the presence of already processed data sets. This feature significantly reduces the time required for debugging as the retrieval of raw data can last tens of minutes. A highly configurable client allows for information retrieval bypassing the interactive interface. This method is for example used by ALICE Offline to extract operational conditions after a run is completed. Last but not least, the software can be easily adopted to any underlying database structure and is therefore not limited to WINCCOA.

  18. Framework and prototype for a secure XML-based electronic health records system.

    PubMed

    Steele, Robert; Gardner, William; Chandra, Darius; Dillon, Tharam S

    2007-01-01

    Security of personal medical information has always been a challenge for the advancement of Electronic Health Records (EHRs) initiatives. eXtensible Markup Language (XML), is rapidly becoming the key standard for data representation and transportation. The widespread use of XML and the prospect of its use in the Electronic Health (e-health) domain highlights the need for flexible access control models for XML data and documents. This paper presents a declarative access control model for XML data repositories that utilises an expressive XML role control model. The operational semantics of this model are illustrated by Xplorer, a user interface generation engine which supports search-browse-navigate activities on XML repositories.

  19. Resistance and Security Index of Networks: Structural Information Perspective of Network Security

    NASA Astrophysics Data System (ADS)

    Li, Angsheng; Hu, Qifu; Liu, Jun; Pan, Yicheng

    2016-06-01

    Recently, Li and Pan defined the metric of the K-dimensional structure entropy of a structured noisy dataset G to be the information that controls the formation of the K-dimensional structure of G that is evolved by the rules, order and laws of G, excluding the random variations that occur in G. Here, we propose the notion of resistance of networks based on the one- and two-dimensional structural information of graphs. Given a graph G, we define the resistance of G, written , as the greatest overall number of bits required to determine the code of the module that is accessible via random walks with stationary distribution in G, from which the random walks cannot escape. We show that the resistance of networks follows the resistance law of networks, that is, for a network G, the resistance of G is , where and are the one- and two-dimensional structure entropies of G, respectively. Based on the resistance law, we define the security index of a network G to be the normalised resistance of G, that is, . We show that the resistance and security index are both well-defined measures for the security of the networks.

  20. Resistance and Security Index of Networks: Structural Information Perspective of Network Security.

    PubMed

    Li, Angsheng; Hu, Qifu; Liu, Jun; Pan, Yicheng

    2016-06-03

    Recently, Li and Pan defined the metric of the K-dimensional structure entropy of a structured noisy dataset G to be the information that controls the formation of the K-dimensional structure of G that is evolved by the rules, order and laws of G, excluding the random variations that occur in G. Here, we propose the notion of resistance of networks based on the one- and two-dimensional structural information of graphs. Given a graph G, we define the resistance of G, written , as the greatest overall number of bits required to determine the code of the module that is accessible via random walks with stationary distribution in G, from which the random walks cannot escape. We show that the resistance of networks follows the resistance law of networks, that is, for a network G, the resistance of G is , where and are the one- and two-dimensional structure entropies of G, respectively. Based on the resistance law, we define the security index of a network G to be the normalised resistance of G, that is, . We show that the resistance and security index are both well-defined measures for the security of the networks.

  1. Resistance and Security Index of Networks: Structural Information Perspective of Network Security

    PubMed Central

    Li, Angsheng; Hu, Qifu; Liu, Jun; Pan, Yicheng

    2016-01-01

    Recently, Li and Pan defined the metric of the K-dimensional structure entropy of a structured noisy dataset G to be the information that controls the formation of the K-dimensional structure of G that is evolved by the rules, order and laws of G, excluding the random variations that occur in G. Here, we propose the notion of resistance of networks based on the one- and two-dimensional structural information of graphs. Given a graph G, we define the resistance of G, written , as the greatest overall number of bits required to determine the code of the module that is accessible via random walks with stationary distribution in G, from which the random walks cannot escape. We show that the resistance of networks follows the resistance law of networks, that is, for a network G, the resistance of G is , where and are the one- and two-dimensional structure entropies of G, respectively. Based on the resistance law, we define the security index of a network G to be the normalised resistance of G, that is, . We show that the resistance and security index are both well-defined measures for the security of the networks. PMID:27255783

  2. Evaluation of modified work zone traffic control devices at business accesses

    DOT National Transportation Integrated Search

    2001-01-01

    Modified work zone traffic control devices at business accesses were evaluated on two Oregon Department of Transportation (ODOT) projects in 1999 and 2000. On one section project, blue Temporary Business Access" signs were used at business accesses d...

  3. 5. SOUTH ELEVATION OF BUILDING 8965 (SECURITY POLICE ENTRY CONTROL ...

    Library of Congress Historic Buildings Survey, Historic Engineering Record, Historic Landscapes Survey

    5. SOUTH ELEVATION OF BUILDING 8965 (SECURITY POLICE ENTRY CONTROL BUILDING). - Loring Air Force Base, Alert Area, Southeastern portion of base, east of southern end of runway, Limestone, Aroostook County, ME

  4. 6. SOUTHWEST CORNER OF BUILDING 8965 (SECURITY POLICE ENTRY CONTROL ...

    Library of Congress Historic Buildings Survey, Historic Engineering Record, Historic Landscapes Survey

    6. SOUTHWEST CORNER OF BUILDING 8965 (SECURITY POLICE ENTRY CONTROL BUILDING). - Loring Air Force Base, Alert Area, Southeastern portion of base, east of southern end of runway, Limestone, Aroostook County, ME

  5. 7. SOUTHEAST CORNER OF BUILDING 8965 (SECURITY POLICE ENTRY CONTROL ...

    Library of Congress Historic Buildings Survey, Historic Engineering Record, Historic Landscapes Survey

    7. SOUTHEAST CORNER OF BUILDING 8965 (SECURITY POLICE ENTRY CONTROL BUILDING). - Loring Air Force Base, Alert Area, Southeastern portion of base, east of southern end of runway, Limestone, Aroostook County, ME

  6. United States Homeland Security and National Biometric Identification

    DTIC Science & Technology

    2002-04-09

    security number. Biometrics is the use of unique individual traits such as fingerprints, iris eye patterns, voice recognition, and facial recognition to...technology to control access onto their military bases using a Defense Manpower Management Command developed software application. FACIAL Facial recognition systems...installed facial recognition systems in conjunction with a series of 200 cameras to fight street crime and identify terrorists. The cameras, which are

  7. 7 CFR 1738.22 - Loan security.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... 7 Agriculture 11 2010-01-01 2010-01-01 false Loan security. 1738.22 Section 1738.22 Agriculture... RURAL BROADBAND ACCESS LOANS AND LOAN GUARANTEES Loan Purposes and Basic Policies § 1738.22 Loan security. (a) RUS makes loans only if, in the judgment of the Administrator, the security therefore is...

  8. 7 CFR 1738.154 - Loan security.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 7 Agriculture 11 2012-01-01 2012-01-01 false Loan security. 1738.154 Section 1738.154 Agriculture... RURAL BROADBAND ACCESS LOANS AND LOAN GUARANTEES Direct Loan Terms § 1738.154 Loan security. (a) The... the applicant's property and revenues and such additional security as the Agency may require. The...

  9. 24 CFR 3400.305 - Data security.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 24 Housing and Urban Development 5 2013-04-01 2013-04-01 false Data security. 3400.305 Section... security. (a) To the extent that CSBS, AARMR, or their successors, maintain the NMLSR, CSBS, AARMR, and... other persons who have access to loan originators' Social Security Numbers, fingerprints, or any credit...

  10. 7 CFR 1738.154 - Loan security.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... 7 Agriculture 11 2013-01-01 2013-01-01 false Loan security. 1738.154 Section 1738.154 Agriculture... RURAL BROADBAND ACCESS LOANS AND LOAN GUARANTEES Direct Loan Terms § 1738.154 Loan security. (a) The... the applicant's property and revenues and such additional security as the Agency may require. The...

  11. 24 CFR 3400.305 - Data security.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 24 Housing and Urban Development 5 2014-04-01 2014-04-01 false Data security. 3400.305 Section... security. (a) To the extent that CSBS, AARMR, or their successors, maintain the NMLSR, CSBS, AARMR, and... other persons who have access to loan originators' Social Security Numbers, fingerprints, or any credit...

  12. Prototype of smart office system using based security system

    NASA Astrophysics Data System (ADS)

    Prasetyo, T. F.; Zaliluddin, D.; Iqbal, M.

    2018-05-01

    Creating a new technology in the modern era gives a positive impact on business and industry. Internet of Things (IoT) as a new communication technology is very useful in realizing smart systems such as: smart home, smart office, smart parking and smart city. This study presents a prototype of the smart office system which was designed as a security system based on IoT. Smart office system development method used waterfall model. IoT-based smart office system used platform (project builder) cayenne so that. The data can be accessed and controlled through internet network from long distance. Smart office system used arduino mega 2560 microcontroller as a controller component. In this study, Smart office system is able to detect threats of dangerous objects made from metals, earthquakes, fires, intruders or theft and perform security monitoring outside the building by using raspberry pi cameras on autonomous robots in real time to the security guard.

  13. A slotted access control protocol for metropolitan WDM ring networks

    NASA Astrophysics Data System (ADS)

    Baziana, P. A.; Pountourakis, I. E.

    2009-03-01

    In this study we focus on the serious scalability problems that many access protocols for WDM ring networks introduce due to the use of a dedicated wavelength per access node for either transmission or reception. We propose an efficient slotted MAC protocol suitable for WDM ring metropolitan area networks. The proposed network architecture employs a separate wavelength for control information exchange prior to the data packet transmission. Each access node is equipped with a pair of tunable transceivers for data communication and a pair of fixed tuned transceivers for control information exchange. Also, each access node includes a set of fixed delay lines for synchronization reasons; to keep the data packets, while the control information is processed. An efficient access algorithm is applied to avoid both the data wavelengths and the receiver collisions. In our protocol, each access node is capable of transmitting and receiving over any of the data wavelengths, facing the scalability issues. Two different slot reuse schemes are assumed: the source and the destination stripping schemes. For both schemes, performance measures evaluation is provided via an analytic model. The analytical results are validated by a discrete event simulation model that uses Poisson traffic sources. Simulation results show that the proposed protocol manages efficient bandwidth utilization, especially under high load. Also, comparative simulation results prove that our protocol achieves significant performance improvement as compared with other WDMA protocols which restrict transmission over a dedicated data wavelength. Finally, performance measures evaluation is explored for diverse numbers of buffer size, access nodes and data wavelengths.

  14. A Goal Oriented Approach for Modeling and Analyzing Security Trade-Offs

    NASA Astrophysics Data System (ADS)

    Elahi, Golnaz; Yu, Eric

    In designing software systems, security is typically only one design objective among many. It may compete with other objectives such as functionality, usability, and performance. Too often, security mechanisms such as firewalls, access control, or encryption are adopted without explicit recognition of competing design objectives and their origins in stakeholder interests. Recently, there is increasing acknowledgement that security is ultimately about trade-offs. One can only aim for "good enough" security, given the competing demands from many parties. In this paper, we examine how conceptual modeling can provide explicit and systematic support for analyzing security trade-offs. After considering the desirable criteria for conceptual modeling methods, we examine several existing approaches for dealing with security trade-offs. From analyzing the limitations of existing methods, we propose an extension to the i* framework for security trade-off analysis, taking advantage of its multi-agent and goal orientation. The method was applied to several case studies used to exemplify existing approaches.

  15. Access Control for Cooperation Systems Based on Group Situation

    NASA Astrophysics Data System (ADS)

    Kim, Minsoo; Joshi, James B. D.; Kim, Minkoo

    Cooperation systems characterize many emerging environments such as ubiquitous and pervasive systems. Agent based cooperation systems have been proposed in the literature to address challenges of such emerging application environments. A key aspect of such agent based cooperation system is the group situation that changes dynamically and governs the requirements of the cooperation. While individual agent context is important, the overall cooperation behavior is more driven by the group context because of relationships and interactions between agents. Dynamic access control based on group situation is a crucial challenge in such cooperation systems. In this paper we propose a dynamic role based access control model for cooperation systems based on group situation. The model emphasizes capability based agent to role mapping and group situation based permission assignment to allow capturing dynamic access policies that evolve continuously.

  16. Orchestrating BMD Control in Extended BPEL

    DTIC Science & Technology

    2008-05-21

    Orchestration of secure WebMail , Technical Report ISE-TR-06-08, George Mason University, Fairfax, VA, August 2006. [9] E. Christensen, F. Curbera...methods to access and dissemination control, securing circuit switched (SS7) and IP based telecommunication (VoIP) systems, multimedia, security ...decorating the Business Process Execution Language (BPEL) with Quality of Service (QoS), Measures of Performance (MoP), Measures of Effectiveness (MoE

  17. Emergency access to protected health records.

    PubMed

    Künzi, Julien; Koster, Paul; Petković, Milan

    2009-01-01

    Digital Rights Management (DRM) schemes are receiving increased attention in the healthcare domain for the protection of sensitive health records as they offer security against insider attacks and advance protection features such as usage control. However, to be accepted by health care providers, a DRM solution has to fulfill specific healthcare requirements including emergency access. In this paper, we propose such DRM solution that can be deployed in highly distributed environments of electronic or personal health record infrastructures.

  18. A security architecture for interconnecting health information systems.

    PubMed

    Gritzalis, Dimitris; Lambrinoudakis, Costas

    2004-03-31

    Several hereditary and other chronic diseases necessitate continuous and complicated health care procedures, typically offered in different, often distant, health care units. Inevitably, the medical records of patients suffering from such diseases become complex, grow in size very fast and are scattered all over the units involved in the care process, hindering communication of information between health care professionals. Web-based electronic medical records have been recently proposed as the solution to the above problem, facilitating the interconnection of the health care units in the sense that health care professionals can now access the complete medical record of the patient, even if it is distributed in several remote units. However, by allowing users to access information from virtually anywhere, the universe of ineligible people who may attempt to harm the system is dramatically expanded, thus severely complicating the design and implementation of a secure environment. This paper presents a security architecture that has been mainly designed for providing authentication and authorization services in web-based distributed systems. The architecture has been based on a role-based access scheme and on the implementation of an intelligent security agent per site (i.e. health care unit). This intelligent security agent: (a). authenticates the users, local or remote, that can access the local resources; (b). assigns, through temporary certificates, access privileges to the authenticated users in accordance to their role; and (c). communicates to other sites (through the respective security agents) information about the local users that may need to access information stored in other sites, as well as about local resources that can be accessed remotely.

  19. 12 CFR 1008.305 - Data security.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... 12 Banks and Banking 8 2013-01-01 2013-01-01 false Data security. 1008.305 Section 1008.305 Banks... § 1008.305 Data security. (a) To the extent that CSBS, AARMR, or their successors maintain the NMLSR..., contractors, or other persons who have access to loan originators' Social Security Numbers, fingerprints, or...

  20. [Public control and equity of access to hospitals under non-State public administration].

    PubMed

    Carneiro Junior, Nivaldo; Elias, Paulo Eduardo

    2006-10-01

    To analyze social health organizations in the light of public control and the guarantee of equity of access to health services. Utilizing the case study technique, two social health organizations in the metropolitan region of São Paulo were selected. The analytical categories were equity of access and public control, and these were based on interviews with key informants and technical-administrative reports. It was observed that the overall funding and administrative control of the social health organizations are functions of the state administrator. The presence of a local administrator is important for ensuring equity of access. Public control is expressed through supervisory actions, by means of accounting and financial procedures. Equity of access and public control are not taken into consideration in the administration of these organizations. The central question lies in the capacity of the public authorities to have a presence in implementing this model at the local level, thereby ensuring equity of access and taking public control into consideration.

  1. 17 CFR 49.17 - Access to SDR data.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 17 Commodity and Securities Exchanges 1 2012-04-01 2012-04-01 false Access to SDR data. 49.17 Section 49.17 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION SWAP DATA REPOSITORIES § 49.17 Access to SDR data. (a) Purpose. This Section provides a procedure by which the Commission...

  2. Diagnosing water security in the rural North with an environmental security framework.

    PubMed

    Penn, Henry J F; Loring, Philip A; Schnabel, William E

    2017-09-01

    This study explores the nature of water security challenges in rural Alaska, using a framework for environmental security that entails four interrelated concepts: availability, access, utility, and stability of water resources. Many researchers and professionals agree that water insecurity is a problem in rural Alaska, although the scale and nature of the problem is contested. Some academics have argued that the problem is systemic, and rooted in an approach to water security by the state that prioritizes economic concerns over public health concerns. Health practitioners and state agencies, on the other hand, contend that much progress has been made, and that nearly all rural households have access to safe drinking water, though many are still lacking 'modern' in-home water service. Here, we draw on a synthesis of ethnographic research alongside data from state agencies to show that the persistent water insecurity problems in rural Alaska are not a problem of access to or availability of clean water, or a lack of 'modern' infrastructure, but instead are rooted in complex human dimensions of water resources management, including the political legacies of state and federal community development schemes that did not fully account for local needs and challenges. The diagnostic approach we implement here helps to identify solutions to these challenges, which accordingly focus on place-based needs and empowering local actors. The framework likewise proves to be broadly applicable to exploring water security concerns elsewhere in the world. Copyright © 2017 Elsevier Ltd. All rights reserved.

  3. An approach to access control in electronic health record.

    PubMed

    Sucurovic, Snezana

    2010-08-01

    OASIS is a non-for-profit consortium that drives the development convergence and adoption of open standards for the global information society. It involves more than 600 organizations and individuals as well as IT leaders Sun, Microsoft, IBM and Oracle. One of its standards is XACML which appeared a few years ago and now there are about 150,000 hits on Google. XACML (eXtensible Access Control Markup Language) is not technology related. Sun published in 2004 open source Sun XACML which is in compliance with XACML 1.0. specification and now works to make it comply with XACML 2.0. The heart of XACML are attributes values of defined type and name that is to be attached to a subject, a resource, an action and an environment in which a subject request action on resource. In that way XACML is to replace Role Based Access Control which dominated for years. The paper examines performances in CEN 13 606 and ISO 22 600 based healthcare system which uses XACML for access control.

  4. Transportation Security Administration

    MedlinePlus

    ... FAQ or factsheet. Disabilities and Medical Conditions Access important information and resources for travelers with disabilities and medical ... Official website of the Department of Homeland Security Travel Media About Contact

  5. Control and Communication for a Secure and Reconfigurable Power Distribution System

    NASA Astrophysics Data System (ADS)

    Giacomoni, Anthony Michael

    A major transformation is taking place throughout the electric power industry to overlay existing electric infrastructure with advanced sensing, communications, and control system technologies. This transformation to a smart grid promises to enhance system efficiency, increase system reliability, support the electrification of transportation, and provide customers with greater control over their electricity consumption. Upgrading control and communication systems for the end-to-end electric power grid, however, will present many new security challenges that must be dealt with before extensive deployment and implementation of these technologies can begin. In this dissertation, a comprehensive systems approach is taken to minimize and prevent cyber-physical disturbances to electric power distribution systems using sensing, communications, and control system technologies. To accomplish this task, an intelligent distributed secure control (IDSC) architecture is presented and validated in silico for distribution systems to provide greater adaptive protection, with the ability to proactively reconfigure, and rapidly respond to disturbances. Detailed descriptions of functionalities at each layer of the architecture as well as the whole system are provided. To compare the performance of the IDSC architecture with that of other control architectures, an original simulation methodology is developed. The simulation model integrates aspects of cyber-physical security, dynamic price and demand response, sensing, communications, intermittent distributed energy resources (DERs), and dynamic optimization and reconfiguration. Applying this comprehensive systems approach, performance results for the IEEE 123 node test feeder are simulated and analyzed. The results show the trade-offs between system reliability, operational constraints, and costs for several control architectures and optimization algorithms. Additional simulation results are also provided. In particular, the

  6. Securing services in the cloud: an investigation of the threats and the mitigations

    NASA Astrophysics Data System (ADS)

    Farroha, Bassam S.; Farroha, Deborah L.

    2012-05-01

    The stakeholder's security concerns over data in the clouds (Voice, Video and Text) are a real concern to DoD, the IC and private sector. This is primarily due to the lack of physical isolation of data when migrating to shared infrastructure platforms. The security concerns are related to privacy and regulatory compliance required in many industries (healthcare, financial, law enforcement, DoD, etc) and the corporate knowledge databases. The new paradigm depends on the service provider to ensure that the customer's information is continuously monitored and is kept available, secure, access controlled and isolated from potential adversaries.

  7. Digitally Controlled ’Programmable’ Active Filters.

    DTIC Science & Technology

    1985-12-01

    Advisor: Sherif Michael Approved for public release; distribution is unlimited. U - ~ .%~ ~ % %’.4 ~ -. 4-. " %’ -. .4. z. . 4, ,4°*-4° -o - ’ SECURITY ...CLASSIFICATION O THI PAGE ff ,’- -""" REPORT DOCUMENTATION PAGE Ia REPORT SECURITY CLASSIFICATION lb. RESTRICTIVE MARKINGS 2a SECURITY CLASSIFICATION...ELEMENT NO. NO NO. ACCESSION NO. S 11 TITLE (Include Security ClassWfication) , DIGITALLY CONTROLLED "PROGRAMMABLE" ACTIVE FILTERS 1 PERSONAL AUTHOR

  8. Common object request broker architecture (CORBA)-based security services for the virtual radiology environment.

    PubMed

    Martinez, R; Cole, C; Rozenblit, J; Cook, J F; Chacko, A K

    2000-05-01

    includes (a) radiologist schedules; (b) modality worklists; (c) routed case information; (d) DIN-PACS and Composite Health Care system (CHCS) messages, and Meta-Manager administrative and security information; and (e) patient case information. (3) Access control and communications security is required in the VRE to control who uses the VRE and Meta-Manager facilities and to secure the messages between VRE components. The CORBA Security Service Specification version 1.5 is designed to allow up to TCSEC's B2-level security for distributed objects. The CORBA Security Service Specification defines the functionality of several security features: identification and authentication, authorization and access control, security auditing, communication security, nonrepudiation, and security administration. This report describes the enhanced security features for the VRE and their implementation using commercial CORBA Security Service software products.

  9. 10 CFR 20.1602 - Control of access to very high radiation areas.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... 10 Energy 1 2010-01-01 2010-01-01 false Control of access to very high radiation areas. 20.1602 Section 20.1602 Energy NUCLEAR REGULATORY COMMISSION STANDARDS FOR PROTECTION AGAINST RADIATION Control of Exposure From External Sources in Restricted Areas § 20.1602 Control of access to very high radiation areas...

  10. 10 CFR 20.1602 - Control of access to very high radiation areas.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... 10 Energy 1 2013-01-01 2013-01-01 false Control of access to very high radiation areas. 20.1602 Section 20.1602 Energy NUCLEAR REGULATORY COMMISSION STANDARDS FOR PROTECTION AGAINST RADIATION Control of Exposure From External Sources in Restricted Areas § 20.1602 Control of access to very high radiation areas...

  11. 10 CFR 20.1602 - Control of access to very high radiation areas.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 10 Energy 1 2014-01-01 2014-01-01 false Control of access to very high radiation areas. 20.1602 Section 20.1602 Energy NUCLEAR REGULATORY COMMISSION STANDARDS FOR PROTECTION AGAINST RADIATION Control of Exposure From External Sources in Restricted Areas § 20.1602 Control of access to very high radiation areas...

  12. 10 CFR 20.1602 - Control of access to very high radiation areas.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 10 Energy 1 2011-01-01 2011-01-01 false Control of access to very high radiation areas. 20.1602 Section 20.1602 Energy NUCLEAR REGULATORY COMMISSION STANDARDS FOR PROTECTION AGAINST RADIATION Control of Exposure From External Sources in Restricted Areas § 20.1602 Control of access to very high radiation areas...

  13. 10 CFR 20.1602 - Control of access to very high radiation areas.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 10 Energy 1 2012-01-01 2012-01-01 false Control of access to very high radiation areas. 20.1602 Section 20.1602 Energy NUCLEAR REGULATORY COMMISSION STANDARDS FOR PROTECTION AGAINST RADIATION Control of Exposure From External Sources in Restricted Areas § 20.1602 Control of access to very high radiation areas...

  14. Three tenets for secure cyber-physical system design and assessment

    NASA Astrophysics Data System (ADS)

    Hughes, Jeff; Cybenko, George

    2014-06-01

    This paper presents a threat-driven quantitative mathematical framework for secure cyber-physical system design and assessment. Called The Three Tenets, this originally empirical approach has been used by the US Air Force Research Laboratory (AFRL) for secure system research and development. The Tenets were first documented in 2005 as a teachable methodology. The Tenets are motivated by a system threat model that itself consists of three elements which must exist for successful attacks to occur: - system susceptibility; - threat accessibility and; - threat capability. The Three Tenets arise naturally by countering each threat element individually. Specifically, the tenets are: Tenet 1: Focus on What's Critical - systems should include only essential functions (to reduce susceptibility); Tenet 2: Move Key Assets Out-of-Band - make mission essential elements and security controls difficult for attackers to reach logically and physically (to reduce accessibility); Tenet 3: Detect, React, Adapt - confound the attacker by implementing sensing system elements with dynamic response technologies (to counteract the attackers' capabilities). As a design methodology, the Tenets mitigate reverse engineering and subsequent attacks on complex systems. Quantified by a Bayesian analysis and further justified by analytic properties of attack graph models, the Tenets suggest concrete cyber security metrics for system assessment.

  15. Automating Access Control Logics in Simple Type Theory with LEO-II

    NASA Astrophysics Data System (ADS)

    Benzmüller, Christoph

    Garg and Abadi recently proved that prominent access control logics can be translated in a sound and complete way into modal logic S4. We have previously outlined how normal multimodal logics, including monomodal logics K and S4, can be embedded in simple type theory and we have demonstrated that the higher-order theorem prover LEO-II can automate reasoning in and about them. In this paper we combine these results and describe a sound (and complete) embedding of different access control logics in simple type theory. Employing this framework we show that the off the shelf theorem prover LEO-II can be applied to automate reasoning in and about prominent access control logics.

  16. 6 CFR 5.23 - Responses to requests for access to records.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... 6 Domestic Security 1 2010-01-01 2010-01-01 false Responses to requests for access to records. 5.23 Section 5.23 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY DISCLOSURE OF RECORDS AND INFORMATION Privacy Act § 5.23 Responses to requests for access to records. (a...

  17. INDUSTRIAL CONTROL SYSTEM CYBER SECURITY: QUESTIONS AND ANSWERS RELEVANT TO NUCLEAR FACILITIES, SAFEGUARDS AND SECURITY

    DOE Office of Scientific and Technical Information (OSTI.GOV)

    Robert S. Anderson; Mark Schanfein; Trond Bjornard

    2011-07-01

    Typical questions surrounding industrial control system (ICS) cyber security always lead back to: What could a cyber attack do to my system(s) and; how much should I worry about it? These two leading questions represent only a fraction of questions asked when discussing cyber security as it applies to any program, company, business, or organization. The intent of this paper is to open a dialog of important pertinent questions and answers that managers of nuclear facilities engaged in nuclear facility security and safeguards should examine, i.e., what questions should be asked; and how do the answers affect an organization's abilitymore » to effectively safeguard and secure nuclear material. When a cyber intrusion is reported, what does that mean? Can an intrusion be detected or go un-noticed? Are nuclear security or safeguards systems potentially vulnerable? What about the digital systems employed in process monitoring, and international safeguards? Organizations expend considerable efforts to ensure that their facilities can maintain continuity of operations against physical threats. However, cyber threats particularly on ICSs may not be well known or understood, and often do not receive adequate attention. With the disclosure of the Stuxnet virus that has recently attacked nuclear infrastructure, many organizations have recognized the need for an urgent interest in cyber attacks and defenses against them. Several questions arise including discussions about the insider threat, adequate cyber protections, program readiness, encryption, and many more. These questions, among others, are discussed so as to raise the awareness and shed light on ways to protect nuclear facilities and materials against such attacks.« less

  18. InkTag: Secure Applications on an Untrusted Operating System

    PubMed Central

    Hofmann, Owen S.; Kim, Sangman; Dunn, Alan M.; Lee, Michael Z.; Witchel, Emmett

    2014-01-01

    InkTag is a virtualization-based architecture that gives strong safety guarantees to high-assurance processes even in the presence of a malicious operating system. InkTag advances the state of the art in untrusted operating systems in both the design of its hypervisor and in the ability to run useful applications without trusting the operating system. We introduce paraverification, a technique that simplifies the InkTag hypervisor by forcing the untrusted operating system to participate in its own verification. Attribute-based access control allows trusted applications to create decentralized access control policies. InkTag is also the first system of its kind to ensure consistency between secure data and metadata, ensuring recoverability in the face of system crashes. PMID:24429939

  19. Technology Empowerment: Security Challenges.

    DOE Office of Scientific and Technical Information (OSTI.GOV)

    Warren, Drake Edward; Backus, George A.; Jones, Wendell

    “Technology empowerment” means that innovation is increasingly accessible to ordinary people of limited means. As powerful technologies become more affordable and accessible, and as people are increasingly connected around the world, ordinary people are empowered to participate in the process of innovation and share the fruits of collaborative innovation. This annotated briefing describes technology empowerment and focuses on how empowerment may create challenges to U.S. national security. U.S. defense research as a share of global innovation has dwindled in recent years. With technology empowerment, the role of U.S. defense research is likely to shrink even further while technology empowerment willmore » continue to increase the speed of innovation. To avoid falling too far behind potential technology threats to U.S. national security, U.S. national security institutions will need to adopt many of the tools of technology empowerment.« less

  20. Report: EPA’s Radiation and Indoor Environments National Laboratory Should Improve Its Computer Room Security Controls

    EPA Pesticide Factsheets

    Report #12-P-0847, September 21, 2012.Our review of the security posture and in-place environmental controls of EPA’s Radiation and Indoor Environments National Laboratory computer room disclosed an array of security and environmental control deficiencies.