Science.gov

Sample records for access control security

  1. CAS. Controlled Access Security

    SciTech Connect

    Martinez, B.; Pomeroy, G.

    1989-12-01

    The Security Alarm System is a data acquisition and control system which collects data from intrusion sensors and displays the information in a real-time environment for operators. The Access Control System monitors and controls the movement of personnel with the use of card readers and biometrics hand readers.

  2. Modeling mandatory access control in role-based security systems

    SciTech Connect

    Nyanchama, M.; Osborn, S.

    1996-12-31

    This paper discusses the realization of mandatory access control in role-based protection systems. Starting from the basic definitions of roles, their application in security and the basics of the concept of mandatory access control, we develop a scheme of role-based protection that realizes mandatory access control. The basis of this formulation develops from the recognition that roles can be seen as facilitating access to some given information context. By handling each of the role contexts as independent security levels of information, we simulate mandatory access by imposing the requirements of mandatory access control. Among the key considerations, we propose a means of taming Trojan horses by imposing acyclic information flow among contexts in role-based protection systems. The acyclic information flows and suitable access rules incorporate secrecy which is an essential component of mandatory access control.

  3. Access Control Is More than Security.

    ERIC Educational Resources Information Center

    Fickes, Michael

    2002-01-01

    Describes the University of New Mexico's photo identification LOBO card system, which performs both security and validation tasks. It is used in conjunction with several C-CURE 800 Integrated Security Management Systems supplied by Software House of Lexington, Massachusetts. (EV)

  4. Secure Dynamic access control scheme of PHR in cloud computing.

    PubMed

    Chen, Tzer-Shyong; Liu, Chia-Hui; Chen, Tzer-Long; Chen, Chin-Sheng; Bau, Jian-Guo; Lin, Tzu-Ching

    2012-12-01

    With the development of information technology and medical technology, medical information has been developed from traditional paper records into electronic medical records, which have now been widely applied. The new-style medical information exchange system "personal health records (PHR)" is gradually developed. PHR is a kind of health records maintained and recorded by individuals. An ideal personal health record could integrate personal medical information from different sources and provide complete and correct personal health and medical summary through the Internet or portable media under the requirements of security and privacy. A lot of personal health records are being utilized. The patient-centered PHR information exchange system allows the public autonomously maintain and manage personal health records. Such management is convenient for storing, accessing, and sharing personal medical records. With the emergence of Cloud computing, PHR service has been transferred to storing data into Cloud servers that the resources could be flexibly utilized and the operation cost can be reduced. Nevertheless, patients would face privacy problem when storing PHR data into Cloud. Besides, it requires a secure protection scheme to encrypt the medical records of each patient for storing PHR into Cloud server. In the encryption process, it would be a challenge to achieve accurately accessing to medical records and corresponding to flexibility and efficiency. A new PHR access control scheme under Cloud computing environments is proposed in this study. With Lagrange interpolation polynomial to establish a secure and effective PHR information access scheme, it allows to accurately access to PHR with security and is suitable for enormous multi-users. Moreover, this scheme also dynamically supports multi-users in Cloud computing environments with personal privacy and offers legal authorities to access to PHR. From security and effectiveness analyses, the proposed PHR access

  5. 33 CFR 106.260 - Security measures for access control.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... the unauthorized introduction of dangerous substances and devices, including any device intended to... with the individual's claim of loss or theft. (3) If an individual cannot present his or her TWIC for... approved Facility Security Plan (FSP) the frequency of application of any access controls, particularly...

  6. 33 CFR 106.260 - Security measures for access control.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... the unauthorized introduction of dangerous substances and devices, including any device intended to... with the individual's claim of loss or theft. (3) If an individual cannot present his or her TWIC for... approved Facility Security Plan (FSP) the frequency of application of any access controls, particularly...

  7. A Service Access Security Control Model in Cyberspace

    NASA Astrophysics Data System (ADS)

    Qianmu, Li; Jie, Yin; Jun, Hou; Jian, Xu; Hong, Zhang; Yong, Qi

    A service access control model in cyberspace is proposed, which provides a generalized and effective mechanism of security management with some items constraint specifications. These constraint specifications are organized to form a construction, and an enact process is proposed to make it scalable and flexible to meet the need of diversified service application systems in cyberspace. The model of this paper erases the downward information flow by extended rules of read/write, which is the breakthrough of the limitations when applying the standard role-based access control in cyberspace.

  8. Hand geometry biometric device for secure access control

    SciTech Connect

    Colbert, C.; Moles, D.R. )

    1991-01-01

    This paper reports that the authors developed for the Air Force the Mark VI Personal Identity Verifier (PIV) for controlling access to a fixed or mobile ICBM site, a computer terminal, or mainframe. The Mark VI records the digitized silhouettes of four fingers of each hand on an AT and T smart card. Like fingerprints, finger shapes, lengths, and widths constitute an unguessable biometric password. A Security Officer enrolls an authorized person who places each hand, in turn, on a backlighted panel. An overhead scanning camera records the right and left hand reference templates on the smart card. The Security Officer adds to the card: name, personal identification number (PIN), and access restrictions such as permitted days of the week, times of day, and doors. To gain access, cardowner inserts card into a reader slot and places either hand on the panel. Resulting access template is matched to the reference template by three sameness algorithms. The final match score is an average of 12 scores (each of the four fingers, matched for shape, length, and width), expressing the degree of sameness. (A perfect match would score 100.00.) The final match score is compared to a predetermined score (threshold), generating an accept or reject decision.

  9. 33 CFR 104.265 - Security measures for access control.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... security measures to: (1) Deter the unauthorized introduction of dangerous substances and devices... approved VSP. These additional security measures may include: (1) Increasing the frequency and detail of... operations to deter unauthorized access; (4) Limiting the number of access points to the vessel by...

  10. 33 CFR 104.265 - Security measures for access control.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... security measures to: (1) Deter the unauthorized introduction of dangerous substances and devices... approved VSP. These additional security measures may include: (1) Increasing the frequency and detail of... operations to deter unauthorized access; (4) Limiting the number of access points to the vessel by...

  11. 76 FR 67019 - Tenth Meeting: RTCA Special Committee 224, Airport Security Access Control

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-10-28

    ... Federal Aviation Administration Tenth Meeting: RTCA Special Committee 224, Airport Security Access Control... RTCA Special Committee 224, Airport Security Access Control. SUMMARY: The FAA is issuing this notice to advise the public of a meeting of RTCA Special Committee 224, Airport Security Access Control. DATES:...

  12. 75 FR 61819 - First Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-10-06

    ... Federal Aviation Administration First Meeting: RTCA Special Committee 224: Airport Security Access Control... meeting: Airport Security Access Control Systems (Update to DO-230B). SUMMARY: The FAA is issuing this notice to advise the public of a meeting of RTCA Special Committee 224: Airport Security Access...

  13. 77 FR 64838 - Sixteenth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-10-23

    ... Federal Aviation Administration Sixteenth Meeting: RTCA Special Committee 224, Airport Security Access...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held November 15,...

  14. 78 FR 16757 - Twentieth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-03-18

    ... Federal Aviation Administration Twentieth Meeting: RTCA Special Committee 224, Airport Security Access...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held April 4, 2013 from...

  15. 76 FR 59481 - Ninth Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-09-26

    ... TRANSPORTATION Federal Aviation Administration Ninth Meeting: RTCA Special Committee 224: Airport Security Access... Committee 224 meeting: Airport Security Access Control Systems. SUMMARY: The FAA is issuing this notice to advise the public of a meeting of RTCA Special Committee 224: Airport Security Access Control...

  16. 77 FR 55894 - Fifteenth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-09-11

    ... Federal Aviation Administration Fifteenth Meeting: RTCA Special Committee 224, Airport Security Access...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems DATES: The meeting will be held September 27-28,...

  17. 77 FR 15448 - Twelfth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-03-15

    ... Federal Aviation Administration Twelfth Meeting: RTCA Special Committee 224, Airport Security Access...). ACTION: Notice of meeting RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... 224, Airport Security Access Control Systems DATES: The meeting will be held April 5, 2012, from 10...

  18. 76 FR 9632 - Fifth Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-02-18

    ... Federal Aviation Administration Fifth Meeting: RTCA Special Committee 224: Airport Security Access Control... meeting: Airport Security Access Control Systems (Update to DO-230B). SUMMARY: The FAA is issuing this notice to advise the public of a meeting of RTCA Special Committee 224: Airport Security Access...

  19. 75 FR 80886 - Third Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-12-23

    ... Federal Aviation Administration Third Meeting: RTCA Special Committee 224: Airport Security Access Control... meeting: Airport Security Access Control Systems (Update to DO-230B). SUMMARY: The FAA is issuing this notice to advise the public of a meeting of RTCA Special Committee 224: Airport Security Access...

  20. 76 FR 16470 - Sixth Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-03-23

    ... Federal Aviation Administration Sixth Meeting: RTCA Special Committee 224: Airport Security Access Control... meeting: Airport Security Access Control Systems (Update to DO-230B). SUMMARY: The FAA is issuing this notice to advise the public of a meeting of RTCA Special Committee 224: Airport Security Access...

  1. 78 FR 22025 - Twenty First Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-04-12

    ... Federal Aviation Administration Twenty First Meeting: RTCA Special Committee 224, Airport Security Access...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held April 9-10,...

  2. 78 FR 43963 - Twenty-Third Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-07-22

    ... Federal Aviation Administration Twenty-Third Meeting: RTCA Special Committee 224, Airport Security Access...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held on June 20,...

  3. 77 FR 71474 - Seventeenth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-11-30

    ... Federal Aviation Administration Seventeenth Meeting: RTCA Special Committee 224, Airport Security Access...). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held December 13,...

  4. 77 FR 2343 - Eleventh Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-01-17

    ... Federal Aviation Administration Eleventh Meeting: RTCA Special Committee 224, Airport Security Access...). ACTION: Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY: The FAA..., Airport Security Access Control Systems. DATES: The meeting will be held February 9, 2012, from 10...

  5. 33 CFR 105.255 - Security measures for access control.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... security measures to: (1) Deter the unauthorized introduction of dangerous substances and devices... unescorted access to secure areas for a period of no longer than 7 consecutive calendar days if: (i) The... paragraph (d) of this section. (5) Deny or revoke a person's authorization to be on the facility if...

  6. 33 CFR 105.255 - Security measures for access control.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ... security measures to: (1) Deter the unauthorized introduction of dangerous substances and devices... unescorted access to secure areas for a period of no longer than 7 consecutive calendar days if: (i) The... paragraph (d) of this section. (5) Deny or revoke a person's authorization to be on the facility if...

  7. 76 FR 50811 - Eighth Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-08-16

    ... TRANSPORTATION Federal Aviation Administration Eighth Meeting: RTCA Special Committee 224: Airport Security... Committee 224 meeting: Airport Security Access Control Systems. SUMMARY: The FAA is issuing this notice to advise the public of a meeting of RTCA Special Committee 224: Airport Security Access Control...

  8. 77 FR 25525 - Thirteenth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems.

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-04-30

    ... TRANSPORTATION Federal Aviation Administration Thirteenth Meeting: RTCA Special Committee 224, Airport Security... (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems... Committee 224, Airport Security Access Control Systems DATES: The meeting will be held May 30, 2012, from...

  9. 78 FR 31627 - Twenty-Second Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-05-24

    ... Control Systems AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held on June 20,...

  10. 78 FR 7850 - Nineteenth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-02-04

    ... Control Systems AGENCY: Federal Aviation Administration (FAA), U.S. Department of Transportation (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control Systems. SUMMARY... Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held February 21,...

  11. Secure Remote Access Issues in a Control Center Environment

    NASA Technical Reports Server (NTRS)

    Pitts, Lee; McNair, Ann R. (Technical Monitor)

    2002-01-01

    The ISS finally reached an operational state and exists for local and remote users. Onboard payload systems are managed by the Huntsville Operations Support Center (HOSC). Users access HOSC systems by internet protocols in support of daily operations, preflight simulation, and test. In support of this diverse user community, a modem security architecture has been implemented. The architecture has evolved over time from an isolated but open system to a system which supports local and remote access to the ISS over broad geographic regions. This has been accomplished through the use of an evolved security strategy, PKI, and custom design. Through this paper, descriptions of the migration process and the lessons learned are presented. This will include product decision criteria, rationale, and the use of commodity products in the end architecture. This paper will also stress the need for interoperability of various products and the effects of seemingly insignificant details.

  12. 78 FR 51810 - Twenty-Fourth Meeting: RTCA Special Committee 224, Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-08-21

    ... Transportation (DOT). ACTION: Meeting Notice of RTCA Special Committee 224, Airport Security Access Control... RTCA Special Committee 224, Airport Security Access Control Systems. DATES: The meeting will be held on... TRANSPORTATION Federal Aviation Administration Twenty-Fourth Meeting: RTCA Special Committee 224,...

  13. 75 FR 71790 - Second Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-11-24

    ... Federal Aviation Administration Second Meeting: RTCA Special Committee 224: Airport Security Access... Committee 224 meeting: Airport Security Access Control Systems (Update to DO-230B). SUMMARY: The FAA is issuing this notice to advise the public of a meeting of RTCA Special Committee 224: Airport...

  14. 76 FR 38742 - Seventh Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-07-01

    ... Federal Aviation Administration Seventh Meeting: RTCA Special Committee 224: Airport Security Access... Committee 224 meeting: Airport Security Access Control Systems (Update to DO-230B). SUMMARY: The FAA is issuing this notice to advise the public of a meeting of RTCA Special Committee 224: Airport...

  15. 76 FR 3931 - Fourth Meeting: RTCA Special Committee 224: Airport Security Access Control Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-01-21

    ... Federal Aviation Administration Fourth Meeting: RTCA Special Committee 224: Airport Security Access... Committee 224 Meeting: Airport Security Access Control Systems (Update to DO-230B). SUMMARY: The FAA is issuing this notice to advise the public of a meeting of RTCA Special Committee 224: Airport...

  16. A threat intelligence framework for access control security in the oil industry

    NASA Astrophysics Data System (ADS)

    Alaskandrani, Faisal T.

    The research investigates the problem raised by the rapid development in the technology industry giving security concerns in facilities built by the energy industry containing diverse platforms. The difficulty of continuous updates to network security architecture and assessment gave rise to the need to use threat intelligence frameworks to better assess and address networks security issues. Focusing on access control security to the ICS and SCADA systems that is being utilized to carry out mission critical and life threatening operations. The research evaluates different threat intelligence frameworks that can be implemented in the industry seeking the most suitable and applicable one that address the issue and provide more security measures. The validity of the result is limited to the same environment that was researched as well as the technologies being utilized. The research concludes that it is possible to utilize a Threat Intelligence framework to prioritize security in Access Control Measures in the Oil Industry.

  17. 33 CFR 106.260 - Security measures for access control.

    Code of Federal Regulations, 2014 CFR

    2014-07-01

    ... 49 CFR 1572.19(f); (ii) The individual can present another identification credential that meets the... inspections and screening of people and their personal effects; and (11) Respond to the presence of... additional security measures may include: (1) Increasing the frequency and detail of screening of people...

  18. 33 CFR 106.260 - Security measures for access control.

    Code of Federal Regulations, 2013 CFR

    2013-07-01

    ... 49 CFR 1572.19(f); (ii) The individual can present another identification credential that meets the... inspections and screening of people and their personal effects; and (11) Respond to the presence of... additional security measures may include: (1) Increasing the frequency and detail of screening of people...

  19. 33 CFR 106.260 - Security measures for access control.

    Code of Federal Regulations, 2012 CFR

    2012-07-01

    ... TWIC; (ii) Verification that the TWIC has not expired; and (iii) A visual check of the various security... 49 CFR 1572.19(f); (ii) The individual can present another identification credential that meets the... full or partial search of the OCS facility....

  20. 33 CFR 104.265 - Security measures for access control.

    Code of Federal Regulations, 2012 CFR

    2012-07-01

    ... has not expired; and (iii) A visual check of the various security features present on the card to... individual has reported the TWIC as lost, damaged, or stolen to TSA as required in 49 CFR 1572.19(f); (ii... operations; (8) Evacuating the vessel; (9) Moving the vessel; or (10) Preparing for a full or partial...

  1. An access control model with high security for distributed workflow and real-time application

    NASA Astrophysics Data System (ADS)

    Han, Ruo-Fei; Wang, Hou-Xiang

    2007-11-01

    The traditional mandatory access control policy (MAC) is regarded as a policy with strict regulation and poor flexibility. The security policy of MAC is so compelling that few information systems would adopt it at the cost of facility, except some particular cases with high security requirement as military or government application. However, with the increasing requirement for flexibility, even some access control systems in military application have switched to role-based access control (RBAC) which is well known as flexible. Though RBAC can meet the demands for flexibility but it is weak in dynamic authorization and consequently can not fit well in the workflow management systems. The task-role-based access control (T-RBAC) is then introduced to solve the problem. It combines both the advantages of RBAC and task-based access control (TBAC) which uses task to manage permissions dynamically. To satisfy the requirement of system which is distributed, well defined with workflow process and critically for time accuracy, this paper will analyze the spirit of MAC, introduce it into the improved T&RBAC model which is based on T-RBAC. At last, a conceptual task-role-based access control model with high security for distributed workflow and real-time application (A_T&RBAC) is built, and its performance is simply analyzed.

  2. An Annotated and Cross-Referenced Bibliography on Computer Security and Access Control in Computer Systems.

    ERIC Educational Resources Information Center

    Bergart, Jeffrey G.; And Others

    This paper represents a careful study of published works on computer security and access control in computer systems. The study includes a selective annotated bibliography of some eighty-five important published results in the field and, based on these papers, analyzes the state of the art. In annotating these works, the authors try to be…

  3. Security analysis and improvements of authentication and access control in the Internet of Things.

    PubMed

    Ndibanje, Bruce; Lee, Hoon-Jae; Lee, Sang-Gon

    2014-08-13

    Internet of Things is a ubiquitous concept where physical objects are connected over the internet and are provided with unique identifiers to enable their self-identification to other devices and the ability to continuously generate data and transmit it over a network. Hence, the security of the network, data and sensor devices is a paramount concern in the IoT network as it grows very fast in terms of exchanged data and interconnected sensor nodes. This paper analyses the authentication and access control method using in the Internet of Things presented by Jing et al. (Authentication and Access Control in the Internet of Things. In Proceedings of the 2012 32nd International Conference on Distributed Computing Systems Workshops, Macau, China, 18-21 June 2012, pp. 588-592). According to our analysis, Jing et al.'s protocol is costly in the message exchange and the security assessment is not strong enough for such a protocol. Therefore, we propose improvements to the protocol to fill the discovered weakness gaps. The protocol enhancements facilitate many services to the users such as user anonymity, mutual authentication, and secure session key establishment. Finally, the performance and security analysis show that the improved protocol possesses many advantages against popular attacks, and achieves better efficiency at low communication cost.

  4. Security Analysis and Improvements of Authentication and Access Control in the Internet of Things

    PubMed Central

    Ndibanje, Bruce; Lee, Hoon-Jae; Lee, Sang-Gon

    2014-01-01

    Internet of Things is a ubiquitous concept where physical objects are connected over the internet and are provided with unique identifiers to enable their self-identification to other devices and the ability to continuously generate data and transmit it over a network. Hence, the security of the network, data and sensor devices is a paramount concern in the IoT network as it grows very fast in terms of exchanged data and interconnected sensor nodes. This paper analyses the authentication and access control method using in the Internet of Things presented by Jing et al (Authentication and Access Control in the Internet of Things. In Proceedings of the 2012 32nd International Conference on Distributed Computing Systems Workshops, Macau, China, 18–21 June 2012, pp. 588–592). According to our analysis, Jing et al.'s protocol is costly in the message exchange and the security assessment is not strong enough for such a protocol. Therefore, we propose improvements to the protocol to fill the discovered weakness gaps. The protocol enhancements facilitate many services to the users such as user anonymity, mutual authentication, and secure session key establishment. Finally, the performance and security analysis show that the improved protocol possesses many advantages against popular attacks, and achieves better efficiency at low communication cost. PMID:25123464

  5. Security analysis and improvements of authentication and access control in the Internet of Things.

    PubMed

    Ndibanje, Bruce; Lee, Hoon-Jae; Lee, Sang-Gon

    2014-01-01

    Internet of Things is a ubiquitous concept where physical objects are connected over the internet and are provided with unique identifiers to enable their self-identification to other devices and the ability to continuously generate data and transmit it over a network. Hence, the security of the network, data and sensor devices is a paramount concern in the IoT network as it grows very fast in terms of exchanged data and interconnected sensor nodes. This paper analyses the authentication and access control method using in the Internet of Things presented by Jing et al. (Authentication and Access Control in the Internet of Things. In Proceedings of the 2012 32nd International Conference on Distributed Computing Systems Workshops, Macau, China, 18-21 June 2012, pp. 588-592). According to our analysis, Jing et al.'s protocol is costly in the message exchange and the security assessment is not strong enough for such a protocol. Therefore, we propose improvements to the protocol to fill the discovered weakness gaps. The protocol enhancements facilitate many services to the users such as user anonymity, mutual authentication, and secure session key establishment. Finally, the performance and security analysis show that the improved protocol possesses many advantages against popular attacks, and achieves better efficiency at low communication cost. PMID:25123464

  6. Secure Access Control and Large Scale Robust Representation for Online Multimedia Event Detection

    PubMed Central

    Liu, Changyu; Li, Huiling

    2014-01-01

    We developed an online multimedia event detection (MED) system. However, there are a secure access control issue and a large scale robust representation issue when we want to integrate traditional event detection algorithms into the online environment. For the first issue, we proposed a tree proxy-based and service-oriented access control (TPSAC) model based on the traditional role based access control model. Verification experiments were conducted on the CloudSim simulation platform, and the results showed that the TPSAC model is suitable for the access control of dynamic online environments. For the second issue, inspired by the object-bank scene descriptor, we proposed a 1000-object-bank (1000OBK) event descriptor. Feature vectors of the 1000OBK were extracted from response pyramids of 1000 generic object detectors which were trained on standard annotated image datasets, such as the ImageNet dataset. A spatial bag of words tiling approach was then adopted to encode these feature vectors for bridging the gap between the objects and events. Furthermore, we performed experiments in the context of event classification on the challenging TRECVID MED 2012 dataset, and the results showed that the robust 1000OBK event descriptor outperforms the state-of-the-art approaches. PMID:25147840

  7. Secure access control and large scale robust representation for online multimedia event detection.

    PubMed

    Liu, Changyu; Lu, Bin; Li, Huiling

    2014-01-01

    We developed an online multimedia event detection (MED) system. However, there are a secure access control issue and a large scale robust representation issue when we want to integrate traditional event detection algorithms into the online environment. For the first issue, we proposed a tree proxy-based and service-oriented access control (TPSAC) model based on the traditional role based access control model. Verification experiments were conducted on the CloudSim simulation platform, and the results showed that the TPSAC model is suitable for the access control of dynamic online environments. For the second issue, inspired by the object-bank scene descriptor, we proposed a 1000-object-bank (1000OBK) event descriptor. Feature vectors of the 1000OBK were extracted from response pyramids of 1000 generic object detectors which were trained on standard annotated image datasets, such as the ImageNet dataset. A spatial bag of words tiling approach was then adopted to encode these feature vectors for bridging the gap between the objects and events. Furthermore, we performed experiments in the context of event classification on the challenging TRECVID MED 2012 dataset, and the results showed that the robust 1000OBK event descriptor outperforms the state-of-the-art approaches.

  8. Computer Security Systems Enable Access.

    ERIC Educational Resources Information Center

    Riggen, Gary

    1989-01-01

    A good security system enables access and protects information from damage or tampering, but the most important aspects of a security system aren't technical. A security procedures manual addresses the human element of computer security. (MLW)

  9. Dynamic Key Management Schemes for Secure Group Access Control Using Hierarchical Clustering in Mobile Ad Hoc Networks

    NASA Astrophysics Data System (ADS)

    Tsaur, Woei-Jiunn; Pai, Haw-Tyng

    2008-11-01

    The applications of group computing and communication motivate the requirement to provide group access control in mobile ad hoc networks (MANETs). The operation in MANETs' groups performs a decentralized manner and accommodated membership dynamically. Moreover, due to lack of centralized control, MANETs' groups are inherently insecure and vulnerable to attacks from both within and outside the groups. Such features make access control more challenging in MANETs. Recently, several researchers have proposed group access control mechanisms in MANETs based on a variety of threshold signatures. However, these mechanisms cannot actually satisfy MANETs' dynamic environments. This is because the threshold-based mechanisms cannot be achieved when the number of members is not up to the threshold value. Hence, by combining the efficient elliptic curve cryptosystem, self-certified public key cryptosystem and secure filter technique, we construct dynamic key management schemes based on hierarchical clustering for securing group access control in MANETs. Specifically, the proposed schemes can constantly accomplish secure group access control only by renewing the secure filters of few cluster heads, when a cluster head joins or leaves a cross-cluster. In such a new way, we can find that the proposed group access control scheme can be very effective for securing practical applications in MANETs.

  10. Computer access security code system

    NASA Technical Reports Server (NTRS)

    Collins, Earl R., Jr. (Inventor)

    1990-01-01

    A security code system for controlling access to computer and computer-controlled entry situations comprises a plurality of subsets of alpha-numeric characters disposed in random order in matrices of at least two dimensions forming theoretical rectangles, cubes, etc., such that when access is desired, at least one pair of previously unused character subsets not found in the same row or column of the matrix is chosen at random and transmitted by the computer. The proper response to gain access is transmittal of subsets which complete the rectangle, and/or a parallelepiped whose opposite corners were defined by first groups of code. Once used, subsets are not used again to absolutely defeat unauthorized access by eavesdropping, and the like.

  11. Improving School Access Control

    ERIC Educational Resources Information Center

    National Clearinghouse for Educational Facilities, 2008

    2008-01-01

    Few things are more important for school safety and security than controlling access to buildings and grounds. It is relatively easy to incorporate effective access control measures in new school designs but more difficult in existing schools, where most building and site features cannot be readily altered or reconfigured. The National…

  12. An effective and secure key-management scheme for hierarchical access control in E-medicine system.

    PubMed

    Odelu, Vanga; Das, Ashok Kumar; Goswami, Adrijit

    2013-04-01

    Recently several hierarchical access control schemes are proposed in the literature to provide security of e-medicine systems. However, most of them are either insecure against 'man-in-the-middle attack' or they require high storage and computational overheads. Wu and Chen proposed a key management method to solve dynamic access control problems in a user hierarchy based on hybrid cryptosystem. Though their scheme improves computational efficiency over Nikooghadam et al.'s approach, it suffers from large storage space for public parameters in public domain and computational inefficiency due to costly elliptic curve point multiplication. Recently, Nikooghadam and Zakerolhosseini showed that Wu-Chen's scheme is vulnerable to man-in-the-middle attack. In order to remedy this security weakness in Wu-Chen's scheme, they proposed a secure scheme which is again based on ECC (elliptic curve cryptography) and efficient one-way hash function. However, their scheme incurs huge computational cost for providing verification of public information in the public domain as their scheme uses ECC digital signature which is costly when compared to symmetric-key cryptosystem. In this paper, we propose an effective access control scheme in user hierarchy which is only based on symmetric-key cryptosystem and efficient one-way hash function. We show that our scheme reduces significantly the storage space for both public and private domains, and computational complexity when compared to Wu-Chen's scheme, Nikooghadam-Zakerolhosseini's scheme, and other related schemes. Through the informal and formal security analysis, we further show that our scheme is secure against different attacks and also man-in-the-middle attack. Moreover, dynamic access control problems in our scheme are also solved efficiently compared to other related schemes, making our scheme is much suitable for practical applications of e-medicine systems.

  13. An effective and secure key-management scheme for hierarchical access control in E-medicine system.

    PubMed

    Odelu, Vanga; Das, Ashok Kumar; Goswami, Adrijit

    2013-04-01

    Recently several hierarchical access control schemes are proposed in the literature to provide security of e-medicine systems. However, most of them are either insecure against 'man-in-the-middle attack' or they require high storage and computational overheads. Wu and Chen proposed a key management method to solve dynamic access control problems in a user hierarchy based on hybrid cryptosystem. Though their scheme improves computational efficiency over Nikooghadam et al.'s approach, it suffers from large storage space for public parameters in public domain and computational inefficiency due to costly elliptic curve point multiplication. Recently, Nikooghadam and Zakerolhosseini showed that Wu-Chen's scheme is vulnerable to man-in-the-middle attack. In order to remedy this security weakness in Wu-Chen's scheme, they proposed a secure scheme which is again based on ECC (elliptic curve cryptography) and efficient one-way hash function. However, their scheme incurs huge computational cost for providing verification of public information in the public domain as their scheme uses ECC digital signature which is costly when compared to symmetric-key cryptosystem. In this paper, we propose an effective access control scheme in user hierarchy which is only based on symmetric-key cryptosystem and efficient one-way hash function. We show that our scheme reduces significantly the storage space for both public and private domains, and computational complexity when compared to Wu-Chen's scheme, Nikooghadam-Zakerolhosseini's scheme, and other related schemes. Through the informal and formal security analysis, we further show that our scheme is secure against different attacks and also man-in-the-middle attack. Moreover, dynamic access control problems in our scheme are also solved efficiently compared to other related schemes, making our scheme is much suitable for practical applications of e-medicine systems. PMID:23392626

  14. Wireless digital-ultrasonic sensors for proximity ID, access control, firearm control, and C3I in homeland security and law enforcement applications

    NASA Astrophysics Data System (ADS)

    Forcier, Bob

    2003-09-01

    This paper describes a new patent-pending digital-ultrasonic sensor network technology, which provides a "security protection sphere" around the authorized user(s) and the infrastructure system or system(s) to achieve C3I in Homeland Security and Law Enforcement Applications. If the system device, such as a firearm, a secure computer, PDA, or vehicle is misplaced, stolen or removed from the security protective sphere, an alarm is activated. A digital-ultrasonic sensor/tag utilizes the system"s physical structure to form a 2 to 20 Meter programmable protection sphere around the device and the authorized user. In addition, the system allows only authorized users to utilize the system, thereby creating personalized weapons, secure vehicle access or secure computer hardware. If an unauthorized individual accesses the system device, the system becomes inoperative and an alarm is activated. As the command and control, the authorized individual is provided a secure wristwatch/PDA. Access control is provided by "touch" and is controlled through the wristwatch/PDA/smartcard with a unique digital-ultrasonic coding and matching protocol that provides a very high level of security for each wireless sensor.

  15. Central venous Access device SeCurement And Dressing Effectiveness (CASCADE) in paediatrics: protocol for pilot randomised controlled trials

    PubMed Central

    Gibson, Victoria; Long, Debbie A; Williams, Tara; Hallahan, Andrew; Mihala, Gabor; Cooke, Marie; Rickard, Claire M

    2016-01-01

    Introduction Paediatric central venous access devices (CVADs) are associated with a 25% incidence of failure. Securement and dressing are strategies used to reduce failure and complication; however, innovative technologies have not been evaluated for their effectiveness across device types. The primary aim of this research is to evaluate the feasibility of launching a full-scale randomised controlled efficacy trial across three CVAD types regarding CVAD securement and dressing, using predefined feasibility criteria. Methods and analysis Three feasibility randomised, controlled trials are to be undertaken at the Royal Children's Hospital and the Lady Cilento Children's Hospital, Brisbane, Australia. CVAD securement and dressing interventions under examination compare current practice with sutureless securement devices, integrated securement dressings and tissue adhesive. In total, 328 paediatric patients requiring a peripherally inserted central catheter (n=100); non-tunnelled CVAD (n=180) and tunnelled CVAD (n=48) to be inserted will be recruited and randomly allocated to CVAD securement and dressing products. Primary outcomes will be study feasibility measured by eligibility, recruitment, retention, attrition, missing data, parent/staff satisfaction and effect size. CVAD failure and complication (catheter-associated bloodstream infection, local infection, venous thrombosis, occlusion, dislodgement and breakage) will be compared between groups. Ethics and dissemination Ethical approval to conduct the research has been obtained. All dissemination will be undertaken using the CONSORT Statement recommendations. Additionally, the results will be sent to the relevant organisations which lead CVAD focused clinical practice guidelines development. Trial registration numbers ACTRN12614001327673; ACTRN12615000977572; ACTRN12614000280606. PMID:27259529

  16. 36 CFR 1256.70 - What controls access to national security-classified information?

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... materials; 44 U.S.C. 2111, 44 U.S.C. 2201 et seq., and 36 CFR part 1270 for Presidential records; and 44 U.S.C. 2111 note and 36 CFR part 1275 for Nixon Presidential materials. ... 36 Parks, Forests, and Public Property 3 2010-07-01 2010-07-01 false What controls access...

  17. Research on Quantum Authentication Methods for the Secure Access Control Among Three Elements of Cloud Computing

    NASA Astrophysics Data System (ADS)

    Dong, Yumin; Xiao, Shufen; Ma, Hongyang; Chen, Libo

    2016-08-01

    Cloud computing and big data have become the developing engine of current information technology (IT) as a result of the rapid development of IT. However, security protection has become increasingly important for cloud computing and big data, and has become a problem that must be solved to develop cloud computing. The theft of identity authentication information remains a serious threat to the security of cloud computing. In this process, attackers intrude into cloud computing services through identity authentication information, thereby threatening the security of data from multiple perspectives. Therefore, this study proposes a model for cloud computing protection and management based on quantum authentication, introduces the principle of quantum authentication, and deduces the quantum authentication process. In theory, quantum authentication technology can be applied in cloud computing for security protection. This technology cannot be cloned; thus, it is more secure and reliable than classical methods.

  18. The choice of disease control strategies to secure international market access for aquaculture products.

    PubMed

    Chinabut, S; Puttinaowarat, S

    2005-01-01

    Since production from capture fisheries cannot meet the demands of exports, aquaculture has subsequently played a major role in securing the raw materials for the world's food industries. Aquaculture has rapidly developed from extensive systems to semi-intensive, intensive and super-intensive systems. This has introduced the use of chemicals and drugs into the systems, which cause residual problems in the products. In the developed world, food safety has become a major issue of concern. The world market now demands healthy aquaculture products from farm to table. To achieve these requirements and to keep their markets, countries involved in aquaculture have implemented control measures such as farm licensing, code of conduct for sustainable aquaculture, hazard analysis and critical control point (HACCP) and good aquaculture practice. However, infectious diseases in aquaculture are of major concern to the industry and are typically controlled by eradication of the pathogen, treatment with antibiotic or chemotherapeutics, and/or by preventative measures such as the use of probiotics or vaccines. To limit the use of chemicals and antibiotics, good farm management is highly recommended. In terms of treatment, chemicals and antibiotics should be evaluated to establish recommended doses and withdrawal periods, otherwise alternative treatments should be developed. Environmentally-friendly probiotics have been introduced to aquaculture practice in the last decade to replace pathogenic bacteria with beneficial bacteria transient in the gut. Micro-organisms have also been prepared for the purpose of biocontrol and bioremediation. The application of probiotic, biocontrol and bioremediation seem promising; however considerable efforts of further research in terms of food and environmental safety are needed. Vaccination has proved highly effective in controlling diseases in the salmon industry mainly in Europe, America and Japan. In other Asian countries, this practice seem to

  19. Securing America's access to space

    SciTech Connect

    Rendine, M.; Wood, L.

    1990-05-23

    We review pertinent aspects of the history of the space launch capabilities of the United States and survey its present status and near-term outlook. Steps which must be taken, pitfalls which much be avoided, and a core set of National options for re-acquiring in the near term the capability to access the space environment with large payloads are discussed. We devote considerable attention to the prospect of creating an interim heavy-lift space launch vehicle of at least 100,000 pound payload-orbiting capacity to serve National needs during the next dozen years, suggesting that such a capability can be demonstrated within 5 years for less than $1 B. Such capability will apparently be essential for meeting the first-phase goals of the President's Space Exploration Initiative. Some other high-leverage aspects of securing American access to space are also noted briefly, emphasizing unconventional technological approaches of presently high promise.

  20. Mobile access control vestibule

    NASA Astrophysics Data System (ADS)

    DePoy, Jennifer M.

    1998-12-01

    The mobile access control vestibule (MACV) is an adaptation of techniques developed for mobile military command centers. The overall configuration of modules acts as an entry control/screening facility or transportable command center. The system would provide the following capabilities: (1) A key element for force protection, rapid deployment units sent to areas having no prepositioned equipment or where there has been a degradation of that equipment as a result of natural disasters or civil unrest. (2) A rapidly deployable security control center to upgrade the security at nonmilitary sites (e.g., diplomatic or humanitarian organizations). (3) Personnel screening, package screening, badge/identification card production for authorized personnel, centralized monitoring of deployed perimeter sensors, and centralized communications for law enforcement personnel. (4) Self-contained screening and threat detection systems, including explosives detection using the system developed by Sandia National Laboratories for the FAA. When coupled with transportable electric generators, the system is self-sufficient. The communication system for the MACV would be a combination of physically wired and wireless communication units that supports by ad hoc networking.

  1. Reflective Database Access Control

    ERIC Educational Resources Information Center

    Olson, Lars E.

    2009-01-01

    "Reflective Database Access Control" (RDBAC) is a model in which a database privilege is expressed as a database query itself, rather than as a static privilege contained in an access control list. RDBAC aids the management of database access controls by improving the expressiveness of policies. However, such policies introduce new interactions…

  2. 49 CFR 1542.207 - Access control systems.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 49 Transportation 9 2014-10-01 2014-10-01 false Access control systems. 1542.207 Section 1542.207..., DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY Operations § 1542.207 Access control systems. (a) Secured area. Except as provided in paragraph (b) of this section, the measures...

  3. 49 CFR 1542.207 - Access control systems.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... 49 Transportation 9 2013-10-01 2013-10-01 false Access control systems. 1542.207 Section 1542.207..., DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY Operations § 1542.207 Access control systems. (a) Secured area. Except as provided in paragraph (b) of this section, the measures...

  4. 49 CFR 1542.207 - Access control systems.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... 49 Transportation 9 2011-10-01 2011-10-01 false Access control systems. 1542.207 Section 1542.207..., DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY Operations § 1542.207 Access control systems. (a) Secured area. Except as provided in paragraph (b) of this section, the measures...

  5. 49 CFR 1542.207 - Access control systems.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 49 Transportation 9 2010-10-01 2010-10-01 false Access control systems. 1542.207 Section 1542.207..., DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY Operations § 1542.207 Access control systems. (a) Secured area. Except as provided in paragraph (b) of this section, the measures...

  6. 49 CFR 1542.207 - Access control systems.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... 49 Transportation 9 2012-10-01 2012-10-01 false Access control systems. 1542.207 Section 1542.207..., DEPARTMENT OF HOMELAND SECURITY CIVIL AVIATION SECURITY AIRPORT SECURITY Operations § 1542.207 Access control systems. (a) Secured area. Except as provided in paragraph (b) of this section, the measures...

  7. Apparatus and method supporting wireless access to multiple security layers in an industrial control and automation system or other system

    DOEpatents

    Chen, Yu-Gene T.

    2013-04-16

    A method includes receiving a message at a first wireless node. The first wireless node is associated with a first wired network, and the first wired network is associated with a first security layer. The method also includes transmitting the message over the first wired network when at least one destination of the message is located in the first security layer. The method further includes wirelessly transmitting the message for delivery to a second wireless node when at least one destination of the message is located in a second security layer. The second wireless node is associated with a second wired network, and the second wired network is associated with the second security layer. The first and second security layers may be associated with different security paradigms and/or different security domains. Also, the message could be associated with destinations in the first and second security layers.

  8. A voice password system for access security

    SciTech Connect

    Birnbaum, M.; Cohen, L.A.; Welsh, F.X.

    1986-09-01

    A voice password system for access security using speaker verification technology has been designed for use over dial-up telephone lines. The voice password system (VPS) can provide secure access to telephone networks, computers, rooms, and buildings. It also has application in office automation systems, electric funds transfer, and ''smart cards'' (interactive computers embedded in credit-card-sized packages). As increasing attention is focused on access security in the public, private, and government sectors, the voice password system can provide a timely solution to the security dilemma. The VPS uses modes of communication available to almost everyone (the human voice and the telephone). A user calls the VPS, enters his or her identification number (ID) by touch-tone telephone, and then speaks a password. This is usually a phrase or a sentence of about seven syllables. On initial calls, the VPS creates a model of the user's voice, called a reference template, and labels it with the caller's unique user ID. To gain access later, the user calls the system, enters the proper user ID, and speaks the password phrase. The VPS compares the user's stored reference template with the spoken password and produces a distance score.

  9. Network Access Control List Situation Awareness

    ERIC Educational Resources Information Center

    Reifers, Andrew

    2010-01-01

    Network security is a large and complex problem being addressed by multiple communities. Nevertheless, current theories in networking security appear to overestimate network administrators' ability to understand network access control lists (NACLs), providing few context specific user analyses. Consequently, the current research generally seems to…

  10. The Comparative Analysis of Main Access Control Technologies

    NASA Astrophysics Data System (ADS)

    Zhang, Su; Niu, Li; Chen, Jing

    Effective access control security design is an important precondition for the stable running of an information system. So it's necessary to establish a well-designed security mechanism to ensure the security of the system. This paper analysis and compares the main access control theories.

  11. LANSCE personnel access control system

    SciTech Connect

    Sturrock, J.C.; Gallegos, F.R.; Hall, M.J.

    1997-01-01

    The Radiation Security System (RSS) at the Los Alamos Neutron Science Center (LANSCE) provides personnel protection from prompt radiation due to accelerated beam. The Personnel Access Control System (PACS) is a component of the RSS that is designed to prevent personnel access to areas where prompt radiation is a hazard. PACS was designed to replace several older personnel safety systems (PSS) with a single modem unified design. Lessons learned from the operation over the last 20 years were incorporated into a redundant sensor, single-point failure safe, fault tolerant, and tamper-resistant system that prevents access to the beam areas by controlling the access keys and beam stoppers. PACS uses a layered philosophy to the physical and electronic design. The most critical assemblies are battery backed up, relay logic circuits; less critical devices use Programmable Logic Controllers (PLCs) for timing functions and communications. Outside reviewers have reviewed the operational safety of the design. The design philosophy, lessons learned, hardware design, software design, operation, and limitations of the device are described.

  12. Secure network for beamline control

    NASA Astrophysics Data System (ADS)

    Ohata, T.; Fukui, T.; Ishii, M.; Furukawa, Y.; Nakatani, T.; Matsushita, T.; Takeuchi, M.; Tanaka, R.; Ishikawa, T.

    2001-07-01

    In SPring-8, beamline control system is constructed with a highly available distributed network system. The socket based communication protocol is used for the beamline control mainly. Beamline users can control the equipment by sending simple control commands to a server process, which is running on a beamline-managing computer (Ohata et al., SPring-8 beamline control system, ICALEPCS'99, Trieste, Italy, 1999). At the beginning the network was based on the shared topology at all beamlines. Consequently, it has a risk for misapplication of the user's program to access different machines on the network system cross over beamlines. It is serious problem for the SPring-8 beamline control system, because all beamlines controlled with unified software interfaces. We introduced the switching technology and the firewalls to support network access control. Also the virtual networking (VLAN: IEEE 802.1Q) and the gigabit Ethernet technology (IEEE 802.3ab) are introduced. Thus the network security and the reliability are guaranteed at the higher level in SPring-8 beamline.

  13. 14 CFR § 1203a.103 - Access to security areas.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 14 Aeronautics and Space 5 2014-01-01 2014-01-01 false Access to security areas. § 1203a.103 Section § 1203a.103 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION NASA SECURITY AREAS § 1203a.103 Access to security areas. (a) Only those NASA employees, NASA contractor...

  14. 14 CFR 1203a.103 - Access to security areas.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 14 Aeronautics and Space 5 2012-01-01 2012-01-01 false Access to security areas. 1203a.103 Section 1203a.103 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION NASA SECURITY AREAS § 1203a.103 Access to security areas. (a) Only those NASA employees, NASA contractor employees,...

  15. 14 CFR 1203a.103 - Access to security areas.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Access to security areas. 1203a.103 Section 1203a.103 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION NASA SECURITY AREAS § 1203a.103 Access to security areas. (a) Only those NASA employees, NASA contractor employees,...

  16. 14 CFR 1203a.103 - Access to security areas.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... 14 Aeronautics and Space 5 2013-01-01 2013-01-01 false Access to security areas. 1203a.103 Section 1203a.103 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION NASA SECURITY AREAS § 1203a.103 Access to security areas. (a) Only those NASA employees, NASA contractor employees,...

  17. 14 CFR 1203a.103 - Access to security areas.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false Access to security areas. 1203a.103 Section 1203a.103 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION NASA SECURITY AREAS § 1203a.103 Access to security areas. (a) Only those NASA employees, NASA contractor employees,...

  18. 10 CFR 95.35 - Access to matter classified as National Security Information and Restricted Data.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... Information and Restricted Data. 95.35 Section 95.35 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) FACILITY SECURITY CLEARANCE AND SAFEGUARDING OF NATIONAL SECURITY INFORMATION AND RESTRICTED DATA Control of Information § 95.35 Access to matter classified as National Security Information and Restricted Data....

  19. Identity and Access Management and Security in Higher Education.

    ERIC Educational Resources Information Center

    Bruhn, Mark; Gettes, Michael; West, Ann

    2003-01-01

    Discusses the drivers for an identity management system (IdM), components of this system, and its role within a school security strategy, focusing on: basic access management; requirements for access management; middleware support for an access management system; IdM implementation considerations (e.g., access eligibilities, authentication…

  20. Collaborative Access Control For Critical Infrastructures

    NASA Astrophysics Data System (ADS)

    Baina, Amine; El Kalam, Anas Abou; Deswarte, Yves; Kaaniche, Mohamed

    A critical infrastructure (CI) can fail with various degrees of severity due to physical and logical vulnerabilities. Since many interdependencies exist between CIs, failures can have dramatic consequences on the entire infrastructure. This paper focuses on threats that affect information and communication systems that constitute the critical information infrastructure (CII). A new collaborative access control framework called PolyOrBAC is proposed to address security problems that are specific to CIIs. The framework offers each organization participating in a CII the ability to collaborate with other organizations while maintaining control of its resources and internal security policy. The approach is demonstrated on a practical scenario involving the electrical power grid.

  1. Access control and confidentiality in radiology

    NASA Astrophysics Data System (ADS)

    Noumeir, Rita; Chafik, Adil

    2005-04-01

    A medical record contains a large amount of data about the patient such as height, weight and blood pressure. It also contains sensitive information such as fertility, abortion, psychiatric data, sexually transmitted diseases and diagnostic results. Access to this information must be carefully controlled. Information technology has greatly improved patient care. The recent extensive deployment of digital medical images made diagnostic images promptly available to healthcare decision makers, regardless of their geographic location. Medical images are digitally archived, transferred on telecommunication networks, and visualized on computer screens. However, with the widespread use of computing and communication technologies in healthcare, the issue of data security has become increasingly important. Most of the work until now has focused on the security of data communication to ensure its integrity, authentication, confidentiality and user accountability. The mechanisms that have been proposed to achieve the security of data communication are not specific to healthcare. Data integrity can be achieved with data signature. Data authentication can be achieved with certificate exchange. Data confidentiality can be achieved with encryption. User accountability can be achieved with audits. Although these mechanisms are essential to ensure data security during its transfer on the network, access control is needed in order to ensure data confidentiality and privacy within the information system application. In this paper, we present and discuss an access control mechanism that takes into account the notion of a care process. Radiology information is categorized and a model to enforce data privacy is proposed.

  2. Establishing a Secure Data Center with Remote Access: Preprint

    SciTech Connect

    Gonder, J.; Burton, E.; Murakami, E.

    2012-04-01

    Access to existing travel data is critical for many analysis efforts that lack the time or resources to support detailed data collection. High-resolution data sets provide particular value, but also present a challenge for preserving the anonymity of the original survey participants. To address this dilemma of providing data access while preserving privacy, the National Renewable Energy Laboratory and the U.S. Department of Transportation have launched the Transportation Secure Data Center (TSDC). TSDC data sets include those from regional travel surveys and studies that increasingly use global positioning system devices. Data provided by different collecting agencies varies with respect to formatting, elements included and level of processing conducted in support of the original purpose. The TSDC relies on a number of geospatial and other analysis tools to ensure data quality and to generate useful information outputs. TSDC users can access the processed data in two different ways. The first is by downloading summary results and second-by-second vehicle speed profiles (with latitude/longitude information removed) from a publicly-accessible website. The second method involves applying for a remote connection account to a controlled-access environment where spatial analysis can be conducted, but raw data cannot be removed.

  3. Access Control Management for SCADA Systems

    NASA Astrophysics Data System (ADS)

    Hong, Seng-Phil; Ahn, Gail-Joon; Xu, Wenjuan

    The information technology revolution has transformed all aspects of our society including critical infrastructures and led a significant shift from their old and disparate business models based on proprietary and legacy environments to more open and consolidated ones. Supervisory Control and Data Acquisition (SCADA) systems have been widely used not only for industrial processes but also for some experimental facilities. Due to the nature of open environments, managing SCADA systems should meet various security requirements since system administrators need to deal with a large number of entities and functions involved in critical infrastructures. In this paper, we identify necessary access control requirements in SCADA systems and articulate access control policies for the simulated SCADA systems. We also attempt to analyze and realize those requirements and policies in the context of role-based access control that is suitable for simplifying administrative tasks in large scale enterprises.

  4. Security control methods for CEDR

    SciTech Connect

    Rotem, D.

    1990-09-01

    The purpose of this document is to summarize the findings of recent studies on the security problem in statistical databases and examine their applicability to the specific needs of CEDR. The document is organized as follows: In Section 2 we describe some general control methods which are available on most commercial database software. In Section 3 we provide a classification of statistical security methods. In Section 4 we analyze the type of users of CEDR and the security control methods which may be applied to each type. In Section 5 we summarize the findings of this study and recommend possible solutions.

  5. Atom-Role-Based Access Control Model

    NASA Astrophysics Data System (ADS)

    Cai, Weihong; Huang, Richeng; Hou, Xiaoli; Wei, Gang; Xiao, Shui; Chen, Yindong

    Role-based access control (RBAC) model has been widely recognized as an efficient access control model and becomes a hot research topic of information security at present. However, in the large-scale enterprise application environments, the traditional RBAC model based on the role hierarchy has the following deficiencies: Firstly, it is unable to reflect the role relationships in complicated cases effectively, which does not accord with practical applications. Secondly, the senior role unconditionally inherits all permissions of the junior role, thus if a user is under the supervisor role, he may accumulate all permissions, and this easily causes the abuse of permission and violates the least privilege principle, which is one of the main security principles. To deal with these problems, we, after analyzing permission types and role relationships, proposed the concept of atom role and built an atom-role-based access control model, called ATRBAC, by dividing the permission set of each regular role based on inheritance path relationships. Through the application-specific analysis, this model can well meet the access control requirements.

  6. Access control mechanisms for distributed healthcare environments.

    PubMed

    Sergl-Pommerening, Marita

    2004-01-01

    Today's IT-infrastructure provides more and more possibilities to share electronic patient data across several healthcare organizations and hospital departments. A strong requirement is sufficient data protection and security measures complying with the medical confidentiality and the data protection laws of each state or country like the European directive on data protection or the U.S. HIPAA privacy rule. In essence, the access control mechanisms and authorization structures of information systems must be able to realize the Need-To-Access principle. This principle can be understood as a set of context-sensitive access rules, regarding the patient's path across the organizations. The access control mechanisms of today's health information systems do not sufficiently satisfy this requirement, because information about participation of persons or organizations is not available within each system in a distributed environment. This problem could be solved by appropriate security services. The CORBA healthcare domain standard contains such a service for obtaining authorization decisions and administrating access decision policies (RAD). At the university hospital of Mainz we have developed an access control system (MACS), which includes the main functionality of the RAD specification and the access control logic that is needed for such a service. The basic design principles of our approach are role-based authorization, user rights with static and dynamic authorization data, context rules and the separation of three cooperating servers that provide up-to-date knowledge about users, roles and responsibilities. This paper introduces the design principles and the system design and critically evaluates the concepts based on practical experience.

  7. A secure network access system for mobile IPv6

    NASA Astrophysics Data System (ADS)

    Zhang, Hong; Yuan, Man; He, Rui; Jiang, Luliang; Ma, Jian; Qian, Hualin

    2004-03-01

    With the fast development of Internet and wireless and mobile communication technology, the Mobile Internet Age is upcoming. For those providing Mobile Internet services, especially from the view of ISP (Internet Service Provider), current mobile IP protocol is insufficient. Since the Mobile IPv6 protocol will be popular in near future, how to provide a secure mobile IPv6 service is important. A secure mobile IPv6 network access system is highly needed for mobile IPv6 deployment. Current methods and systems are still inadequate, including EAP, PANA, 802.1X, RADIUS, Diameter, etc. In this paper, we describe main security goals for a secure mobile IPv6 access system, and propose a secure network access system to achieve them. This access system consists of access router, attendant and authentication servers. The access procedure is divided into three phases, which are initial phase, authentication and registration phase and termination phase. This system has many advantages, including layer two independent, flexible and extensible, no need to modify current IPv6 address autoconfiguration protocols, binding update optimization, etc. Finally, the security of the protocol in this system is analyzed and proved with Extended BAN logic method, and a brief introduction of system implementation is given.

  8. The Battle to Secure Our Public Access Computers

    ERIC Educational Resources Information Center

    Sendze, Monique

    2006-01-01

    Securing public access workstations should be a significant part of any library's network and information-security strategy because of the sensitive information patrons enter on these workstations. As the IT manager for the Johnson County Library in Kansas City, Kan., this author is challenged to make sure that thousands of patrons get the access…

  9. Analysis of Access Control Policies in Operating Systems

    ERIC Educational Resources Information Center

    Chen, Hong

    2009-01-01

    Operating systems rely heavily on access control mechanisms to achieve security goals and defend against remote and local attacks. The complexities of modern access control mechanisms and the scale of policy configurations are often overwhelming to system administrators and software developers. Therefore, mis-configurations are common, and the…

  10. Implementing context and team based access control in healthcare intranets.

    PubMed

    Georgiadis, Christos K; Mavridis, Ioannis K; Nikolakopoulou, Georgia; Pangalos, George I

    2002-09-01

    The establishment of an efficient access control system in healthcare intranets is a critical security issue directly related to the protection of patients' privacy. Our C-TMAC (Context and Team-based Access Control) model is an active security access control model that layers dynamic access control concepts on top of RBAC (Role-based) and TMAC (Team-based) access control models. It also extends them in the sense that contextual information concerning collaborative activities is associated with teams of users and user permissions are dynamically filtered during runtime. These features of C-TMAC meet the specific security requirements of healthcare applications. In this paper, an experimental implementation of the C-TMAC model is described. More specifically, we present the operational architecture of the system that is used to implement C-TMAC security components in a healthcare intranet. Based on the technological platform of an Oracle Data Base Management System and Application Server, the application logic is coded with stored PL/SQL procedures that include Dynamic SQL routines for runtime value binding purposes. The resulting active security system adapts to current need-to-know requirements of users during runtime and provides fine-grained permission granularity. Apart from identity certificates for authentication, it uses attribute certificates for communicating critical security metadata, such as role membership and team participation of users.

  11. Quantum secured gigabit optical access networks

    NASA Astrophysics Data System (ADS)

    Fröhlich, Bernd; Dynes, James F.; Lucamarini, Marco; Sharpe, Andrew W.; Tam, Simon W.-B.; Yuan, Zhiliang; Shields, Andrew J.

    2015-12-01

    Optical access networks connect multiple endpoints to a common network node via shared fibre infrastructure. They will play a vital role to scale up the number of users in quantum key distribution (QKD) networks. However, the presence of power splitters in the commonly used passive network architecture makes successful transmission of weak quantum signals challenging. This is especially true if QKD and data signals are multiplexed in the passive network. The splitter introduces an imbalance between quantum signal and Raman noise, which can prevent the recovery of the quantum signal completely. Here we introduce a method to overcome this limitation and demonstrate coexistence of multi-user QKD and full power data traffic from a gigabit passive optical network (GPON) for the first time. The dual feeder implementation is compatible with standard GPON architectures and can support up to 128 users, highlighting that quantum protected GPON networks could be commonplace in the future.

  12. Quantum secured gigabit optical access networks

    PubMed Central

    Fröhlich, Bernd; Dynes, James F.; Lucamarini, Marco; Sharpe, Andrew W.; Tam, Simon W.-B.; Yuan, Zhiliang; Shields, Andrew J.

    2015-01-01

    Optical access networks connect multiple endpoints to a common network node via shared fibre infrastructure. They will play a vital role to scale up the number of users in quantum key distribution (QKD) networks. However, the presence of power splitters in the commonly used passive network architecture makes successful transmission of weak quantum signals challenging. This is especially true if QKD and data signals are multiplexed in the passive network. The splitter introduces an imbalance between quantum signal and Raman noise, which can prevent the recovery of the quantum signal completely. Here we introduce a method to overcome this limitation and demonstrate coexistence of multi-user QKD and full power data traffic from a gigabit passive optical network (GPON) for the first time. The dual feeder implementation is compatible with standard GPON architectures and can support up to 128 users, highlighting that quantum protected GPON networks could be commonplace in the future. PMID:26656307

  13. 10 CFR 2.905 - Access to restricted data and national security information for parties; security clearances.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... to Adjudicatory Proceedings Involving Restricted Data and/or National Security Information § 2.905 Access to restricted data and national security information for parties; security clearances. (a) Access to restricted data and national security information introduced into proceedings. Except as...

  14. Cryptographic Enforcement of Role-Based Access Control

    NASA Astrophysics Data System (ADS)

    Crampton, Jason

    Many cryptographic schemes have been designed to enforce information flow policies. However, enterprise security requirements are often better encoded, or can only be encoded, using role-based access control policies rather than information flow policies. In this paper, we provide an alternative formulation of role-based access control that enables us to apply existing cryptographic schemes to core and hierarchical role-based access control policies. We then show that special cases of our cryptographic enforcement schemes for role-based access control are equivalent to cryptographic enforcement schemes for temporal access control and to ciphertext-policy and key-policy attribute-based encryption schemes. Finally, we describe how these special cases can be extended to support richer forms of temporal access control and attribute-based encryption.

  15. Access Control of Cloud Service Based on UCON

    NASA Astrophysics Data System (ADS)

    Danwei, Chen; Xiuli, Huang; Xunyi, Ren

    Cloud computing is an emerging computing paradigm, and cloud service is also becoming increasingly relevant. Most research communities have recently embarked in the area, and research challenges in every aspect. This paper mainly discusses cloud service security. Cloud service is based on Web Services, and it will face all kinds of security problems including what Web Services face. The development of cloud service closely relates to its security, so the research of cloud service security is a very important theme. This paper introduces cloud computing and cloud service firstly, and then gives cloud services access control model based on UCON and negotiation technologies, and also designs the negotiation module.

  16. Controlling Access to Suicide Means

    PubMed Central

    Sarchiapone, Marco; Mandelli, Laura; Iosue, Miriam; Andrisano, Costanza; Roy, Alec

    2011-01-01

    Background: Restricting access to common means of suicide, such as firearms, toxic gas, pesticides and other, has been shown to be effective in reducing rates of death in suicide. In the present review we aimed to summarize the empirical and clinical literature on controlling the access to means of suicide. Methods: This review made use of both MEDLINE, ISI Web of Science and the Cochrane library databases, identifying all English articles with the keywords “suicide means”, “suicide method”, “suicide prediction” or “suicide prevention” and other relevant keywords. Results: A number of factors may influence an individual’s decision regarding method in a suicide act, but there is substantial support that easy access influences the choice of method. In many countries, restrictions of access to common means of suicide has lead to lower overall suicide rates, particularly regarding suicide by firearms in USA, detoxification of domestic and motor vehicle gas in England and other countries, toxic pesticides in rural areas, barriers at jumping sites and hanging, by introducing “safe rooms” in prisons and hospitals. Moreover, decline in prescription of barbiturates and tricyclic antidepressants (TCAs), as well as limitation of drugs pack size for paracetamol and salicylate has reduced suicides by overdose, while increased prescription of SSRIs seems to have lowered suicidal rates. Conclusions: Restriction to means of suicide may be particularly effective in contexts where the method is popular, highly lethal, widely available, and/or not easily substituted by other similar methods. However, since there is some risk of means substitution, restriction of access should be implemented in conjunction with other suicide prevention strategies. PMID:22408588

  17. Securing TCP/IP and Dial-up Access to Administrative Data.

    ERIC Educational Resources Information Center

    Conrad, L. Dean

    1992-01-01

    This article describes Arizona State University's solution to security risk inherent in general access systems such as TCP/IP (Transmission Control Protocol/INTERNET Protocol). Advantages and disadvantages of various options are compared, and the process of selecting a log-on authentication approach involving generation of a different password at…

  18. High-Performance Secure Database Access Technologies for HEP Grids

    SciTech Connect

    Matthew Vranicar; John Weicher

    2006-04-17

    The Large Hadron Collider (LHC) at the CERN Laboratory will become the largest scientific instrument in the world when it starts operations in 2007. Large Scale Analysis Computer Systems (computational grids) are required to extract rare signals of new physics from petabytes of LHC detector data. In addition to file-based event data, LHC data processing applications require access to large amounts of data in relational databases: detector conditions, calibrations, etc. U.S. high energy physicists demand efficient performance of grid computing applications in LHC physics research where world-wide remote participation is vital to their success. To empower physicists with data-intensive analysis capabilities a whole hyperinfrastructure of distributed databases cross-cuts a multi-tier hierarchy of computational grids. The crosscutting allows separation of concerns across both the global environment of a federation of computational grids and the local environment of a physicist’s computer used for analysis. Very few efforts are on-going in the area of database and grid integration research. Most of these are outside of the U.S. and rely on traditional approaches to secure database access via an extraneous security layer separate from the database system core, preventing efficient data transfers. Our findings are shared by the Database Access and Integration Services Working Group of the Global Grid Forum, who states that "Research and development activities relating to the Grid have generally focused on applications where data is stored in files. However, in many scientific and commercial domains, database management systems have a central role in data storage, access, organization, authorization, etc, for numerous applications.” There is a clear opportunity for a technological breakthrough, requiring innovative steps to provide high-performance secure database access technologies for grid computing. We believe that an innovative database architecture where the

  19. Secure Payload Access to the International Space Station

    NASA Technical Reports Server (NTRS)

    Pitts, R. Lee; Reid, Chris

    2002-01-01

    The ISS finally reached an operational state and exists for local and remote users. Onboard payload systems are managed by the Huntsville Operations Support Center (HOSC). Users access HOSC systems by internet protocols in support of daily operations, preflight simulation, and test. In support of this diverse user community, a modem security architecture has been implemented. The architecture has evolved over time from an isolated but open system to a system which supports local and remote access to the ISS over broad geographic regions. This has been accomplished through the use of an evolved security strategy, PKI, and custom design. Through this paper, descriptions of the migration process and the lessons learned are presented. This will include product decision criteria, rationale, and the use of commodity products in the end architecture. This paper will also stress the need for interoperability of various products and the effects of seemingly insignificant details.

  20. Type-Based Access Control in Data-Centric Systems

    NASA Astrophysics Data System (ADS)

    Caires, Luís; Pérez, Jorge A.; Seco, João Costa; Vieira, Hugo Torres; Ferrão, Lúcio

    Data-centric multi-user systems, such as web applications, require flexible yet fine-grained data security mechanisms. Such mechanisms are usually enforced by a specially crafted security layer, which adds extra complexity and often leads to error prone coding, easily causing severe security breaches. In this paper, we introduce a programming language approach for enforcing access control policies to data in data-centric programs by static typing. Our development is based on the general concept of refinement type, but extended so as to address realistic and challenging scenarios of permission-based data security, in which policies dynamically depend on the database state, and flexible combinations of column- and row-level protection of data are necessary. We state and prove soundness and safety of our type system, stating that well-typed programs never break the declared data access control policies.

  1. Secure wide area network access to CMS analysis data using the Lustre filesystem

    NASA Astrophysics Data System (ADS)

    Bourilkov, D.; Avery, P.; Cheng, M.; Fu, Y.; Kim, B.; Palencia, J.; Budden, R.; Benninger, K.; Rodriquez, J. L.; Dilascio, J.; Dykstra, D.; Seenu, N.

    2012-12-01

    This paper reports the design and implementation of a secure, wide area network (WAN), distributed filesystem by the ExTENCI project (Extending Science Through Enhanced National CyberInfrastructure), based on the Lustre filesystem. The system is used for remote access to analysis data from the Compact Muon Solenoid (CMS) experiment at the Large Hadron Collider (LHC), and from the Lattice Quantum ChromoDynamics (LQCD) project. Security is provided by Kerberos authentication and authorization with additional fine grained control based on Lustre ACLs (Access Control List) and quotas. We investigate the impact of using various Kerberos security flavors on the I/O rates of CMS applications on client nodes reading and writing data to the Lustre filesystem, and on LQCD benchmarks. The clients can be real or virtual nodes. We are investigating additional options for user authentication based on user certificates.

  2. An authentication scheme for secure access to healthcare services.

    PubMed

    Khan, Muhammad Khurram; Kumari, Saru

    2013-08-01

    Last few decades have witnessed boom in the development of information and communication technologies. Health-sector has also been benefitted with this advancement. To ensure secure access to healthcare services some user authentication mechanisms have been proposed. In 2012, Wei et al. proposed a user authentication scheme for telecare medical information system (TMIS). Recently, Zhu pointed out offline password guessing attack on Wei et al.'s scheme and proposed an improved scheme. In this article, we analyze both of these schemes for their effectiveness in TMIS. We show that Wei et al.'s scheme and its improvement proposed by Zhu fail to achieve some important characteristics necessary for secure user authentication. We find that security problems of Wei et al.'s scheme stick with Zhu's scheme; like undetectable online password guessing attack, inefficacy of password change phase, traceability of user's stolen/lost smart card and denial-of-service threat. We also identify that Wei et al.'s scheme lacks forward secrecy and Zhu's scheme lacks session key between user and healthcare server. We therefore propose an authentication scheme for TMIS with forward secrecy which preserves the confidentiality of air messages even if master secret key of healthcare server is compromised. Our scheme retains advantages of Wei et al.'s scheme and Zhu's scheme, and offers additional security. The security analysis and comparison results show the enhanced suitability of our scheme for TMIS.

  3. An authentication scheme for secure access to healthcare services.

    PubMed

    Khan, Muhammad Khurram; Kumari, Saru

    2013-08-01

    Last few decades have witnessed boom in the development of information and communication technologies. Health-sector has also been benefitted with this advancement. To ensure secure access to healthcare services some user authentication mechanisms have been proposed. In 2012, Wei et al. proposed a user authentication scheme for telecare medical information system (TMIS). Recently, Zhu pointed out offline password guessing attack on Wei et al.'s scheme and proposed an improved scheme. In this article, we analyze both of these schemes for their effectiveness in TMIS. We show that Wei et al.'s scheme and its improvement proposed by Zhu fail to achieve some important characteristics necessary for secure user authentication. We find that security problems of Wei et al.'s scheme stick with Zhu's scheme; like undetectable online password guessing attack, inefficacy of password change phase, traceability of user's stolen/lost smart card and denial-of-service threat. We also identify that Wei et al.'s scheme lacks forward secrecy and Zhu's scheme lacks session key between user and healthcare server. We therefore propose an authentication scheme for TMIS with forward secrecy which preserves the confidentiality of air messages even if master secret key of healthcare server is compromised. Our scheme retains advantages of Wei et al.'s scheme and Zhu's scheme, and offers additional security. The security analysis and comparison results show the enhanced suitability of our scheme for TMIS. PMID:23828650

  4. IT Security Support for the Spaceport Command Control System Development

    NASA Technical Reports Server (NTRS)

    Varise, Brian

    2014-01-01

    My job title is IT Security support for the Spaceport Command & Control System Development. As a cyber-security analyst it is my job to ensure NASA's information stays safe from cyber threats, such as, viruses, malware and denial-of-service attacks by establishing and enforcing system access controls. Security is very important in the world of technology and it is used everywhere from personal computers to giant networks ran by Government agencies worldwide. Without constant monitoring analysis, businesses, public organizations and government agencies are vulnerable to potential harmful infiltration of their computer information system. It is my responsibility to ensure authorized access by examining improper access, reporting violations, revoke access, monitor information request by new programming and recommend improvements. My department oversees the Launch Control System and networks. An audit will be conducted for the LCS based on compliance with the Federal Information Security Management Act (FISMA) and The National Institute of Standards and Technology (NIST). I recently finished analyzing the SANS top 20 critical controls to give cost effective recommendations on various software and hardware products for compliance. Upon my completion of this internship, I will have successfully completed my duties as well as gain knowledge that will be helpful to my career in the future as a Cyber Security Analyst.

  5. Access Control of Web- and Java-Based Applications

    NASA Technical Reports Server (NTRS)

    Tso, Kam S.; Pajevski, Michael J.

    2013-01-01

    Cybersecurity has become a great concern as threats of service interruption, unauthorized access, stealing and altering of information, and spreading of viruses have become more prevalent and serious. Application layer access control of applications is a critical component in the overall security solution that also includes encryption, firewalls, virtual private networks, antivirus, and intrusion detection. An access control solution, based on an open-source access manager augmented with custom software components, was developed to provide protection to both Web-based and Javabased client and server applications. The DISA Security Service (DISA-SS) provides common access control capabilities for AMMOS software applications through a set of application programming interfaces (APIs) and network- accessible security services for authentication, single sign-on, authorization checking, and authorization policy management. The OpenAM access management technology designed for Web applications can be extended to meet the needs of Java thick clients and stand alone servers that are commonly used in the JPL AMMOS environment. The DISA-SS reusable components have greatly reduced the effort for each AMMOS subsystem to develop its own access control strategy. The novelty of this work is that it leverages an open-source access management product that was designed for Webbased applications to provide access control for Java thick clients and Java standalone servers. Thick clients and standalone servers are still commonly used in businesses and government, especially for applications that require rich graphical user interfaces and high-performance visualization that cannot be met by thin clients running on Web browsers

  6. ACCESS: Detector Control and Performance

    NASA Astrophysics Data System (ADS)

    Morris, Matthew J.; Kaiser, M.; McCandliss, S. R.; Rauscher, B. J.; Kimble, R. A.; Kruk, J. W.; Wright, E. L.; Bohlin, R.; Kurucz, R. L.; Riess, A. G.; Pelton, R.; Deustua, S. E.; Dixon, W. V.; Sahnow, D. J.; Mott, D. B.; Wen, Y.; Benford, D. J.; Gardner, J. P.; Feldman, P. D.; Moos, H. W.; Lampton, M.; Perlmutter, S.; Woodgate, B. E.

    2014-01-01

    ACCESS, Absolute Color Calibration Experiment for Standard Stars, is a series of rocket-borne sub-orbital missions and ground-based experiments that will enable improvements in the precision of the astrophysical flux scale through the transfer of absolute laboratory detector standards from the National Institute of Standards and Technology (NIST) to a network of stellar standards with a calibration accuracy of 1% and a spectral resolving power of 500 across the 0.35 to 1.7 micron bandpass (companion poster, Kaiser et al.). The flight detector and detector spare have been selected and integrated with their electronics and flight mount. The controller electronics have been flight qualified. Vibration testing to launch loads and thermal vacuum testing of the detector, mount, and housing have been successfully performed. Further improvements to the flight controller housing have been made. A cryogenic ground test system has been built. Dark current and read noise tests have been performed, yielding results consistent with the initial characterization tests of the detector performed by Goddard Space Flight Center’s Detector Characterization Lab (DCL). Detector control software has been developed and implemented for ground testing. Performance and integration of the detector and controller with the flight software will be presented. NASA APRA sounding rocket grant NNX08AI65G supports this work.

  7. Application-Defined Decentralized Access Control.

    PubMed

    Xu, Yuanzhong; Dunn, Alan M; Hofmann, Owen S; Lee, Michael Z; Mehdi, Syed Akbar; Witchel, Emmett

    2014-01-01

    DCAC is a practical OS-level access control system that supports application-defined principals. It allows normal users to perform administrative operations within their privilege, enabling isolation and privilege separation for applications. It does not require centralized policy specification or management, giving applications freedom to manage their principals while the policies are still enforced by the OS. DCAC uses hierarchically-named attributes as a generic framework for user-defined policies such as groups defined by normal users. For both local and networked file systems, its execution time overhead is between 0%-9% on file system microbenchmarks, and under 1% on applications. This paper shows the design and implementation of DCAC, as well as several real-world use cases, including sandboxing applications, enforcing server applications' security policies, supporting NFS, and authenticating user-defined sub-principals in SSH, all with minimal code changes.

  8. Application-Defined Decentralized Access Control

    PubMed Central

    Xu, Yuanzhong; Dunn, Alan M.; Hofmann, Owen S.; Lee, Michael Z.; Mehdi, Syed Akbar; Witchel, Emmett

    2014-01-01

    DCAC is a practical OS-level access control system that supports application-defined principals. It allows normal users to perform administrative operations within their privilege, enabling isolation and privilege separation for applications. It does not require centralized policy specification or management, giving applications freedom to manage their principals while the policies are still enforced by the OS. DCAC uses hierarchically-named attributes as a generic framework for user-defined policies such as groups defined by normal users. For both local and networked file systems, its execution time overhead is between 0%–9% on file system microbenchmarks, and under 1% on applications. This paper shows the design and implementation of DCAC, as well as several real-world use cases, including sandboxing applications, enforcing server applications’ security policies, supporting NFS, and authenticating user-defined sub-principals in SSH, all with minimal code changes. PMID:25426493

  9. Efficient identity management and access control in cloud environment

    NASA Astrophysics Data System (ADS)

    Gloster, Jonathan

    2013-05-01

    As more enterprises are enticed to move data to a cloud environment to enhance data sharing and reduce operating costs by exploiting shared resources, concerns have risen over the ability to secure information within the cloud. This paper examines how a traditional Identity and Access Control (IDAM) architecture can be adapted to address security concerns of a cloud environment. We propose changing the paradigm of IDAM form a pure trust model to a risk based model will enable information to be protected securely in a cloud environment without impacting efficiencies of cloud environments.

  10. An efficient and secure attribute based signcryption scheme with LSSS access structure.

    PubMed

    Hong, Hanshu; Sun, Zhixin

    2016-01-01

    Attribute based encryption (ABE) and attribute based signature (ABS) provide flexible access control with authentication for data sharing between users, but realizing both functions will bring about too much computation burden. In this paper, we combine the advantages of CP-ABE with ABS and propose a ciphertext policy attribute based signcryption scheme. In our scheme, only legal receivers can decrypt the ciphertext and verify the signature signed by data owner. Furthermore, we use linear secret sharing scheme instead of tree structure to avoid the frequent calls of recursive algorithm. By security and performance analysis, we prove that our scheme is secure as well as gains higher efficiency. PMID:27330910

  11. Access Control of Web and Java Based Applications

    NASA Technical Reports Server (NTRS)

    Tso, Kam S.; Pajevski, Michael J.; Johnson, Bryan

    2011-01-01

    Cyber security has gained national and international attention as a result of near continuous headlines from financial institutions, retail stores, government offices and universities reporting compromised systems and stolen data. Concerns continue to rise as threats of service interruption, and spreading of viruses become ever more prevalent and serious. Controlling access to application layer resources is a critical component in a layered security solution that includes encryption, firewalls, virtual private networks, antivirus, and intrusion detection. In this paper we discuss the development of an application-level access control solution, based on an open-source access manager augmented with custom software components, to provide protection to both Web-based and Java-based client and server applications.

  12. Security Controls Hurt Research, NAS Warns.

    ERIC Educational Resources Information Center

    Kolata, Gina

    1982-01-01

    A National Academy of Sciences (NAS) report found no evidence that leaks of technical information from universities or other research centers have damaged national security. However, in areas where control is warranted, decisions should be based on criteria. These criteria and issues related to security control and technological transfer are…

  13. Multiparty-controlled quantum secure direct communication

    SciTech Connect

    Xiu, X.-M. Dong, L.; Gao, Y.-J.; Chi, F.

    2007-12-15

    A theoretical scheme of a multiparty-controlled quantum secure direct communication is proposed. The supervisor prepares a communication network with Einstein-Podolsky-Rosen pairs and auxiliary particles. After passing a security test of the communication network, a supervisor tells the users the network is secure and they can communicate. If the controllers allow the communicators to communicate, the controllers should perform measurements and inform the communicators of the outcomes. The communicators then begin to communicate after they perform a security test of the quantum channel and verify that it is secure. The recipient can decrypt the secret message in a classical message from the sender depending on the protocol. Any two users in the network can communicate through the above processes under the control of the supervisor and the controllers.

  14. Common Badging and Access Control System (CBACS)

    NASA Technical Reports Server (NTRS)

    Dischinger, Portia

    2005-01-01

    This slide presentation presents NASA's Common Badging and Access Control System. NASA began a Smart Card implementation in January 2004. Following site surveys, it was determined that NASA's badging and access control systems required upgrades to common infrastructure in order to provide flexibly, usability, and return on investment prior to a smart card implantation. Common Badging and Access Control System (CBACS) provides the common infrastructure from which FIPS-201 compliant processes, systems, and credentials can be developed and used.

  15. Global Access-controlled Transfer e-frame (GATe)

    SciTech Connect

    2012-05-30

    Global Access-controlled Transfer e-frame (GATe) was designed to take advantage of the patterns that occur during an electronic record transfer process. The e-frame (or electronic framework or platform) is the foundation for developing secure information transfer to meet classified and unclassified business processes and is particularly useful when there is a need to share information with various entities in a controlled and secure environment. It can share, search, upload, download and retrieve sensitive information, as well as provides reporting capabilities.

  16. Global Access-controlled Transfer e-frame (GATe)

    2012-05-30

    Global Access-controlled Transfer e-frame (GATe) was designed to take advantage of the patterns that occur during an electronic record transfer process. The e-frame (or electronic framework or platform) is the foundation for developing secure information transfer to meet classified and unclassified business processes and is particularly useful when there is a need to share information with various entities in a controlled and secure environment. It can share, search, upload, download and retrieve sensitive information, asmore » well as provides reporting capabilities.« less

  17. Secure, Autonomous, Intelligent Controller for Integrating Distributed Sensor Webs

    NASA Technical Reports Server (NTRS)

    Ivancic, William D.

    2007-01-01

    This paper describes the infrastructure and protocols necessary to enable near-real-time commanding, access to space-based assets, and the secure interoperation between sensor webs owned and controlled by various entities. Select terrestrial and aeronautics-base sensor webs will be used to demonstrate time-critical interoperability between integrated, intelligent sensor webs both terrestrial and between terrestrial and space-based assets. For this work, a Secure, Autonomous, Intelligent Controller and knowledge generation unit is implemented using Virtual Mission Operation Center technology.

  18. Access and control of information and intellectual property

    NASA Astrophysics Data System (ADS)

    Lang, Gerald S.

    1996-03-01

    This paper introduces the technology of two pioneering patents for the secure distribution of information and intellectual property. The seminal technology has been used in the control of sensitive material such as medical records and imagery in distributed networks. It lends itself to the implementation of an open architecture access control system that provides local or remote user selective access to digital information stored on any computer system or storage medium, down to the data element, pixel, and sub-pixel levels. Use of this technology is especially suited for electronic publishing, health care records, MIS, and auditing.

  19. Access technology and dementia care: influences on residents' everyday lives in a secure unit.

    PubMed

    Margot-Cattin, Isabel; Nygård, Louise

    2006-06-01

    There is a need to understand how technology can best be used to facilitate well-being in people with dementia. This study sought to describe how access control technology influenced the everyday lives of people with dementia living in a secure unit. The staff members and the unit's residents participated in the study. Data were collected through ethnographic observations and semi-structured interviews over 6 months, and were analyzed using the constant comparative method. The results show how access technology supported the residents' sense of security, territoriality, orientation, and adaptation to the environment. However, certain conditions were necessary for these influences to appear. Overall, the results indicate that access control technology may be used to support the well-being of people with dementia, and to increase their opportunities to feel in place in a secure unit. However, there is an urgent need in the future for further exploration of the conditions for use of technology in the field of dementia care, and the necessity of making careful evaluations of the use of technology in this field cannot be overemphasized. PMID:16856468

  20. 47 CFR 95.645 - Control accessibility.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... 47 Telecommunication 5 2011-10-01 2011-10-01 false Control accessibility. 95.645 Section 95.645 Telecommunication FEDERAL COMMUNICATIONS COMMISSION (CONTINUED) SAFETY AND SPECIAL RADIO SERVICES PERSONAL RADIO SERVICES Technical Regulations Certification Requirements § 95.645 Control accessibility. (a) No...

  1. 47 CFR 95.645 - Control accessibility.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... 47 Telecommunication 5 2013-10-01 2013-10-01 false Control accessibility. 95.645 Section 95.645 Telecommunication FEDERAL COMMUNICATIONS COMMISSION (CONTINUED) SAFETY AND SPECIAL RADIO SERVICES PERSONAL RADIO SERVICES Technical Regulations Certification Requirements § 95.645 Control accessibility. (a) No...

  2. 47 CFR 95.645 - Control accessibility.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 47 Telecommunication 5 2014-10-01 2014-10-01 false Control accessibility. 95.645 Section 95.645 Telecommunication FEDERAL COMMUNICATIONS COMMISSION (CONTINUED) SAFETY AND SPECIAL RADIO SERVICES PERSONAL RADIO SERVICES Technical Regulations Certification Requirements § 95.645 Control accessibility. (a) No...

  3. 47 CFR 95.645 - Control accessibility.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 47 Telecommunication 5 2010-10-01 2010-10-01 false Control accessibility. 95.645 Section 95.645 Telecommunication FEDERAL COMMUNICATIONS COMMISSION (CONTINUED) SAFETY AND SPECIAL RADIO SERVICES PERSONAL RADIO SERVICES Technical Regulations Certification Requirements § 95.645 Control accessibility. (a) No...

  4. Joint robustness security in optical OFDM access system with Turbo-coded subcarrier rotation.

    PubMed

    Zhang, Lijia; Liu, Bo; Xin, Xiangjun; Wang, Yongjun

    2015-01-12

    This paper proposes a novel robust physical secure method for optical orthogonal frequency division multiplexing (OFDM) access system based on Turbo-coded subcarrier rotation. It can realize a secure communication while keep robustness to channel noise. The subcarrier rotation is controlled by the interleaver module of Turbo coding, which is under the charge of Logistic map. The random puncturing can further enhance the security. The channel feedback can ensure the puncturing module working at a suitable coding rate. A 72.28 Gb/s encrypted 16QAM-OFDM signal is successfully demonstrated in the experiment. The results show robust performance under different channel noise conditions and good resistance to illegal optical network unit (ONU).

  5. Proximity Displays for Access Control

    ERIC Educational Resources Information Center

    Vaniea, Kami

    2012-01-01

    Managing access to shared digital information, such as photographs and documents. is difficult for end users who are accumulating an increasingly large and diverse collection of data that they want to share with others. Current policy-management solutions require a user to proactively seek out and open a separate policy-management interface when…

  6. Formal Description of Trust-based Access Control

    NASA Astrophysics Data System (ADS)

    Xiaoning, Ma

    Different from traditional access control technologies, such as discretionary access control, mandatory access control, role-based access control, trust-based access control can solve the problem of uncertainty, risk and vulnerability coming from authorization. In this paper, strict definition and formal description of trust-based access control is defined.

  7. Privacy and Access Control for IHE-Based Systems

    NASA Astrophysics Data System (ADS)

    Katt, Basel; Breu, Ruth; Hafner, Micahel; Schabetsberger, Thomas; Mair, Richard; Wozak, Florian

    Electronic Health Record (EHR) is the heart element of any e-health system, which aims at improving the quality and efficiency of healthcare through the use of information and communication technologies. The sensitivity of the data contained in the health record poses a great challenge to security. In this paper we propose a security architecture for EHR systems that are conform with IHE profiles. In this architecture we are tackling the problems of access control and privacy. Furthermore, a prototypical implementation of the proposed model is presented.

  8. Control Systems Cyber Security Standards Support Activities

    SciTech Connect

    Robert Evans

    2009-01-01

    The Department of Homeland Security’s Control Systems Security Program (CSSP) is working with industry to secure critical infrastructure sectors from cyber intrusions that could compromise control systems. This document describes CSSP’s current activities with industry organizations in developing cyber security standards for control systems. In addition, it summarizes the standards work being conducted by organizations within the sector and provides a brief listing of sector meetings and conferences that might be of interest for each sector. Control systems cyber security standards are part of a rapidly changing environment. The participation of CSSP in the development effort for these standards has provided consistency in the technical content of the standards while ensuring that information developed by CSSP is included.

  9. 7 CFR 331.10 - Restricting access to select agents and toxins; security risk assessments.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 7 Agriculture 5 2012-01-01 2012-01-01 false Restricting access to select agents and toxins... TRANSFER OF SELECT AGENTS AND TOXINS § 331.10 Restricting access to select agents and toxins; security risk... access to a select agent or toxin, and an individual may not access a select agent or toxin, unless...

  10. 7 CFR 331.10 - Restricting access to select agents and toxins; security risk assessments.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... 7 Agriculture 5 2013-01-01 2013-01-01 false Restricting access to select agents and toxins... TRANSFER OF SELECT AGENTS AND TOXINS § 331.10 Restricting access to select agents and toxins; security risk... access to a select agent or toxin, and an individual may not access a select agent or toxin, unless...

  11. 7 CFR 331.10 - Restricting access to select agents and toxins; security risk assessments.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 7 Agriculture 5 2011-01-01 2011-01-01 false Restricting access to select agents and toxins... TRANSFER OF SELECT AGENTS AND TOXINS § 331.10 Restricting access to select agents and toxins; security risk... access to a select agent or toxin, and an individual may not access a select agent or toxin, unless...

  12. 7 CFR 331.10 - Restricting access to select agents and toxins; security risk assessments.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... 7 Agriculture 5 2010-01-01 2010-01-01 false Restricting access to select agents and toxins... TRANSFER OF SELECT AGENTS AND TOXINS § 331.10 Restricting access to select agents and toxins; security risk... access to a select agent or toxin, and an individual may not access a select agent or toxin, unless...

  13. 7 CFR 331.10 - Restricting access to select agents and toxins; security risk assessments.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 7 Agriculture 5 2014-01-01 2014-01-01 false Restricting access to select agents and toxins... TRANSFER OF SELECT AGENTS AND TOXINS § 331.10 Restricting access to select agents and toxins; security risk... access to a select agent or toxin, and an individual may not access a select agent or toxin, unless...

  14. Secure and Efficient Routable Control Systems

    SciTech Connect

    Edgar, Thomas W.; Hadley, Mark D.; Manz, David O.; Winn, Jennifer D.

    2010-05-01

    This document provides the methods to secure routable control system communication in the electric sector. The approach of this document yields a long-term vision for a future of secure communication, while also providing near term steps and a roadmap. The requirements for the future secure control system environment were spelled out to provide a final target. Additionally a survey and evaluation of current protocols was used to determine if any existing technology could achieve this goal. In the end a four-step path was described that brought about increasing requirement completion and culminates in the realization of the long term vision.

  15. Security of social network credentials for accessing course portal: Users' experience

    NASA Astrophysics Data System (ADS)

    Katuk, Norliza; Fong, Choo Sok; Chun, Koo Lee

    2015-12-01

    Social login (SL) has recently emerged as a solution for single sign-on (SSO) within the web and mobile environments. It allows users to use their existing social network credentials (SNC) to login to third party web applications without the need to create a new identity in the intended applications' database. Although it has been used by many web application providers, its' applicability in accessing learning materials is not yet fully investigated. Hence, this research aims to explore users' (i.e., instructors' and students') perception and experience on the security of SL for accessing learning contents. A course portal was developed for students at a higher learning institution and it provides two types of user authentications (i) traditional user authentication, and (ii) SL facility. Users comprised instructors and students evaluated the login facility of the course portal through a controlled lab experimental study following the within-subject design. The participants provided their feedback in terms of the security of SL for accessing learning contents. The study revealed that users preferred to use SL over the traditional authentication, however, they concerned on the security of SL and their privacy.

  16. Evaluating the effectiveness of biometric access control systems

    NASA Astrophysics Data System (ADS)

    Lively, Valerie M.

    2005-05-01

    This paper describes the contribution by the National Safe Skies Alliance (Safe Skies) in operational testing of biometric access control systems under the guidance of the Transportation Security Administration (TSA). Safe Skies has been conducting operational tests of biometric access control systems on behalf of the TSA for approximately four years. The majority of this testing has occurred at the McGhee Tyson Airport (TYS) in Knoxville, Tennessee. Twelve separate biometric devices - eight fingerprint, facial, iris, hand geometry, and fingerprint and iris, have been tested to date. Tests were conducted at a TYS administrative door and different airports to evaluate the access control device under normal, abnormal, and attempt-to-defeat conditions.

  17. Fine-Grained Access Control for Electronic Health Record Systems

    NASA Astrophysics Data System (ADS)

    Hue, Pham Thi Bach; Wohlgemuth, Sven; Echizen, Isao; Thuy, Dong Thi Bich; Thuc, Nguyen Dinh

    There needs to be a strategy for securing the privacy of patients when exchanging health records between various entities over the Internet. Despite the fact that health care providers such as Google Health and Microsoft Corp.'s Health Vault comply with the U.S Health Insurance Portability and Accountability Act (HIPAA), the privacy of patients is still at risk. Several encryption schemes and access control mechanisms have been suggested to protect the disclosure of a patient's health record especially from unauthorized entities. However, by implementing these approaches, data owners are not capable of controlling and protecting the disclosure of the individual sensitive attributes of their health records. This raises the need to adopt a secure mechanism to protect personal information against unauthorized disclosure. Therefore, we propose a new Fine-grained Access Control (FGAC) mechanism that is based on subkeys, which would allow a data owner to further control the access to his data at the column-level. We also propose a new mechanism to efficiently reduce the number of keys maintained by a data owner in cases when the users have different access privileges to different columns of the data being shared.

  18. Efficient Controlled Quantum Secure Direct Communication Protocols

    NASA Astrophysics Data System (ADS)

    Patwardhan, Siddharth; Moulick, Subhayan Roy; Panigrahi, Prasanta K.

    2016-07-01

    We study controlled quantum secure direct communication (CQSDC), a cryptographic scheme where a sender can send a secret bit-string to an intended recipient, without any secure classical channel, who can obtain the complete bit-string only with the permission of a controller. We report an efficient protocol to realize CQSDC using Cluster state and then go on to construct a (2-3)-CQSDC using Brown state, where a coalition of any two of the three controllers is required to retrieve the complete message. We argue both protocols to be unconditionally secure and analyze the efficiency of the protocols to show it to outperform the existing schemes while maintaining the same security specifications.

  19. 28 CFR 16.74 - Exemption of National Security Division Systems-limited access.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... 28 Judicial Administration 1 2010-07-01 2010-07-01 false Exemption of National Security Division Systems-limited access. 16.74 Section 16.74 Judicial Administration DEPARTMENT OF JUSTICE PRODUCTION OR... National Security Division Systems—limited access. (a) The following system of records is exempted...

  20. 48 CFR 3004.470 - Security requirements for access to unclassified facilities, Information Technology resources...

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 48 Federal Acquisition Regulations System 7 2010-10-01 2010-10-01 false Security requirements for access to unclassified facilities, Information Technology resources, and sensitive information. 3004.470... Within Industry 3004.470 Security requirements for access to unclassified facilities,...

  1. Recommended Practice for Securing Control System Modems

    SciTech Connect

    James R. Davidson; Jason L. Wright

    2008-01-01

    This paper addresses an often overlooked “backdoor” into critical infrastructure control systems created by modem connections. A modem’s connection to the public telephone system is similar to a corporate network connection to the Internet. By tracing typical attack paths into the system, this paper provides the reader with an analysis of the problem and then guides the reader through methods to evaluate existing modem security. Following the analysis, a series of methods for securing modems is provided. These methods are correlated to well-known networking security methods.

  2. Restricted access processor - An application of computer security technology

    NASA Technical Reports Server (NTRS)

    Mcmahon, E. M.

    1985-01-01

    This paper describes a security guard device that is currently being developed by Computer Sciences Corporation (CSC). The methods used to provide assurance that the system meets its security requirements include the system architecture, a system security evaluation, and the application of formal and informal verification techniques. The combination of state-of-the-art technology and the incorporation of new verification procedures results in a demonstration of the feasibility of computer security technology for operational applications.

  3. Selecting RMF Controls for National Security Systems

    SciTech Connect

    Witzke, Edward L.

    2015-08-01

    In 2014, the United States Department of Defense started tra nsitioning the way it performs risk management and accreditation of informatio n systems to a process entitled Risk Management Framework for DoD Information Technology or RMF for DoD IT. There are many more security and privacy contro ls (and control enhancements) from which to select in RMF, than there w ere in the previous Information Assurance process. This report is an attempt t o clarify the way security controls and enhancements are selected. After a brief overview and comparison of RMF for DoD I T with the previously used process, this report looks at the determination of systems as National Security Systems (NSS). Once deemed to be an NSS, this report addr esses the categorization of the information system with respect to impact level s of the various security objectives and the selection of an initial baseline o f controls. Next, the report describes tailoring the controls through the use of overl ays and scoping considerations. Finally, the report discusses organizatio n-defined values for tuning the security controls to the needs of the information system.

  4. Cyber secure systems approach for NPP digital control systems

    SciTech Connect

    McCreary, T. J.; Hsu, A.

    2006-07-01

    disrupt network communications by entering the system from an attached utility network or utilizing a modem connected to a control system PC that is in turn connected to a publicly accessible phone; 2)Threat from a user connecting an unauthorized computer to the control network; 3)Threat from a security attack when an unauthorized user gains access to a PC connected to the plant network;. 4)Threat from internal disruption (by plant staff, whether, malicious or otherwise) by unauthorized usage of files or file handling media that opens the system to security threat (as typified in current situation in most control rooms). The plant I and C system cyber security design and the plant specific procedures should adequately demonstrate protection from the four pertinent classes of cyber security attacks. The combination of these features should demonstrate that the system is not vulnerable to any analyzed cyber security attacks either from internal sources or through network connections. The authors will provide configurations that will demonstrate the Cyber Security Zone. (authors)

  5. Store Security: Internal Shrinkage Control.

    ERIC Educational Resources Information Center

    Everhardt, Richard M.

    The document presents a 10-week training program designed to provide helpful and proven methods for controlling internal shrinkage in retail stores. Shrinkage includes the three problems of shoplifting, employee theft, and errors, each of which is addressed by the course. Ohio's laws are also discussed. The format for the course content section is…

  6. Primer Control System Cyber Security Framework and Technical Metrics

    SciTech Connect

    Wayne F. Boyer; Miles A. McQueen

    2008-05-01

    The Department of Homeland Security National Cyber Security Division supported development of a control system cyber security framework and a set of technical metrics to aid owner-operators in tracking control systems security. The framework defines seven relevant cyber security dimensions and provides the foundation for thinking about control system security. Based on the developed security framework, a set of ten technical metrics are recommended that allow control systems owner-operators to track improvements or degradations in their individual control systems security posture.

  7. Secure Control Systems for the Energy Sector

    SciTech Connect

    Smith, Rhett; Campbell, Jack; Hadley, Mark

    2012-03-31

    Schweitzer Engineering Laboratories (SEL) will conduct the Hallmark Project to address the need to reduce the risk of energy disruptions because of cyber incidents on control systems. The goals is to develop solutions that can be both applied to existing control systems and designed into new control systems to add the security measures needed to mitigate energy network vulnerabilities. The scope of the Hallmark Project contains four primary elements: 1. Technology transfer of the Secure Supervisory Control and Data Acquisition (SCADA) Communications Protocol (SSCP) from Pacific Northwest National Laboratories (PNNL) to Schweitzer Engineering Laboratories (SEL). The project shall use this technology to develop a Federal Information Processing Standard (FIPS) 140-2 compliant original equipment manufacturer (OEM) module to be called a Cryptographic Daughter Card (CDC) with the ability to directly connect to any PC enabling that computer to securely communicate across serial to field devices. Validate the OEM capabilities with another vendor. 2. Development of a Link Authenticator Module (LAM) using the FIPS 140-2 validated Secure SCADA Communications Protocol (SSCP) CDC module with a central management software kit. 3. Validation of the CDC and Link Authenticator modules via laboratory and field tests. 4. Creation of documents that record the impact of the Link Authenticator to the operators of control systems and on the control system itself. The information in the documents can assist others with technology deployment and maintenance.

  8. Access control violation prevention by low-cost infrared detection

    NASA Astrophysics Data System (ADS)

    Rimmer, Andrew N.

    2004-09-01

    A low cost 16x16 un-cooled pyroelectric detector array, allied with advanced tracking and detection algorithms, has enabled the development of a universal detector with a wide range of applications in people monitoring and homeland security. Violation of access control systems, whether controlled by proximity card, biometrics, swipe card or similar, may occur by 'tailgating' or 'piggybacking' where an 'approved' entrant with a valid entry card is accompanied by a closely spaced 'non-approved' entrant. The violation may be under duress, where the accompanying person is attempting to enter a secure facility by force or threat. Alternatively, the violation may be benign where staff members collude either through habit or lassitude, either with each other or with third parties, without considering the security consequences. Examples of the latter could include schools, hospitals or maternity homes. The 16x16 pyroelectric array is integrated into a detector or imaging system which incorporates data processing, target extraction and decision making algorithms. The algorithms apply interpolation to the array output, allowing a higher level of resolution than might otherwise be expected from such a low resolution array. The pyroelectric detection principle means that the detection will work in variable light conditions and even in complete darkness, if required. The algorithms can monitor the shape, form, temperature and number of persons in the scene and utilise this information to determine whether a violation has occurred or not. As people are seen as 'hot blobs' and are not individually recognisable, civil liberties are not infringed in the detection process. The output from the detector is a simple alarm signal which may act as input to the access control system as an alert or to trigger CCTV image display and storage. The applications for a tailgate detector can be demonstrated across many medium security applications where there are no physical means to prevent this

  9. Comparison of Routable Control System Security Approaches

    SciTech Connect

    Edgar, Thomas W.; Hadley, Mark D.; Carroll, Thomas E.; Manz, David O.; Winn, Jennifer D.

    2011-06-01

    This document is an supplement to the 'Secure and Efficient Routable Control Systems.' It addressed security in routable control system communication. The control system environment that monitors and manages the power grid historically has utilized serial communication mechanisms. Leased-line serial communication environments operating at 1200 to 9600 baud rates are common. However, recent trends show that communication media such as fiber, optical carrier 3 (OC-3) speeds, mesh-based high-speed wireless, and the Internet are becoming the media of choice. In addition, a dichotomy has developed between the electrical transmission and distribution environments, with more modern communication infrastructures deployed by transmission utilities. The preceding diagram represents a typical control system. The Communication Links cloud supports all of the communication mechanisms a utility might deploy between the control center and devices in the field. Current methodologies used for security implementations are primarily led by single vendors or standards bodies. However, these entities tend to focus on individual protocols. The result is an environment that contains a mixture of security solutions that may only address some communication protocols at an increasing operational burden for the utility. A single approach is needed that meets operational requirements, is simple to operate, and provides the necessary level of security for all control system communication. The solution should be application independent (e.g., Distributed Network Protocol/Internet Protocol [DNP/IP], International Electrotechnical Commission [IEC] C37.118, Object Linking and Embedding for Process Control [OPC], etc.) and focus on the transport layer. In an ideal setting, a well-designed suite of standards for control system communication will be used for vendor implementation and compliance testing. An expected outcome of this effort is an international standard.

  10. 10 CFR 36.23 - Access control.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 10 Energy 1 2014-01-01 2014-01-01 false Access control. 36.23 Section 36.23 Energy NUCLEAR... activation of the control. (g) Each entrance to the radiation room of a panoramic irradiator and each... required by 10 CFR 20.1902. Radiation postings for panoramic irradiators must comply with the...

  11. 10 CFR 36.23 - Access control.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... 10 Energy 1 2010-01-01 2010-01-01 false Access control. 36.23 Section 36.23 Energy NUCLEAR... activation of the control. (g) Each entrance to the radiation room of a panoramic irradiator and each... required by 10 CFR 20.1902. Radiation postings for panoramic irradiators must comply with the...

  12. 10 CFR 36.23 - Access control.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 10 Energy 1 2011-01-01 2011-01-01 false Access control. 36.23 Section 36.23 Energy NUCLEAR... activation of the control. (g) Each entrance to the radiation room of a panoramic irradiator and each... required by 10 CFR 20.1902. Radiation postings for panoramic irradiators must comply with the...

  13. 10 CFR 36.23 - Access control.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 10 Energy 1 2012-01-01 2012-01-01 false Access control. 36.23 Section 36.23 Energy NUCLEAR... activation of the control. (g) Each entrance to the radiation room of a panoramic irradiator and each... required by 10 CFR 20.1902. Radiation postings for panoramic irradiators must comply with the...

  14. 10 CFR 36.23 - Access control.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... 10 Energy 1 2013-01-01 2013-01-01 false Access control. 36.23 Section 36.23 Energy NUCLEAR... activation of the control. (g) Each entrance to the radiation room of a panoramic irradiator and each... required by 10 CFR 20.1902. Radiation postings for panoramic irradiators must comply with the...

  15. The Ins and Outs of Access Control.

    ERIC Educational Resources Information Center

    Longworth, David

    1999-01-01

    Presents basic considerations when school districts plan to acquire an access-control system for their education facilities. Topics cover cards and readers, controllers, software, automation, card technology, expandability, price, specification of needs beyond the canned specifications already supplied, and proper usage training to cardholders.…

  16. Access control and privacy in large distributed systems

    NASA Technical Reports Server (NTRS)

    Leiner, B. M.; Bishop, M.

    1986-01-01

    Large scale distributed systems consists of workstations, mainframe computers, supercomputers and other types of servers, all connected by a computer network. These systems are being used in a variety of applications including the support of collaborative scientific research. In such an environment, issues of access control and privacy arise. Access control is required for several reasons, including the protection of sensitive resources and cost control. Privacy is also required for similar reasons, including the protection of a researcher's proprietary results. A possible architecture for integrating available computer and communications security technologies into a system that meet these requirements is described. This architecture is meant as a starting point for discussion, rather that the final answer.

  17. The linked medical data access control framework.

    PubMed

    Kamateri, Eleni; Kalampokis, Evangelos; Tambouris, Efthimios; Tarabanis, Konstantinos

    2014-08-01

    The integration of medical data coming from multiple sources is important in clinical research. Amongst others, it enables the discovery of appropriate subjects in patient-oriented research and the identification of innovative results in epidemiological studies. At the same time, the integration of medical data faces significant ethical and legal challenges that impose access constraints. Some of these issues can be addressed by making available aggregated instead of raw record-level data. In many cases however, there is still a need for controlling access even to the resulting aggregated data, e.g., due to data provider's policies. In this paper we present the Linked Medical Data Access Control (LiMDAC) framework that capitalizes on Linked Data technologies to enable controlling access to medical data across distributed sources with diverse access constraints. The LiMDAC framework consists of three Linked Data models, namely the LiMDAC metadata model, the LiMDAC user profile model, and the LiMDAC access policy model. It also includes an architecture that exploits these models. Based on the framework, a proof-of-concept platform is developed and its performance and functionality are evaluated by employing two usage scenarios.

  18. Security guide for subcontractors

    SciTech Connect

    Adams, R.C.

    1991-01-01

    This security guide of the Department of Energy covers contractor and subcontractor access to DOE and Mound facilities. The topics of the security guide include responsibilities, physical barriers, personnel identification system, personnel and vehicular access controls, classified document control, protecting classified matter in use, storing classified matter repository combinations, violations, security education clearance terminations, security infractions, classified information nondisclosure agreement, personnel security clearances, visitor control, travel to communist-controlled or sensitive countries, shipment security, and surreptitious listening devices.

  19. A secure and reliable monitor and control system for remote observing with the Large Millimeter Telescope

    NASA Astrophysics Data System (ADS)

    Wallace, Gary; Souccar, Kamal; Malin, Daniella

    2004-09-01

    Remote access to telescope monitor and control capabilities necessitates strict security mechanisms to protect the telescope and instruments from malicious or unauthorized use, and to prevent data from being stolen, altered, or corrupted. The Large Millimeter Telescope (LMT) monitor and control system (LMTMC) utilizes the Common Object Request Broker Architecture (CORBA) middleware technology to connect remote software components. The LMTMC provides reliable and secure remote observing by automatically generating SSLIOP enabled CORBA objects. TAO, the ACE open source Object Request Broker (ORB), now supports secure communications by implementing the Secure Socket Layer Inter-ORB Protocol (SSLIOP) as a pluggable protocol. This capability supplies the LMTMC with client and server authentication, data integrity, and encryption. Our system takes advantage of the hooks provided by TAO SSLIOP to implement X.509 certificate based authorization. This access control scheme includes multiple authorization levels to enable granular access control.

  20. Access and privacy rights using web security standards to increase patient empowerment.

    PubMed

    Falcão-Reis, Filipa; Costa-Pereira, Altamiro; Correia, Manuel E

    2008-01-01

    Electronic Health Record (EHR) systems are becoming more and more sophisticated and include nowadays numerous applications, which are not only accessed by medical professionals, but also by accounting and administrative personnel. This could represent a problem concerning basic rights such as privacy and confidentiality. The principles, guidelines and recommendations compiled by the OECD protection of privacy and trans-border flow of personal data are described and considered within health information system development. Granting access to an EHR should be dependent upon the owner of the record; the patient: he must be entitled to define who is allowed to access his EHRs, besides the access control scheme each health organization may have implemented. In this way, it's not only up to health professionals to decide who have access to what, but the patient himself. Implementing such a policy is walking towards patient empowerment which society should encourage and governments should promote. The paper then introduces a technical solution based on web security standards. This would give patients the ability to monitor and control which entities have access to their personal EHRs, thus empowering them with the knowledge of how much of his medical history is known and by whom. It is necessary to create standard data access protocols, mechanisms and policies to protect the privacy rights and furthermore, to enable patients, to automatically track the movement (flow) of their personal data and information in the context of health information systems. This solution must be functional and, above all, user-friendly and the interface should take in consideration some heuristics of usability in order to provide the user with the best tools. The current official standards on confidentiality and privacy in health care, currently being developed within the EU, are explained, in order to achieve a consensual idea of the guidelines that all member states should follow to transfer

  1. Access and privacy rights using web security standards to increase patient empowerment.

    PubMed

    Falcão-Reis, Filipa; Costa-Pereira, Altamiro; Correia, Manuel E

    2008-01-01

    Electronic Health Record (EHR) systems are becoming more and more sophisticated and include nowadays numerous applications, which are not only accessed by medical professionals, but also by accounting and administrative personnel. This could represent a problem concerning basic rights such as privacy and confidentiality. The principles, guidelines and recommendations compiled by the OECD protection of privacy and trans-border flow of personal data are described and considered within health information system development. Granting access to an EHR should be dependent upon the owner of the record; the patient: he must be entitled to define who is allowed to access his EHRs, besides the access control scheme each health organization may have implemented. In this way, it's not only up to health professionals to decide who have access to what, but the patient himself. Implementing such a policy is walking towards patient empowerment which society should encourage and governments should promote. The paper then introduces a technical solution based on web security standards. This would give patients the ability to monitor and control which entities have access to their personal EHRs, thus empowering them with the knowledge of how much of his medical history is known and by whom. It is necessary to create standard data access protocols, mechanisms and policies to protect the privacy rights and furthermore, to enable patients, to automatically track the movement (flow) of their personal data and information in the context of health information systems. This solution must be functional and, above all, user-friendly and the interface should take in consideration some heuristics of usability in order to provide the user with the best tools. The current official standards on confidentiality and privacy in health care, currently being developed within the EU, are explained, in order to achieve a consensual idea of the guidelines that all member states should follow to transfer

  2. Research on a dynamic workflow access control model

    NASA Astrophysics Data System (ADS)

    Liu, Yiliang; Deng, Jinxia

    2007-12-01

    In recent years, the access control technology has been researched widely in workflow system, two typical technologies of that are RBAC (Role-Based Access Control) and TBAC (Task-Based Access Control) model, which has been successfully used in the role authorizing and assigning in a certain extent. However, during the process of complicating a system's structure, these two types of technology can not be used in minimizing privileges and separating duties, and they are inapplicable when users have a request of frequently changing on the workflow's process. In order to avoid having these weakness during the applying, a variable flow dynamic role_task_view (briefly as DRTVBAC) of fine-grained access control model is constructed on the basis existed model. During the process of this model applying, an algorithm is constructed to solve users' requirements of application and security needs on fine-grained principle of privileges minimum and principle of dynamic separation of duties. The DRTVBAC model is implemented in the actual system, the figure shows that the task associated with the dynamic management of role and the role assignment is more flexible on authority and recovery, it can be met the principle of least privilege on the role implement of a specific task permission activated; separated the authority from the process of the duties completing in the workflow; prevented sensitive information discovering from concise and dynamic view interface; satisfied with the requirement of the variable task-flow frequently.

  3. Secure web-based access to radiology: forms and databases for fast queries

    NASA Astrophysics Data System (ADS)

    McColl, Roderick W.; Lane, Thomas J.

    2002-05-01

    Currently, Web-based access to mini-PACS or similar databases commonly utilizes either JavaScript, Java applets or ActiveX controls. Many sites do not permit applets or controls or other binary objects for fear of viruses or worms sent by malicious users. In addition, the typical CGI query mechanism requires several parameters to be sent with the http GET/POST request, which may identify the patient in some way; this in unacceptable for privacy protection. Also unacceptable are pages produced by server-side scripts which can be cached by the browser, since these may also contain sensitive information. We propose a simple mechanism for access to patient information, including images, which guarantees security of information, makes it impossible to bookmark the page, or to return to the page after some defined length of time. In addition, this mechanism is simple, therefore permitting rapid access without the need to initially download an interface such as an applet or control. In addition to image display, the design of the site allows the user to view and save movies of multi-phasic data, or to construct multi-frame datasets from entire series. These capabilities make the site attractive for research purposes such as teaching file preparation.

  4. “We Are Not Being Heard”: Aboriginal Perspectives on Traditional Foods Access and Food Security

    PubMed Central

    Elliott, Bethany; Jayatilaka, Deepthi; Brown, Contessa; Varley, Leslie; Corbett, Kitty K.

    2012-01-01

    Aboriginal peoples are among the most food insecure groups in Canada, yet their perspectives and knowledge are often sidelined in mainstream food security debates. In order to create food security for all, Aboriginal perspectives must be included in food security research and discourse. This project demonstrates a process in which Aboriginal and non-Aboriginal partners engaged in a culturally appropriate and respectful collaboration, assessing the challenges and barriers to traditional foods access in the urban environment of Vancouver, BC, Canada. The findings highlight local, national, and international actions required to increase access to traditional foods as a means of achieving food security for all people. The paper underscores the interconnectedness of local and global food security issues and highlights challenges as well as solutions with potential to improve food security of both Aboriginal and non-Aboriginal peoples alike. PMID:23346118

  5. "We are not being heard": Aboriginal perspectives on traditional foods access and food security.

    PubMed

    Elliott, Bethany; Jayatilaka, Deepthi; Brown, Contessa; Varley, Leslie; Corbett, Kitty K

    2012-01-01

    Aboriginal peoples are among the most food insecure groups in Canada, yet their perspectives and knowledge are often sidelined in mainstream food security debates. In order to create food security for all, Aboriginal perspectives must be included in food security research and discourse. This project demonstrates a process in which Aboriginal and non-Aboriginal partners engaged in a culturally appropriate and respectful collaboration, assessing the challenges and barriers to traditional foods access in the urban environment of Vancouver, BC, Canada. The findings highlight local, national, and international actions required to increase access to traditional foods as a means of achieving food security for all people. The paper underscores the interconnectedness of local and global food security issues and highlights challenges as well as solutions with potential to improve food security of both Aboriginal and non-Aboriginal peoples alike.

  6. An effective access control approach to support mobility in IPv6 networks

    NASA Astrophysics Data System (ADS)

    Peng, Xue-hai; Lin, Chuang

    2005-11-01

    Access control is an important method to improve network security and prevent protected resources from being used by some nodes without authority. Moreover, mobility is an important trend of internet. In this paper, based on the architecture of hierarchical mobile IPv6, we proposed an effective access control approach to support mobility in IPv6 networks, which can ensure the operation of access control when a mobile node roams in these domains with different polices, with decreased delay of access negotiation and cost of delivering messages.

  7. Control Systems Cyber Security:Defense in Depth Strategies

    SciTech Connect

    David Kuipers; Mark Fabro

    2006-05-01

    Information infrastructures across many public and private domains share several common attributes regarding IT deployments and data communications. This is particularly true in the control systems domain. A majority of the systems use robust architectures to enhance business and reduce costs by increasing the integration of external, business, and control system networks. However, multi-network integration strategies often lead to vulnerabilities that greatly reduce the security of an organization, and can expose mission-critical control systems to cyber threats. This document provides guidance and direction for developing ‘defense-in-depth’ strategies for organizations that use control system networks while maintaining a multi-tier information architecture that requires: Maintenance of various field devices, telemetry collection, and/or industrial-level process systems Access to facilities via remote data link or modem Public facing services for customer or corporate operations A robust business environment that requires connections among the control system domain, the external Internet, and other peer organizations.

  8. 75 FR 69791 - Risk Management Controls for Brokers or Dealers With Market Access

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-11-15

    ... Exchange Commission 17 CFR Part 240 Risk Management Controls for Brokers or Dealers With Market Access... Regulations#0;#0; ] SECURITIES AND EXCHANGE COMMISSION 17 CFR Part 240 RIN 3235-AK53 Risk Management Controls.... The required financial risk management controls and supervisory procedures must be reasonably...

  9. 42 CFR 73.10 - Restricting access to select agents and toxins; security risk assessments.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... 42 Public Health 1 2012-10-01 2012-10-01 false Restricting access to select agents and toxins... AND HUMAN SERVICES QUARANTINE, INSPECTION, LICENSING SELECT AGENTS AND TOXINS § 73.10 Restricting access to select agents and toxins; security risk assessments. (a) An individual or entity required...

  10. 42 CFR 73.10 - Restricting access to select agents and toxins; security risk assessments.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 42 Public Health 1 2014-10-01 2014-10-01 false Restricting access to select agents and toxins... AND HUMAN SERVICES QUARANTINE, INSPECTION, LICENSING SELECT AGENTS AND TOXINS § 73.10 Restricting access to select agents and toxins; security risk assessments. (a) An individual or entity required...

  11. 42 CFR 73.10 - Restricting access to select agents and toxins; security risk assessments.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... 42 Public Health 1 2011-10-01 2011-10-01 false Restricting access to select agents and toxins... AND HUMAN SERVICES QUARANTINE, INSPECTION, LICENSING SELECT AGENTS AND TOXINS § 73.10 Restricting access to select agents and toxins; security risk assessments. (a) An individual or entity required...

  12. 42 CFR 73.10 - Restricting access to select agents and toxins; security risk assessments.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... 42 Public Health 1 2013-10-01 2013-10-01 false Restricting access to select agents and toxins... AND HUMAN SERVICES QUARANTINE, INSPECTION, LICENSING SELECT AGENTS AND TOXINS § 73.10 Restricting access to select agents and toxins; security risk assessments. (a) An individual or entity required...

  13. A Delicate Balance: National Security vs. Public Access

    ERIC Educational Resources Information Center

    Klein, Bonnie; Schwalb, Sandy

    2005-01-01

    Sometimes people want to see data that the government thinks should be kept under wraps. How does the Department of Defense balance the scales of justice while still ensuring information security? In the aftermath of September 11, 2001, the Defense Technical Information Center (DTIC) found itself in the spotlight as journalists, academics, and…

  14. Access Control Model for Sharing Composite Electronic Health Records

    NASA Astrophysics Data System (ADS)

    Jin, Jing; Ahn, Gail-Joon; Covington, Michael J.; Zhang, Xinwen

    The adoption of electronically formatted medical records, so called Electronic Health Records (EHRs), has become extremely important in healthcare systems to enable the exchange of medical information among stakeholders. An EHR generally consists of data with different types and sensitivity degrees which must be selectively shared based on the need-to-know principle. Security mechanisms are required to guarantee that only authorized users have access to specific portions of such critical record for legitimate purposes. In this paper, we propose a novel approach for modelling access control scheme for composite EHRs. Our model formulates the semantics and structural composition of an EHR document, from which we introduce a notion of authorized zones of the composite EHR at different granularity levels, taking into consideration of several important criteria such as data types, intended purposes and information sensitivities.

  15. Speed control system for an access gate

    SciTech Connect

    Bzorgi, Fariborz M.

    2012-03-20

    An access control apparatus for an access gate. The access gate typically has a rotator that is configured to rotate around a rotator axis at a first variable speed in a forward direction. The access control apparatus may include a transmission that typically has an input element that is operatively connected to the rotator. The input element is generally configured to rotate at an input speed that is proportional to the first variable speed. The transmission typically also has an output element that has an output speed that is higher than the input speed. The input element and the output element may rotate around a common transmission axis. A retardation mechanism may be employed. The retardation mechanism is typically configured to rotate around a retardation mechanism axis. Generally the retardation mechanism is operatively connected to the output element of the transmission and is configured to retard motion of the access gate in the forward direction when the first variable speed is above a control-limit speed. In many embodiments the transmission axis and the retardation mechanism axis are substantially co-axial. Some embodiments include a freewheel/catch mechanism that has an input connection that is operatively connected to the rotator. The input connection may be configured to engage an output connection when the rotator is rotated at the first variable speed in a forward direction and configured for substantially unrestricted rotation when the rotator is rotated in a reverse direction opposite the forward direction. The input element of the transmission is typically operatively connected to the output connection of the freewheel/catch mechanism.

  16. Role-based access control through on-demand classification of electronic health record.

    PubMed

    Tiwari, Basant; Kumar, Abhay

    2015-01-01

    Electronic health records (EHR) provides convenient method to exchange medical information of patients between different healthcare providers. Access control mechanism in healthcare services characterises authorising users to access EHR records. Role Based Access Control helps to restrict EHRs to users in a certain role. Significant works have been carried out for access control since last one decade but little emphasis has been given to on-demand role based access control. Presented work achieved access control through physical data isolation which is more robust and secure. We propose an algorithm in which selective combination of policies for each user of the EHR database has been defined. We extend well known data mining technique 'classification' to group EHRs with respect to the given role. Algorithm works by taking various roles as class and defined their features as a vector. Here, features are used as a Feature Vector for classification to describe user authority. PMID:26559071

  17. Role-based access control through on-demand classification of electronic health record.

    PubMed

    Tiwari, Basant; Kumar, Abhay

    2015-01-01

    Electronic health records (EHR) provides convenient method to exchange medical information of patients between different healthcare providers. Access control mechanism in healthcare services characterises authorising users to access EHR records. Role Based Access Control helps to restrict EHRs to users in a certain role. Significant works have been carried out for access control since last one decade but little emphasis has been given to on-demand role based access control. Presented work achieved access control through physical data isolation which is more robust and secure. We propose an algorithm in which selective combination of policies for each user of the EHR database has been defined. We extend well known data mining technique 'classification' to group EHRs with respect to the given role. Algorithm works by taking various roles as class and defined their features as a vector. Here, features are used as a Feature Vector for classification to describe user authority.

  18. OVERALL view OF CONTROL BUILDING AND SECURITY GATE. view TO ...

    Library of Congress Historic Buildings Survey, Historic Engineering Record, Historic Landscapes Survey

    OVERALL view OF CONTROL BUILDING AND SECURITY GATE. view TO EAST. - Plattsburgh Air Force Base, Security Police Entry Control Building, Off Perimeter Road in Weapons Storage Area, Plattsburgh, Clinton County, NY

  19. OVERALL VIEW OF CONTROL BUILDING AND SECURITY GATE. VIEW TO ...

    Library of Congress Historic Buildings Survey, Historic Engineering Record, Historic Landscapes Survey

    OVERALL VIEW OF CONTROL BUILDING AND SECURITY GATE. VIEW TO NORTH. - Plattsburgh Air Force Base, Security Police Entry Control Building, Off Perimeter Road in SAC Alert Area, Plattsburgh, Clinton County, NY

  20. Common Badging and Access Control System (CBACS)

    NASA Technical Reports Server (NTRS)

    Baldridge, Tim

    2005-01-01

    The goals of the project are: Achieve high business value through a common badging and access control system that integrates with smart cards. Provide physical (versus logical) deployment of smart cards initially. Provides a common consistent and reliable environment into which to release the smart card. Gives opportunity to develop agency-wide consistent processes, practices and policies. Enables enterprise data capture and management. Promotes data validation prior to SC issuance.

  1. External access to ALICE controls conditions data

    NASA Astrophysics Data System (ADS)

    Jadlovský, J.; Jadlovská, A.; Sarnovský, J.; Jajčišin, Š.; Čopík, M.; Jadlovská, S.; Papcun, P.; Bielek, R.; Čerkala, J.; Kopčík, M.; Chochula, P.; Augustinus, A.

    2014-06-01

    ALICE Controls data produced by commercial SCADA system WINCCOA is stored in ORACLE database on the private experiment network. The SCADA system allows for basic access and processing of the historical data. More advanced analysis requires tools like ROOT and needs therefore a separate access method to the archives. The present scenario expects that detector experts create simple WINCCOA scripts, which retrieves and stores data in a form usable for further studies. This relatively simple procedure generates a lot of administrative overhead - users have to request the data, experts needed to run the script, the results have to be exported outside of the experiment network. The new mechanism profits from database replica, which is running on the CERN campus network. Access to this database is not restricted and there is no risk of generating a heavy load affecting the operation of the experiment. The developed tools presented in this paper allow for access to this data. The users can use web-based tools to generate the requests, consisting of the data identifiers and period of time of interest. The administrators maintain full control over the data - an authorization and authentication mechanism helps to assign privileges to selected users and restrict access to certain groups of data. Advanced caching mechanism allows the user to profit from the presence of already processed data sets. This feature significantly reduces the time required for debugging as the retrieval of raw data can last tens of minutes. A highly configurable client allows for information retrieval bypassing the interactive interface. This method is for example used by ALICE Offline to extract operational conditions after a run is completed. Last but not least, the software can be easily adopted to any underlying database structure and is therefore not limited to WINCCOA.

  2. Authorisation and access control for electronic health record systems.

    PubMed

    Blobel, Bernd

    2004-03-31

    Enabling the shared care paradigm, centralised or even decentralised electronic health record (EHR) systems increasingly become core applications in hospital information systems and health networks. For realising multipurpose use and reuse as well as inter-operability at knowledge level, EHR have to meet special architectural requirements. The component-oriented and model-based architecture should meet international standards. Especially in extended health networks realising inter-organisational communication and co-operation, authorisation cannot be organised at user level anymore. Therefore, models, methods and tools must be established to allow formal and structured policy definition, policy agreements, role definition, authorisation and access control. Based on the author's international engagement in EHR architecture and security standards referring to the revision of CEN ENV 13606, the GEHR/open EHR approach, HL7 and CORBA, models for health-specific and EHR-related roles, for authorisation management and access control have been developed. The basic concept is the separation of structural roles defining organisational entity-to-entity relationships and enabling specific acts on the one hand, and functional roles bound to specific activities and realising rights and duties on the other hand. Aggregation of organisational, functional, informational and technological components follows specific rules. Using UML and XML, the principles as well as some examples for analysis, design, implementation and maintenance of policy and authorisation management as well as access control have been practically implemented. PMID:15066555

  3. Authorisation and access control for electronic health record systems.

    PubMed

    Blobel, Bernd

    2004-03-31

    Enabling the shared care paradigm, centralised or even decentralised electronic health record (EHR) systems increasingly become core applications in hospital information systems and health networks. For realising multipurpose use and reuse as well as inter-operability at knowledge level, EHR have to meet special architectural requirements. The component-oriented and model-based architecture should meet international standards. Especially in extended health networks realising inter-organisational communication and co-operation, authorisation cannot be organised at user level anymore. Therefore, models, methods and tools must be established to allow formal and structured policy definition, policy agreements, role definition, authorisation and access control. Based on the author's international engagement in EHR architecture and security standards referring to the revision of CEN ENV 13606, the GEHR/open EHR approach, HL7 and CORBA, models for health-specific and EHR-related roles, for authorisation management and access control have been developed. The basic concept is the separation of structural roles defining organisational entity-to-entity relationships and enabling specific acts on the one hand, and functional roles bound to specific activities and realising rights and duties on the other hand. Aggregation of organisational, functional, informational and technological components follows specific rules. Using UML and XML, the principles as well as some examples for analysis, design, implementation and maintenance of policy and authorisation management as well as access control have been practically implemented.

  4. A Network Access Control Framework for 6LoWPAN Networks

    PubMed Central

    Oliveira, Luís M. L.; Rodrigues, Joel J. P. C.; de Sousa, Amaro F.; Lloret, Jaime

    2013-01-01

    Low power over wireless personal area networks (LoWPAN), in particular wireless sensor networks, represent an emerging technology with high potential to be employed in critical situations like security surveillance, battlefields, smart-grids, and in e-health applications. The support of security services in LoWPAN is considered a challenge. First, this type of networks is usually deployed in unattended environments, making them vulnerable to security attacks. Second, the constraints inherent to LoWPAN, such as scarce resources and limited battery capacity, impose a careful planning on how and where the security services should be deployed. Besides protecting the network from some well-known threats, it is important that security mechanisms be able to withstand attacks that have not been identified before. One way of reaching this goal is to control, at the network access level, which nodes can be attached to the network and to enforce their security compliance. This paper presents a network access security framework that can be used to control the nodes that have access to the network, based on administrative approval, and to enforce security compliance to the authorized nodes. PMID:23334610

  5. Secure Web-Site Access with Tickets and Message-Dependent Digests

    USGS Publications Warehouse

    Donato, David I.

    2008-01-01

    Although there are various methods for restricting access to documents stored on a World Wide Web (WWW) site (a Web site), none of the widely used methods is completely suitable for restricting access to Web applications hosted on an otherwise publicly accessible Web site. A new technique, however, provides a mix of features well suited for restricting Web-site or Web-application access to authorized users, including the following: secure user authentication, tamper-resistant sessions, simple access to user state variables by server-side applications, and clean session terminations. This technique, called message-dependent digests with tickets, or MDDT, maintains secure user sessions by passing single-use nonces (tickets) and message-dependent digests of user credentials back and forth between client and server. Appendix 2 provides a working implementation of MDDT with PHP server-side code and JavaScript client-side code.

  6. Control Systems Security Test Center - FY 2004 Program Summary

    SciTech Connect

    Robert E. Polk; Alen M. Snyder

    2005-04-01

    In May 2004, the US-CERT Control Systems Security Center (CSSC) was established at Idaho National Laboratory to execute assessment activities to reduce the vulnerability of the nation’s critical infrastructure control systems to terrorist attack. The CSSC implements a program to accomplish the five goals presented in the US-CERT National Strategy for Control Systems Security. This report summarizes the first year funding of startup activities and program achievements that took place in FY 2004 and early FY 2005. This document was prepared for the US-CERT Control Systems Security Center of the National Cyber Security Division of the Department of Homeland Security (DHS). DHS has been tasked under the Homeland Security Act of 2002 to coordinate the overall national effort to enhance the protection of the national critical infrastructure. Homeland Security Presidential Directive HSPD-7 directs federal departments to identify and prioritize the critical infrastructure and protect it from terrorist attack. The US-CERT National Strategy for Control Systems Security was prepared by the National Cyber Security Division to address the control system security component addressed in the National Strategy to Secure Cyberspace and the National Strategy for the Physical Protection of Critical Infrastructures and Key Assets. The US-CERT National Strategy for Control Systems Security identified five high-level strategic goals for improving cyber security of control systems.

  7. Climate Change and Global Food Security: Food Access, Utilization, and the US Food System

    NASA Astrophysics Data System (ADS)

    Brown, M. E.; Antle, J. M.; Backlund, P. W.; Carr, E. R.; Easterling, W. E.; Walsh, M.; Ammann, C. M.; Attavanich, W.; Barrett, C. B.; Bellemare, M. F.; Dancheck, V.; Funk, C.; Grace, K.; Ingram, J. S. I.; Jiang, H.; Maletta, H.; Mata, T.; Murray, A.; Ngugi, M.; Ojima, D. S.; O'Neill, B. C.; Tebaldi, C.

    2015-12-01

    This paper will summarize results from the USDA report entitled 'Climate change, Global Food Security and the U.S. Food system'. The report focuses on the impact of climate change on global food security, defined as "when all people at all times have physical, social, and economic access to sufficient, safe, and nutritious food to meet their dietary needs and food preferences for an active and healthy life". The assessment brought together authors and contributors from twenty federal, academic, nongovernmental, intergovernmental, and private organizations in four countries to identify climate change effects on food security through 2100, and analyze the U.S.'s likely connections with that world. This talk will describe how climate change will likely affect food access and food utilization, and summarize how the U.S. food system contributes to global food security, and will be affected by climate change.

  8. Necessary security mechanisms in a PACS DICOM access system with web technology.

    PubMed

    Vázquez-Naya, José; Loureiro, Javier; Calle, Julián; Vidal, Jorge; Sierra, Alejandro

    2002-01-01

    The evolution in information and telecommunication technologies has allowed the development of systems that use the Internet infrastructure and Web technology to remotely access a hospital's picture archiving and communication system (PACS). However, one of the main problems in the construction of this type of system is the development of mechanisms that guarantee the security of the medical data that are being consulted. Most countries have specific norms for the protection of such medical data. This work describes security mechanisms that are developed in an access system to PACS DICOM with Web technology and comply with the Spanish legislation concerning the protection of medical data. The proposed security mechanisms are flexible, they leave room for the definition of security policies adjusted to the needs of each particular organization and they can be adapted to comply with new or foreign norms.

  9. 14 CFR 420.53 - Control of public access.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... 14 Aeronautics and Space 4 2010-01-01 2010-01-01 false Control of public access. 420.53 Section....53 Control of public access. (a) A licensee shall prevent unauthorized access to the launch site, and unauthorized, unescorted access to explosive hazard facilities or other hazard areas not otherwise...

  10. PKI-based secure mobile access to electronic health services and data.

    PubMed

    Kambourakis, G; Maglogiannis, I; Rouskas, A

    2005-01-01

    Recent research works examine the potential employment of public-key cryptography schemes in e-health environments. In such systems, where a Public Key Infrastructure (PKI) is established beforehand, Attribute Certificates (ACs) and public key enabled protocols like TLS, can provide the appropriate mechanisms to effectively support authentication, authorization and confidentiality services. In other words, mutual trust and secure communications between all the stakeholders, namely physicians, patients and e-health service providers, can be successfully established and maintained. Furthermore, as the recently introduced mobile devices with access to computer-based patient record systems are expanding, the need of physicians and nurses to interact increasingly with such systems arises. Considering public key infrastructure requirements for mobile online health networks, this paper discusses the potential use of Attribute Certificates (ACs) in an anticipated trust model. Typical trust interactions among doctors, patients and e-health providers are presented, indicating that resourceful security mechanisms and trust control can be obtained and implemented. The application of attribute certificates to support medical mobile service provision along with the utilization of the de-facto TLS protocol to offer competent confidentiality and authorization services is also presented and evaluated through experimentation, using both the 802.11 WLAN and General Packet Radio Service (GPRS) networks.

  11. Cardea: Dynamic Access Control in Distributed Systems

    NASA Technical Reports Server (NTRS)

    Lepro, Rebekah

    2004-01-01

    Modern authorization systems span domains of administration, rely on many different authentication sources, and manage complex attributes as part of the authorization process. This . paper presents Cardea, a distributed system that facilitates dynamic access control, as a valuable piece of an inter-operable authorization framework. First, the authorization model employed in Cardea and its functionality goals are examined. Next, critical features of the system architecture and its handling of the authorization process are then examined. Then the S A M L and XACML standards, as incorporated into the system, are analyzed. Finally, the future directions of this project are outlined and connection points with general components of an authorization system are highlighted.

  12. A dynamic access control method based on QoS requirement

    NASA Astrophysics Data System (ADS)

    Li, Chunquan; Wang, Yanwei; Yang, Baoye; Hu, Chunyang

    2013-03-01

    A dynamic access control method is put forward to ensure the security of the sharing service in Cloud Manufacturing, according to the application characteristics of cloud manufacturing collaborative task. The role-based access control (RBAC) model is extended according to the characteristics of cloud manufacturing in this method. The constraints are considered, which are from QoS requirement of the task context to access control, based on the traditional static authorization. The fuzzy policy rules are established about the weighted interval value of permissions. The access control authorities of executable service by users are dynamically adjusted through the fuzzy reasoning based on the QoS requirement of task. The main elements of the model are described. The fuzzy reasoning algorithm of weighted interval value based QoS requirement is studied. An effective method is provided to resolve the access control of cloud manufacturing.

  13. Experimental realization of an entanglement access network and secure multi-party computation.

    PubMed

    Chang, X-Y; Deng, D-L; Yuan, X-X; Hou, P-Y; Huang, Y-Y; Duan, L-M

    2016-01-01

    To construct a quantum network with many end users, it is critical to have a cost-efficient way to distribute entanglement over different network ends. We demonstrate an entanglement access network, where the expensive resource, the entangled photon source at the telecom wavelength and the core communication channel, is shared by many end users. Using this cost-efficient entanglement access network, we report experimental demonstration of a secure multiparty computation protocol, the privacy-preserving secure sum problem, based on the network quantum cryptography.

  14. Experimental realization of an entanglement access network and secure multi-party computation.

    PubMed

    Chang, X-Y; Deng, D-L; Yuan, X-X; Hou, P-Y; Huang, Y-Y; Duan, L-M

    2016-01-01

    To construct a quantum network with many end users, it is critical to have a cost-efficient way to distribute entanglement over different network ends. We demonstrate an entanglement access network, where the expensive resource, the entangled photon source at the telecom wavelength and the core communication channel, is shared by many end users. Using this cost-efficient entanglement access network, we report experimental demonstration of a secure multiparty computation protocol, the privacy-preserving secure sum problem, based on the network quantum cryptography. PMID:27404561

  15. Experimental realization of an entanglement access network and secure multi-party computation

    PubMed Central

    Chang, X.-Y.; Deng, D.-L.; Yuan, X.-X.; Hou, P.-Y.; Huang, Y.-Y.; Duan, L.-M.

    2016-01-01

    To construct a quantum network with many end users, it is critical to have a cost-efficient way to distribute entanglement over different network ends. We demonstrate an entanglement access network, where the expensive resource, the entangled photon source at the telecom wavelength and the core communication channel, is shared by many end users. Using this cost-efficient entanglement access network, we report experimental demonstration of a secure multiparty computation protocol, the privacy-preserving secure sum problem, based on the network quantum cryptography. PMID:27404561

  16. Experimental realization of an entanglement access network and secure multi-party computation

    NASA Astrophysics Data System (ADS)

    Chang, X.-Y.; Deng, D.-L.; Yuan, X.-X.; Hou, P.-Y.; Huang, Y.-Y.; Duan, L.-M.

    2016-07-01

    To construct a quantum network with many end users, it is critical to have a cost-efficient way to distribute entanglement over different network ends. We demonstrate an entanglement access network, where the expensive resource, the entangled photon source at the telecom wavelength and the core communication channel, is shared by many end users. Using this cost-efficient entanglement access network, we report experimental demonstration of a secure multiparty computation protocol, the privacy-preserving secure sum problem, based on the network quantum cryptography.

  17. A human engineering and ergonomic evaluation of the security access panel interface

    SciTech Connect

    Hartney, C.; Banks, W.W.

    1995-02-01

    The purpose of this study was to empirically determine which of several security hardware interface designs produced the highest levels of end-user performance and acceptance. The FESSP Security Alarms and Monitoring Systems program area commissioned the authors study as decision support for upgrading the Argus security system`s primary user interface so that Argus equipment will support the new DOE and DoD security access badges. Twenty-two test subjects were repeatedly tested using six remote access panel (RAP) designs. Lawrence Livermore National Laboratory (LLNL) uses one of these interface designs in its security access booths. Along with the RAP B insert-style reader, the authors tested five prototype RAP variants, each with a different style of swipe badge reader, through which a badge is moved or swiped. The authors asked the untrained test subjects to use each RAP while they described how they thought they should respond so that the system would operate correctly in reading the magnetic strip on a security badge. With each RAP variant, subjects were required to make four successful card reads (swipes) in which the card reader correctly read and logged the transaction. After each trial, a subject completed a 10-item interface acceptance evaluation before approaching the next RAP. After interacting with the RAP interfaces (for a total of the six RAP trials), each subject completed a 7-item overview evaluation that compared and ranked the five experimental RAPs, using the original (RAP B) insert style as a standard.

  18. Controlled bidirectional quantum secure direct communication.

    PubMed

    Chou, Yao-Hsin; Lin, Yu-Ting; Zeng, Guo-Jyun; Lin, Fang-Jhu; Chen, Chi-Yuan

    2014-01-01

    We propose a novel protocol for controlled bidirectional quantum secure communication based on a nonlocal swap gate scheme. Our proposed protocol would be applied to a system in which a controller (supervisor/Charlie) controls the bidirectional communication with quantum information or secret messages between legitimate users (Alice and Bob). In this system, the legitimate users must obtain permission from the controller in order to exchange their respective quantum information or secret messages simultaneously; the controller is unable to obtain any quantum information or secret messages from the decoding process. Moreover, the presence of the controller also avoids the problem of one legitimate user receiving the quantum information or secret message before the other, and then refusing to help the other user decode the quantum information or secret message. Our proposed protocol is aimed at protecting against external and participant attacks on such a system, and the cost of transmitting quantum bits using our protocol is less than that achieved in other studies. Based on the nonlocal swap gate scheme, the legitimate users exchange their quantum information or secret messages without transmission in a public channel, thus protecting against eavesdroppers stealing the secret messages.

  19. Controlled Bidirectional Quantum Secure Direct Communication

    PubMed Central

    Chou, Yao-Hsin; Lin, Yu-Ting; Zeng, Guo-Jyun; Lin, Fang-Jhu; Chen, Chi-Yuan

    2014-01-01

    We propose a novel protocol for controlled bidirectional quantum secure communication based on a nonlocal swap gate scheme. Our proposed protocol would be applied to a system in which a controller (supervisor/Charlie) controls the bidirectional communication with quantum information or secret messages between legitimate users (Alice and Bob). In this system, the legitimate users must obtain permission from the controller in order to exchange their respective quantum information or secret messages simultaneously; the controller is unable to obtain any quantum information or secret messages from the decoding process. Moreover, the presence of the controller also avoids the problem of one legitimate user receiving the quantum information or secret message before the other, and then refusing to help the other user decode the quantum information or secret message. Our proposed protocol is aimed at protecting against external and participant attacks on such a system, and the cost of transmitting quantum bits using our protocol is less than that achieved in other studies. Based on the nonlocal swap gate scheme, the legitimate users exchange their quantum information or secret messages without transmission in a public channel, thus protecting against eavesdroppers stealing the secret messages. PMID:25006596

  20. 48 CFR 1552.235-78 - Data Security for Toxic Substances Control Act Confidential Business Information (DEC 1997).

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... Security Staff in the OPPT, or by the EPA Project Officer. (3) The Contractor Document Control Officer (DCO... Relinquishing TSCA CBI Access Authority.” The Contractor DCO will also forward those agreements to the EPA...

  1. K-12 access to internet: Securing the legal framework

    NASA Astrophysics Data System (ADS)

    Blauassociate, Andrew

    1993-09-01

    While many people in government, education, and industry have lauded the potential educational value of Internet access for students in grades K-12, there is as yet no legal or regulatory framework within which this new medium is being offered to students. The Communications Policy Forum, a nonpartisan project of the Electronic Frontier Foundation, recently convened a roundtable to discuss some of the legal issues that arise when K-12 schools provide Internet access to their students. Approximately 15 people, representing carriers who provide connections to the Internet, schools or school systems who are connected to the Internet, and legal experts with expertise in this and related areas, met to discuss questions of legal liability as this new medium enters an educational setting for minors. The following attempts to capture the major issues, suggestions, and directions for further collaborative efforts raised during the course of that discussion. In brief, the group identified statutory language aimed at other types of electronic communication that may offer some guidance; was briefed on a host of state laws that could be used to prosecute providers of certain materials found on the Internet; and concluded that there is no case law that clearly applies to this setting. The discussion revealed an interest in anticipating issues and developing responses before problems arose, and the need for shared approaches to allow carriers to move forward in serving and expanding this field. Members of the group offered to pursue these issues jointly and agreed upon a handful of concrete steps for further exploration and discussion.

  2. Situation-Based Access Control: privacy management via modeling of patient data access scenarios.

    PubMed

    Peleg, Mor; Beimel, Dizza; Dori, Dov; Denekamp, Yaron

    2008-12-01

    Access control is a central problem in privacy management. A common practice in controlling access to sensitive data, such as electronic health records (EHRs), is Role-Based Access Control (RBAC). RBAC is limited as it does not account for the circumstances under which access to sensitive data is requested. Following a qualitative study that elicited access scenarios, we used Object-Process Methodology to structure the scenarios and conceive a Situation-Based Access Control (SitBAC) model. SitBAC is a conceptual model, which defines scenarios where patient's data access is permitted or denied. The main concept underlying this model is the Situation Schema, which is a pattern consisting of the entities Data-Requestor, Patient, EHR, Access Task, Legal-Authorization, and Response, along with their properties and relations. The various data access scenarios are expressed via Situation Instances. While we focus on the medical domain, the model is generic and can be adapted to other domains.

  3. Concurrency and Time in Role-Based Access Control

    NASA Astrophysics Data System (ADS)

    Chiang, Chia-Chu; Bayrak, Coskun

    Role-based access control (RBAC) has been proposed as an alternative solution for expressing access control policies. The generalized temporal RBAC (GTRBAC) extends RBAC by adding time in order to support timed based access control policies. However, GTRBAC does not address certain issues of concurrency such as, synchronization. We propose an approach to the expressions of time and concurrency in RBAC based on timed Petri nets. A formal verification method for access control policies is also proposed.

  4. Nevada National Security Site Radiological Control Manual

    SciTech Connect

    Radiological Control Managers’ Council

    2012-03-26

    This document supersedes DOE/NV/25946--801, 'Nevada Test Site Radiological Control Manual,' Revision 1 issued in February 2010. Brief Description of Revision: A complete revision to reflect a recent change in name for the NTS; changes in name for some tenant organizations; and to update references to current DOE policies, orders, and guidance documents. Article 237.2 was deleted. Appendix 3B was updated. Article 411.2 was modified. Article 422 was re-written to reflect the wording of DOE O 458.1. Article 431.6.d was modified. The glossary was updated. This manual contains the radiological control requirements to be used for all radiological activities conducted by programs under the purview of the U.S. Department of Energy (DOE) and the U.S. Department of Energy, National Nuclear Security Administration Nevada Site Office (NNSA/NSO). Compliance with these requirements will ensure compliance with Title 10 Code of Federal Regulations (CFR) Part 835, 'Occupational Radiation Protection.' Programs covered by this manual are located at the Nevada National Security Site (NNSS); Nellis Air Force Base and North Las Vegas, Nevada; Santa Barbara and Livermore, California; and Andrews Air Force Base, Maryland. In addition, fieldwork by NNSA/NSO at other locations is covered by this manual. Current activities at NNSS include operating low-level radioactive and mixed waste disposal facilities for United States defense-generated waste, assembly and execution of subcritical experiments, assembly/disassembly of special experiments, the storage and use of special nuclear materials, performing criticality experiments, emergency responder training, surface cleanup and site characterization of contaminated land areas, environmental activity by the University system, and nonnuclear test operations, such as controlled spills of hazardous materials at the Hazardous Materials Spill Center. Currently, the major potential for occupational radiation exposure is associated with the burial of

  5. A Quality of Context-Aware Approach to Access Control in Pervasive Environments

    NASA Astrophysics Data System (ADS)

    Toninelli, Alessandra; Corradi, Antonio; Montanari, Rebecca

    The widespread diffusion of wireless-enabled portable devices creates novel opportunities for users to share resources anywhere and anytime, but makes access control a crucial issue. User/device mobility and heterogeneity, together with network topology and conditions variability, complicate access control and call for novel solutions to dynamically adapt access decisions to the different operating conditions. Several research efforts have emerged in recent years that propose to exploit context-awareness to control access to resources based on context visibility and changes. Context-based access control requires, however, to take into account the quality of context information used to drive access decisions (QoC). Quality of context has in fact a profound impact on the correct behavior of any context-aware access control framework. Using context information with insufficient quality might increase the risk of incorrect access control decisions, thus leading to dangerous security breaches in resource sharing. In this paper we propose a QoC-aware approach to access control for anywhere, anytime resource sharing. The paper describes the design, implementation and evaluation of the Proteus policy framework, which combines two design guidelines to enable dynamic adaptation of policies depending on context changes: context-awareness with QoC guarantees and semantic technologies to allow high-level description of context/policy specification and reasoning about context/policies.

  6. Food Security and Women's Access to Natural Resources workshop; a brief report.

    PubMed

    1997-01-01

    This article describes the workshop on Food Security and Women's Access to Natural Resources, held in January 1997 in Mumbai, India. The workshop was organized jointly by the Tata Institute of Social Sciences and the Indian Association of Women's Studies. The aim was to examine the food security situation in Maharashtra and Gujarat states in the west, the initiative to build alternative institutions, legal changes augmenting industrialization, and how traditional rights to common property resources can be legalized and how the poor can have access to new resources. The workshop organizers were unable to obtain experts on some topics. Core discussion centered on changes in industrialization, natural resources, gender and food security; access to natural resources and poverty alleviation programs; initiatives to create food security; and laws related to access to land and water. Discussions revealed the alienation of small and marginal farmers, landless laborers, and artisans from their livelihoods and survival strategies for these disenfranchised groups. The design of drought eradication and water conservation programs did not permit women and men working at construction sites to have access to the program assets. Case studies revealed situations in which women won the right of access to community water and then negotiated for land in lease. The women used landowners to negotiate credit and access development program assets, but normal channels of the National Bank of Agricultural Research and Development could have provided these benefits. Participants discussed how governments can be held accountable and how public funds could be used to revamp poverty alleviation and asset creation programs. All agreed that macrolevel development should give priority to agricultural development and legal constraints or problems. Five follow-up activities are identified.

  7. High security chaotic multiple access scheme for visible light communication systems with advanced encryption standard interleaving

    NASA Astrophysics Data System (ADS)

    Qiu, Junchao; Zhang, Lin; Li, Diyang; Liu, Xingcheng

    2016-06-01

    Chaotic sequences can be applied to realize multiple user access and improve the system security for a visible light communication (VLC) system. However, since the map patterns of chaotic sequences are usually well known, eavesdroppers can possibly derive the key parameters of chaotic sequences and subsequently retrieve the information. We design an advanced encryption standard (AES) interleaving aided multiple user access scheme to enhance the security of a chaotic code division multiple access-based visible light communication (C-CDMA-VLC) system. We propose to spread the information with chaotic sequences, and then the spread information is interleaved by an AES algorithm and transmitted over VLC channels. Since the computation complexity of performing inverse operations to deinterleave the information is high, the eavesdroppers in a high speed VLC system cannot retrieve the information in real time; thus, the system security will be enhanced. Moreover, we build a mathematical model for the AES-aided VLC system and derive the theoretical information leakage to analyze the system security. The simulations are performed over VLC channels, and the results demonstrate the effectiveness and high security of our presented AES interleaving aided chaotic CDMA-VLC system.

  8. 42 CFR 73.10 - Restricting access to select agents and toxins; security risk assessments.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 42 Public Health 1 2010-10-01 2010-10-01 false Restricting access to select agents and toxins; security risk assessments. 73.10 Section 73.10 Public Health PUBLIC HEALTH SERVICE, DEPARTMENT OF HEALTH... Responsible Official and a showing of good cause (e.g., public health or agricultural emergencies,...

  9. 47 CFR 76.1204 - Availability of equipment performing conditional access or security functions.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... security functions. (a)(1) A multichannel video programming distributor that utilizes navigation devices to... access functions of such devices. Commencing on July 1, 2007, no multichannel video programming... requirement shall not apply to a multichannel video programming distributor that supports the active use...

  10. 47 CFR 76.1204 - Availability of equipment performing conditional access or security functions.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... the owner or operator of the multichannel video programming system. (b) Conditional access function... controls of such devices or to provide unauthorized access to service. (d) Notwithstanding the foregoing... system; and (3) Does not provide access to any digital transmission of multichannel video programming...

  11. Help for the Developers of Control System Cyber Security Standards

    SciTech Connect

    Robert P. Evans

    2008-05-01

    A Catalog of Control Systems Security: Recommendations for Standards Developers (Catalog), aimed at assisting organizations to facilitate the development and implementation of control system cyber security standards, has been developed. This catalog contains requirements that can help protect control systems from cyber attacks and can be applied to the Critical Infrastructures and Key Resources of the United States and other nations. The requirements contained in the catalog are a compilation of practices or various industry bodies used to increase the security of control systems from both physical and cyber attacks. They should be viewed as a collection of recommendations to be considered and judiciously employed, as appropriate, when reviewing and developing cyber security standards for control systems. The recommendations in the Catalog are intended to be broad enough to provide any industry using control systems the flexibility needed to develop sound cyber security standards specific to their individual security requirements.

  12. Security for grids

    SciTech Connect

    Humphrey, Marty; Thompson, Mary R.; Jackson, Keith R.

    2005-08-14

    Securing a Grid environment presents a distinctive set of challenges. This paper groups the activities that need to be secured into four categories: naming and authentication; secure communication; trust, policy, and authorization; and enforcement of access control. It examines the current state of the art in securing these processes and introduces new technologies that promise to meet the security requirements of Grids more completely.

  13. Context-Based E-Health System Access Control Mechanism

    NASA Astrophysics Data System (ADS)

    Al-Neyadi, Fahed; Abawajy, Jemal H.

    E-Health systems logically demand a sufficiently fine-grained authorization policy for access control. The access to medical information should not be just role-based but should also include the contextual condition of the role to access data. In this paper, we present a mechanism to extend the standard role-based access control to incorporate contextual information for making access control decisions in e-health application. We present an architecture consisting of authorisation and context infrastructure that work cooperatively to grant access rights based on context-aware authorization policies and context information.

  14. A Stateful Multicast Access Control Mechanism for Future Metro-Area-Networks.

    ERIC Educational Resources Information Center

    Sun, Wei-qiang; Li, Jin-sheng; Hong, Pei-lin

    2003-01-01

    Multicasting is a necessity for a broadband metro-area-network; however security problems exist with current multicast protocols. A stateful multicast access control mechanism, based on MAPE, is proposed. The architecture of MAPE is discussed, as well as the states maintained and messages exchanged. The scheme is flexible and scalable. (Author/AEF)

  15. An Access Control and Trust Management Framework for Loosely-Coupled Multidomain Environments

    ERIC Educational Resources Information Center

    Zhang, Yue

    2010-01-01

    Multidomain environments where multiple organizations interoperate with each other are becoming a reality as can be seen in emerging Internet-based enterprise applications. Access control to ensure secure interoperation in such an environment is a crucial challenge. A multidomain environment can be categorized as "tightly-coupled" and…

  16. 49 CFR 1544.228 - Access to cargo and cargo screening: Security threat assessments for cargo personnel in the...

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 49 Transportation 9 2010-10-01 2010-10-01 false Access to cargo and cargo screening: Security... COMMERCIAL OPERATORS Operations § 1544.228 Access to cargo and cargo screening: Security threat assessments... authorizes to screen cargo or to supervise the screening of cargo under § 1544.205....

  17. Mitigations for Security Vulnerabilities Found in Control System Networks

    SciTech Connect

    Trent D. Nelson

    2006-05-01

    Industry is aware of the need for Control System (CS) security, but in on-site assessments, Idaho National Laboratory (INL) has observed that security procedures and devices are not consistently and effectively implemented. The Department of Homeland Security (DHS), National Cyber Security Division (NCSD), established the Control Systems Security Center (CSSC) at INL to help industry and government improve the security of the CSs used in the nation's critical infrastructures. One of the main CSSC objectives is to identify control system vulnerabilities and develop effective mitigations for them. This paper discusses common problems and vulnerabilities seen in on-site CS assessments and suggests mitigation strategies to provide asset owners with the information they need to better protect their systems from common security flows.

  18. Process Control Systems in the Chemical Industry: Safety vs. Security

    SciTech Connect

    Jeffrey Hahn; Thomas Anderson

    2005-04-01

    Traditionally, the primary focus of the chemical industry has been safety and productivity. However, recent threats to our nation’s critical infrastructure have prompted a tightening of security measures across many different industry sectors. Reducing vulnerabilities of control systems against physical and cyber attack is necessary to ensure the safety, security and effective functioning of these systems. The U.S. Department of Homeland Security has developed a strategy to secure these vulnerabilities. Crucial to this strategy is the Control Systems Security and Test Center (CSSTC) established to test and analyze control systems equipment. In addition, the CSSTC promotes a proactive, collaborative approach to increase industry's awareness of standards, products and processes that can enhance the security of control systems. This paper outlines measures that can be taken to enhance the cybersecurity of process control systems in the chemical sector.

  19. 14 CFR 420.53 - Control of public access.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 14 Aeronautics and Space 4 2011-01-01 2011-01-01 false Control of public access. 420.53 Section 420.53 Aeronautics and Space COMMERCIAL SPACE TRANSPORTATION, FEDERAL AVIATION ADMINISTRATION....53 Control of public access. (a) A licensee shall prevent unauthorized access to the launch site,...

  20. MAAC: a software tool for user authentication and access control to the electronic patient record in an open distributed environment

    NASA Astrophysics Data System (ADS)

    Motta, Gustavo H.; Furuie, Sergio S.

    2004-04-01

    Designing proper models for authorization and access control for the electronic patient record (EPR) is essential to wide scale use of the EPR in large health organizations. This work presents MAAC (Middleware for Authentication and Access Control), a tool that implements a contextual role-based access control (RBAC) authorization model. RBAC regulates user"s access to computers resources based on their organizational roles. A contextual authorization uses environmental information available at access-request time, like user/patient relationship, in order to decide whether a user has the right to access an EPR resource. The software architecture where MAAC is implemented uses Lightweight Directory Access Protocol, Java programming language and the CORBA/OMG standards CORBA Security Service and Resource Access Decision Facility. With those open and distributed standards, heterogeneous EPR components can request user authentication and access authorization services in a unified and consistent fashion across multiple platforms.

  1. Bureau of Prisons access control system: functional and operational requirements

    NASA Astrophysics Data System (ADS)

    Janus, Michael; Carlson, Peter M.; Kane, Thomas

    1997-01-01

    The Federal Bureau of Prisons (BOP) operates 86 correctional institutions nationwide. The BOP has grown dramatically, the size of its inmate population growing from just over 41,000 inmates in 1987 to over 100,000 today. The number of BOP staff managing these facilities has grown correspondingly, more than doubling in number in the same ten year period. Technology has paid a major role in keeping up with this growth while maintaining high standards of security in BOP institutions. In an attempt to further enhance security in its institutions, the BOP has recently begun pilot testing an access control and entry system (ACES). ACES is intended to provide an automated record of very entry and exit to a correctional institution. ACES takes advantage of several methods of identifying an individual (inmate, staff or visitor) to assure that the individual exiting the institution is the same as the individual entering. The pilot test has raised a number of questions regarding the implementation of a technologically sophisticated system in a correctional institution. Questions of training, support, 'ownership,' cost effectiveness, and future potential all influence the deployment of this system. Preliminary results indicate that an adequate training and support system is essential to the performance of any sophisticated system and that other organizational issues need to be addressed before the decision to implement is made.

  2. Emergency access for online personally controlled health records system.

    PubMed

    Zhang, Yuan; Dhileepan, Sunethra; Schmidt, Matthew; Zhong, Sheng

    2012-09-01

    A personally controlled health records (PCHR) system allows a patient user to share his/her health records with trusted physicians by manually granting them the access privilege to his/her online records. However, it presents the problem of emergency access in situations where the user is physically unable to grant the access and the access is required by an Emergency Room (ER) physician who does not have the privilege at that moment. To deal with such a problem, we introduce an online polling system to provide the emergency access control to PCHR systems. For each emergency access request, the access privilege is controlled according to the combined opinions of the patient's preset emergency contacts and other online registered physicians. Because our system is based on the demographic number of the physician community nationwide, it provides a stable emergency access control at all times.

  3. Control Systems Cyber Security: Defense-in-Depth Strategies

    SciTech Connect

    Mark Fabro

    2007-10-01

    Information infrastructures across many public and private domains share several common attributes regarding IT deployments and data communications. This is particularly true in the control systems domain. A majority of the systems use robust architectures to enhance business and reduce costs by increasing the integration of external, business, and control system networks. However, multi-network integration strategies often lead to vulnerabilities that greatly reduce the security of an organization, and can expose mission-critical control systems to cyber threats. This document provides guidance and direction for developing ‘defense-in-depth’ strategies for organizations that use control system networks while maintaining a multi-tier information architecture that requires: • Maintenance of various field devices, telemetry collection, and/or industrial-level process systems • Access to facilities via remote data link or modem • Public facing services for customer or corporate operations • A robust business environment that requires connections among the control system domain, the external Internet, and other peer organizations.

  4. Ver-i-Fus: an integrated access control and information monitoring and management system

    NASA Astrophysics Data System (ADS)

    Thomopoulos, Stelios C.; Reisman, James G.; Papelis, Yiannis E.

    1997-01-01

    This paper describes the Ver-i-Fus Integrated Access Control and Information Monitoring and Management (IAC-I2M) system that INTELNET Inc. has developed. The Ver-i-Fus IAC-I2M system has been designed to meet the most stringent security and information monitoring requirements while allowing two- way communication between the user and the system. The systems offers a flexible interface that permits to integrate practically any sensing device, or combination of sensing devices, including a live-scan fingerprint reader, thus providing biometrics verification for enhanced security. Different configurations of the system provide solutions to different sets of access control problems. The re-configurable hardware interface, tied together with biometrics verification and a flexible interface that allows to integrate Ver-i-Fus with an MIS, provide an integrated solution to security, time and attendance, labor monitoring, production monitoring, and payroll applications.

  5. Catheter Securement Systems for Peripherally Inserted and Nontunneled Central Vascular Access Devices

    PubMed Central

    Krenik, Karen M.; Smith, Graham E.

    2016-01-01

    Sutureless catheter securement systems are intended to eliminate risks associated with sutures. The clinical acceptability of a novel system was investigated compared with the current method of securement for peripherally inserted central catheters (19 facilities using StatLock or sutures) or nontunneled central vascular access devices (3 facilities using StatLock or sutures or HubGuard + Sorbaview Shield). More than 94% of respondents rated the novel system as same, better, or much better than their current product. More than 82% of respondents were willing to replace their current system with the new one. PMID:27379679

  6. A Study on Automated Context-aware Access Control Model Using Ontology

    NASA Astrophysics Data System (ADS)

    Jang, Bokman; Jang, Hyokyung; Choi, Euiin

    Applications in context-aware computing environment will be connected wireless network and various devices. According to, recklessness access of information resource can make trouble of system. So, access authority management is very important issue both information resource and adapt to system through founding security policy of needed system. But, existing security model is easy of approach to resource through simply user ID and password. This model has a problem that is not concerned about user's environment information. In this paper, propose model of automated context-aware access control using ontology that can more efficiently control about resource through inference and judgment of context information that collect user's information and user's environment context information in order to ontology modeling.

  7. Arms Control and National Security: An Introduction. Advance Edition.

    ERIC Educational Resources Information Center

    Arms Control Association, Washington, DC.

    Suitable for use with high school students, this booklet on arms control and national security provides background information, describes basic concepts, reviews recent history, and offers suggestions for further reading. The first section, on American attitudes toward national security and arms control, defines five types of limits on weapons…

  8. Command and Control during Security Incidents/Emergencies

    SciTech Connect

    Knipper, W.

    2013-10-16

    This presentation builds on our response to events that pose, or have the potential to pose, a serious security or law enforcement risk and must be responded to and controlled in a clear a decisive fashion. We will examine some common concepts in the command and control of security-centric events.

  9. 21 CFR 1301.75 - Physical security controls for practitioners.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 21 Food and Drugs 9 2012-04-01 2012-04-01 false Physical security controls for practitioners. 1301.75 Section 1301.75 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION OF MANUFACTURERS, DISTRIBUTORS, AND DISPENSERS OF CONTROLLED SUBSTANCES Security Requirements §...

  10. 21 CFR 1301.76 - Other security controls for practitioners.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 21 Food and Drugs 9 2013-04-01 2013-04-01 false Other security controls for practitioners. 1301.76 Section 1301.76 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION OF MANUFACTURERS, DISTRIBUTORS, AND DISPENSERS OF CONTROLLED SUBSTANCES Security Requirements § 1301.76...

  11. 21 CFR 1301.75 - Physical security controls for practitioners.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 21 Food and Drugs 9 2014-04-01 2014-04-01 false Physical security controls for practitioners. 1301.75 Section 1301.75 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION OF MANUFACTURERS, DISTRIBUTORS, AND DISPENSERS OF CONTROLLED SUBSTANCES Security Requirements §...

  12. 21 CFR 1301.76 - Other security controls for practitioners.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 21 Food and Drugs 9 2014-04-01 2014-04-01 false Other security controls for practitioners. 1301.76 Section 1301.76 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION OF MANUFACTURERS, DISTRIBUTORS, AND DISPENSERS OF CONTROLLED SUBSTANCES Security Requirements § 1301.76...

  13. 21 CFR 1301.75 - Physical security controls for practitioners.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 21 Food and Drugs 9 2013-04-01 2013-04-01 false Physical security controls for practitioners. 1301.75 Section 1301.75 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION OF MANUFACTURERS, DISTRIBUTORS, AND DISPENSERS OF CONTROLLED SUBSTANCES Security Requirements §...

  14. 21 CFR 1301.76 - Other security controls for practitioners.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 21 Food and Drugs 9 2012-04-01 2012-04-01 false Other security controls for practitioners. 1301.76 Section 1301.76 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION OF MANUFACTURERS, DISTRIBUTORS, AND DISPENSERS OF CONTROLLED SUBSTANCES Security Requirements § 1301.76...

  15. 21 CFR 1301.76 - Other security controls for practitioners.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 21 Food and Drugs 9 2010-04-01 2010-04-01 false Other security controls for practitioners. 1301.76 Section 1301.76 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION OF MANUFACTURERS, DISTRIBUTORS, AND DISPENSERS OF CONTROLLED SUBSTANCES Security Requirements § 1301.76...

  16. 21 CFR 1301.75 - Physical security controls for practitioners.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 21 Food and Drugs 9 2010-04-01 2010-04-01 false Physical security controls for practitioners. 1301.75 Section 1301.75 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION OF MANUFACTURERS, DISTRIBUTORS, AND DISPENSERS OF CONTROLLED SUBSTANCES Security Requirements §...

  17. 21 CFR 1301.75 - Physical security controls for practitioners.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 21 Food and Drugs 9 2011-04-01 2011-04-01 false Physical security controls for practitioners. 1301.75 Section 1301.75 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION OF MANUFACTURERS, DISTRIBUTORS, AND DISPENSERS OF CONTROLLED SUBSTANCES Security Requirements §...

  18. 21 CFR 1301.76 - Other security controls for practitioners.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 21 Food and Drugs 9 2011-04-01 2011-04-01 false Other security controls for practitioners. 1301.76 Section 1301.76 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION OF MANUFACTURERS, DISTRIBUTORS, AND DISPENSERS OF CONTROLLED SUBSTANCES Security Requirements § 1301.76...

  19. Control System Applicable Use Assessment of the Secure Computing Corporation - Secure Firewall (Sidewinder)

    SciTech Connect

    Hadley, Mark D.; Clements, Samuel L.

    2009-01-01

    Battelle’s National Security & Defense objective is, “applying unmatched expertise and unique facilities to deliver homeland security solutions. From detection and protection against weapons of mass destruction to emergency preparedness/response and protection of critical infrastructure, we are working with industry and government to integrate policy, operational, technological, and logistical parameters that will secure a safe future”. In an ongoing effort to meet this mission, engagements with industry that are intended to improve operational and technical attributes of commercial solutions that are related to national security initiatives are necessary. This necessity will ensure that capabilities for protecting critical infrastructure assets are considered by commercial entities in their development, design, and deployment lifecycles thus addressing the alignment of identified deficiencies and improvements needed to support national cyber security initiatives. The Secure Firewall (Sidewinder) appliance by Secure Computing was assessed for applicable use in critical infrastructure control system environments, such as electric power, nuclear and other facilities containing critical systems that require augmented protection from cyber threat. The testing was performed in the Pacific Northwest National Laboratory’s (PNNL) Electric Infrastructure Operations Center (EIOC). The Secure Firewall was tested in a network configuration that emulates a typical control center network and then evaluated. A number of observations and recommendations are included in this report relating to features currently included in the Secure Firewall that support critical infrastructure security needs.

  20. The climate sensitivity of food security in Mali - a historical perspective on availability and access dimensions

    NASA Astrophysics Data System (ADS)

    Giannini, A.; Krishnamurthy, P. K.; Cousin, R.; Choularton, R. J.

    2011-12-01

    We present results based on an analysis of a 2005 livelihood survey of ~2000 rural households in ~200 villages scattered across Mali, a sparsely populated, large land-locked country in West Africa, to elucidate the role of climate variability and change in shaping availability and access dimensions of food security. The Comprehensive Food Security Vulnerability Analysis is a recurrent survey carried out by the World Food Programme and in-country partners to map out nutritional and socio-economic status during normal (~food secure) conditions in the hope of understanding underlying cause(s) and prevent the next food security crisis. We set the spatial characterization of food security that emerges from the CFSVA against the background of a varying climate, on intra-seasonal, interannual and multi-decadal time scales: through elucidation of the influence of climate on agricultural production we arrive at an interpretation of structural and conjunctural events affecting food security. We conclude with a discussion of possible interventions to reduce vulnerability.

  1. Ideal Based Cyber Security Technical Metrics for Control Systems

    SciTech Connect

    W. F. Boyer; M. A. McQueen

    2007-10-01

    Much of the world's critical infrastructure is at risk from attack through electronic networks connected to control systems. Security metrics are important because they provide the basis for management decisions that affect the protection of the infrastructure. A cyber security technical metric is the security relevant output from an explicit mathematical model that makes use of objective measurements of a technical object. A specific set of technical security metrics are proposed for use by the operators of control systems. Our proposed metrics are based on seven security ideals associated with seven corresponding abstract dimensions of security. We have defined at least one metric for each of the seven ideals. Each metric is a measure of how nearly the associated ideal has been achieved. These seven ideals provide a useful structure for further metrics development. A case study shows how the proposed metrics can be applied to an operational control system.

  2. 7. LAUNCH CONTROL SUPPORT BUILDING. INTERIOR OF SECURITY OFFICE. VIEW ...

    Library of Congress Historic Buildings Survey, Historic Engineering Record, Historic Landscapes Survey

    7. LAUNCH CONTROL SUPPORT BUILDING. INTERIOR OF SECURITY OFFICE. VIEW TO NORTH. - Minuteman III ICBM Launch Control Facility November-1, 1.5 miles North of New Raymer & State Highway 14, New Raymer, Weld County, CO

  3. 6. LAUNCH CONTROL SUPPORT BUILDING. INTERIOR OF SECURITY OFFICE. VIEW ...

    Library of Congress Historic Buildings Survey, Historic Engineering Record, Historic Landscapes Survey

    6. LAUNCH CONTROL SUPPORT BUILDING. INTERIOR OF SECURITY OFFICE. VIEW TO WEST. - Minuteman III ICBM Launch Control Facility November-1, 1.5 miles North of New Raymer & State Highway 14, New Raymer, Weld County, CO

  4. Health information system access control redesign - rationale and method.

    PubMed

    Moselle, Kenneth A

    2011-01-01

    This paper addresses the question of why a health service system might find it necessary to re-engineer the access control model that mediates the interaction of clinicians with health information systems. Factors that lead to increasingly complexity of the access control models are delineated, and consequences of that complexity are identified. Strategies are presented to address these factors, and a stepwise procedure is suggested to structure the access control model re-engineering process.

  5. Efforts to secure universal access to HIV/AIDS treatment: a comparison of BRICS countries.

    PubMed

    Sun, Jing; Boing, Alexandra Crispim; Silveira, Marysabel P T; Bertoldi, Andréa D; Ziganshina, Liliya E; Khaziakhmetova, Veronica N; Khamidulina, Rashida M; Chokshi, Maulik R; McGee, Shelley; Suleman, Fatima

    2014-02-01

    This article illustrates how the BRICS countries have been building their focused leadership, making important high level commitment and national policy changes, and improving their health systems, in addressing the HIV/AIDS epidemics in respective settings. Specific aspects are focused on efforts of creating public provisions to secure universal access to ARVs from the aspects of active responsive system and national program, health system strengthening, fostering local production of ARVs, supply chain management, and information system strengthening. Challenges in each BRICS country are analyzed respectively. The most important contributors to the success of response to HIV/AIDS include: creating legal basis for healthcare as a fundamental human right; political commitment to necessary funding for universal access and concrete actions to secure equal quality care; comprehensive system to secure demands that all people in need are capable of accessing prevention, treatment and care; active community involvement; decentralization of the management system considering the local settings; integration of treatment and prevention; taking horizontal approach to strengthen health systems; fully use of the TRIPS flexibility; and regular monitoring and evaluation to serve evidence based decision making.

  6. Ground water security and drought in Africa: linking availability, access, and demand.

    PubMed

    Calow, Roger C; Macdonald, Alan M; Nicol, Alan L; Robins, Nick S

    2010-01-01

    Drought in Africa has been extensively researched, particularly from meteorological, agricultural, and food security perspectives. However, the impact of drought on water security, particularly ground water dependent rural water supplies, has received much less attention. Policy responses have concentrated on food needs, and it has often been difficult to mobilize resources for water interventions, despite evidence that access to safe water is a serious and interrelated concern. Studies carried out in Ghana, Malawi, South Africa, and Ethiopia highlight how rural livelihoods are affected by seasonal stress and longer-term drought. Declining access to food and water is a common and interrelated problem. Although ground water plays a vital role in buffering the effects of rainfall variability, water shortages and difficulties in accessing water that is available can affect domestic and productive water uses, with knock-on effects on food consumption and production. Total depletion of available ground water resources is rarely the main concern. A more common scenario is a spiral of water insecurity as shallow water sources fail, additional demands are put on remaining sources, and mechanical failures increase. These problems can be planned for within normal development programs. Water security mapping can help identify vulnerable areas, and changes to monitoring systems can ensure early detection of problems. Above all, increasing the coverage of ground water-based rural water supplies, and ensuring that the design and siting of water points is informed by an understanding of hydrogeological conditions and user demand, can significantly increase the resilience of rural communities to climate variability.

  7. Efforts to secure universal access to HIV/AIDS treatment: a comparison of BRICS countries.

    PubMed

    Sun, Jing; Boing, Alexandra Crispim; Silveira, Marysabel P T; Bertoldi, Andréa D; Ziganshina, Liliya E; Khaziakhmetova, Veronica N; Khamidulina, Rashida M; Chokshi, Maulik R; McGee, Shelley; Suleman, Fatima

    2014-02-01

    This article illustrates how the BRICS countries have been building their focused leadership, making important high level commitment and national policy changes, and improving their health systems, in addressing the HIV/AIDS epidemics in respective settings. Specific aspects are focused on efforts of creating public provisions to secure universal access to ARVs from the aspects of active responsive system and national program, health system strengthening, fostering local production of ARVs, supply chain management, and information system strengthening. Challenges in each BRICS country are analyzed respectively. The most important contributors to the success of response to HIV/AIDS include: creating legal basis for healthcare as a fundamental human right; political commitment to necessary funding for universal access and concrete actions to secure equal quality care; comprehensive system to secure demands that all people in need are capable of accessing prevention, treatment and care; active community involvement; decentralization of the management system considering the local settings; integration of treatment and prevention; taking horizontal approach to strengthen health systems; fully use of the TRIPS flexibility; and regular monitoring and evaluation to serve evidence based decision making. PMID:25155561

  8. Open versus Controlled-Access Data | Office of Cancer Genomics

    Cancer.gov

    OCG employs stringent human subjects’ protection and data access policies to protect the privacy and confidentiality of the research participants. Depending on the risk of patient identification, OCG programs data are available to the scientific community in two tiers: open or controlled access. Both types of data can be accessed through its corresponding OCG program-specific data matrix or portal. Open-access Data

  9. 17 CFR 240.15c3-5 - Risk management controls for brokers or dealers with market access.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 17 Commodity and Securities Exchanges 3 2011-04-01 2011-04-01 false Risk management controls for... Markets § 240.15c3-5 Risk management controls for brokers or dealers with market access. (a) For the... establish, document, and maintain a system of risk management controls and supervisory procedures...

  10. 17 CFR 240.15c3-5 - Risk management controls for brokers or dealers with market access.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 17 Commodity and Securities Exchanges 3 2013-04-01 2013-04-01 false Risk management controls for... Markets § 240.15c3-5 Risk management controls for brokers or dealers with market access. (a) For the... establish, document, and maintain a system of risk management controls and supervisory procedures...

  11. 17 CFR 240.15c3-5 - Risk management controls for brokers or dealers with market access.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 17 Commodity and Securities Exchanges 3 2012-04-01 2012-04-01 false Risk management controls for... Markets § 240.15c3-5 Risk management controls for brokers or dealers with market access. (a) For the... establish, document, and maintain a system of risk management controls and supervisory procedures...

  12. 17 CFR 240.15c3-5 - Risk management controls for brokers or dealers with market access.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 17 Commodity and Securities Exchanges 4 2014-04-01 2014-04-01 false Risk management controls for... Markets § 240.15c3-5 Risk management controls for brokers or dealers with market access. (a) For the... establish, document, and maintain a system of risk management controls and supervisory procedures...

  13. New advanced technologies to provide decentralised and secure access to medical records: case studies in oncology.

    PubMed

    Quantin, Catherine; Coatrieux, Gouenou; Allaert, François André; Fassa, Maniane; Bourquard, Karima; Boire, Jean-Yves; de Vlieger, Paul; Maigne, Lydia; Breton, Vincent

    2009-08-07

    The main problem for health professionals and patients in accessing information is that this information is very often distributed over many medical records and locations. This problem is particularly acute in cancerology because patients may be treated for many years and undergo a variety of examinations. Recent advances in technology make it feasible to gain access to medical records anywhere and anytime, allowing the physician or the patient to gather information from an "ephemeral electronic patient record". However, this easy access to data is accompanied by the requirement for improved security (confidentiality, traceability, integrity, ...) and this issue needs to be addressed. In this paper we propose and discuss a decentralised approach based on recent advances in information sharing and protection: Grid technologies and watermarking methodologies. The potential impact of these technologies for oncology is illustrated by the examples of two experimental cases: a cancer surveillance network and a radiotherapy treatment plan. It is expected that the proposed approach will constitute the basis of a future secure "google-like" access to medical records.

  14. New Advanced Technologies to Provide Decentralised and Secure Access to Medical Records: Case Studies in Oncology

    PubMed Central

    Quantin, Catherine; Coatrieux, Gouenou; Allaert, François André; Fassa, Maniane; Bourquard, Karima; Boire, Jean-Yves; de Vlieger, Paul; Maigne, Lydia; Breton, Vincent

    2009-01-01

    The main problem for health professionals and patients in accessing information is that this information is very often distributed over many medical records and locations. This problem is particularly acute in cancerology because patients may be treated for many years and undergo a variety of examinations. Recent advances in technology make it feasible to gain access to medical records anywhere and anytime, allowing the physician or the patient to gather information from an “ephemeral electronic patient record”. However, this easy access to data is accompanied by the requirement for improved security (confidentiality, traceability, integrity, ...) and this issue needs to be addressed. In this paper we propose and discuss a decentralised approach based on recent advances in information sharing and protection: Grid technologies and watermarking methodologies. The potential impact of these technologies for oncology is illustrated by the examples of two experimental cases: a cancer surveillance network and a radiotherapy treatment plan. It is expected that the proposed approach will constitute the basis of a future secure “google-like” access to medical records. PMID:19718446

  15. Cyber Security Testing and Training Programs for Industrial Control Systems

    SciTech Connect

    Daniel Noyes

    2012-03-01

    Service providers rely on industrial control systems (ICS) to manage the flow of water at dams, open breakers on power grids, control ventilation and cooling in nuclear power plants, and more. In today's interconnected environment, this can present a serious cyber security challenge. To combat this growing challenge, government, private industry, and academia are working together to reduce cyber risks. The Idaho National Laboratory (INL) is a key contributor to the Department of Energy National SCADA Test Bed (NSTB) and the Department of Homeland Security (DHS) Control Systems Security Program (CSSP), both of which focus on improving the overall security posture of ICS in the national critical infrastructure. In support of the NSTB, INL hosts a dedicated SCADA testing facility which consists of multiple control systems supplied by leading national and international manufacturers. Within the test bed, INL researchers systematically examine control system components and work to identify vulnerabilities. In support of the CSSP, INL develops and conducts training courses which are designed to increase awareness and defensive capabilities for IT/Control System professionals. These trainings vary from web-based cyber security trainings for control systems engineers to more advanced hands-on training that culminates with a Red Team/ Blue Team exercise that is conducted within an actual control systems environment. INL also provides staffing and operational support to the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) Security Operations Center which responds to and analyzes control systems cyber incidents across the 18 US critical infrastructure sectors.

  16. Process Control System Cyber Security Standards - An Overview

    SciTech Connect

    Robert P. Evans

    2006-05-01

    The use of cyber security standards can greatly assist in the protection of process control systems by providing guidelines and requirements for the implementation of computer-controlled systems. These standards are most effective when the engineers and operators, using the standards, understand what each standard addresses. This paper provides an overview of several standards that deal with the cyber security of process measurements and control systems.

  17. UGV: security analysis of subsystem control network

    NASA Astrophysics Data System (ADS)

    Abbott-McCune, Sam; Kobezak, Philip; Tront, Joseph; Marchany, Randy; Wicks, Al

    2013-05-01

    Unmanned Ground vehicles (UGVs) are becoming prolific in the heterogeneous superset of robotic platforms. The sensors which provide odometry, localization, perception, and vehicle diagnostics are fused to give the robotic platform a sense of the environment it is traversing. The automotive industry CAN bus has dominated the industry due to the fault tolerance and the message structure allowing high priority messages to reach the desired node in a real time environment. UGVs are being researched and produced at an accelerated rate to preform arduous, repetitive, and dangerous missions that are associated with a military action in a protracted conflict. The technology and applications of the research will inevitably be turned into dual-use platforms to aid civil agencies in the performance of their various operations. Our motivation is security of the holistic system; however as subsystems are outsourced in the design, the overall security of the system may be diminished. We will focus on the CAN bus topology and the vulnerabilities introduced in UGVs and recognizable security vulnerabilities that are inherent in the communications architecture. We will show how data can be extracted from an add-on CAN bus that can be customized to monitor subsystems. The information can be altered or spoofed to force the vehicle to exhibit unwanted actions or render the UGV unusable for the designed mission. The military relies heavily on technology to maintain information dominance, and the security of the information introduced onto the network by UGVs must be safeguarded from vulnerabilities that can be exploited.

  18. Security Encryption Scheme for Communication of Web Based Control Systems

    NASA Astrophysics Data System (ADS)

    Robles, Rosslin John; Kim, Tai-Hoon

    A control system is a device or set of devices to manage, command, direct or regulate the behavior of other devices or systems. The trend in most systems is that they are connected through the Internet. Traditional Supervisory Control and Data Acquisition Systems (SCADA) is connected only in a limited private network Since the internet Supervisory Control and Data Acquisition Systems (SCADA) facility has brought a lot of advantages in terms of control, data viewing and generation. Along with these advantages, are security issues regarding web SCADA, operators are pushed to connect Control Systems through the internet. Because of this, many issues regarding security surfaced. In this paper, we discuss web SCADA and the issues regarding security. As a countermeasure, a web SCADA security solution using crossed-crypto-scheme is proposed to be used in the communication of SCADA components.

  19. Task Delegation Based Access Control Models for Workflow Systems

    NASA Astrophysics Data System (ADS)

    Gaaloul, Khaled; Charoy, François

    e-Government organisations are facilitated and conducted using workflow management systems. Role-based access control (RBAC) is recognised as an efficient access control model for large organisations. The application of RBAC in workflow systems cannot, however, grant permissions to users dynamically while business processes are being executed. We currently observe a move away from predefined strict workflow modelling towards approaches supporting flexibility on the organisational level. One specific approach is that of task delegation. Task delegation is a mechanism that supports organisational flexibility, and ensures delegation of authority in access control systems. In this paper, we propose a Task-oriented Access Control (TAC) model based on RBAC to address these requirements. We aim to reason about task from organisational perspectives and resources perspectives to analyse and specify authorisation constraints. Moreover, we present a fine grained access control protocol to support delegation based on the TAC model.

  20. An interaction-based access control model (IBAC) for collaborative services

    SciTech Connect

    Altunay, Mine; Byrd, Gregory T.; Brown, Doug E.; Dean, Ralph A.; /North Carolina State U.

    2008-04-01

    A collaboration is a collection of services that work together to achieve a common goal. Although collaborations help when tackling difficult problems, they lead to security issues. First, a collaboration is often performed by services that are drawn from different security domains. Second, a service interacts with multiple peer services during the collaboration. These interactions are not isolated from one another--e.g., data may flow through a sequence of different services. As a result, a service is exposed to multiple peer services in varying degrees, leading to different security threats. We identify the types of interactions that can be present in collaborations, and discuss the security threats due to each type. We propose a model for representing the collaboration context so that a service can be made aware of the existing interactions. We provide an access control model for a service participating in a collaboration. We couple our access control model with a policy model, so that the access requirements from collaborations can be expressed and evaluated.

  1. Measurable Control System Security through Ideal Driven Technical Metrics

    SciTech Connect

    Miles McQueen; Wayne Boyer; Sean McBride; Marie Farrar; Zachary Tudor

    2008-01-01

    The Department of Homeland Security National Cyber Security Division supported development of a small set of security ideals as a framework to establish measurable control systems security. Based on these ideals, a draft set of proposed technical metrics was developed to allow control systems owner-operators to track improvements or degradations in their individual control systems security posture. The technical metrics development effort included review and evaluation of over thirty metrics-related documents. On the bases of complexity, ambiguity, or misleading and distorting effects the metrics identified during the reviews were determined to be weaker than necessary to aid defense against the myriad threats posed by cyber-terrorism to human safety, as well as to economic prosperity. Using the results of our metrics review and the set of security ideals as a starting point for metrics development, we identified thirteen potential technical metrics - with at least one metric supporting each ideal. Two case study applications of the ideals and thirteen metrics to control systems were then performed to establish potential difficulties in applying both the ideals and the metrics. The case studies resulted in no changes to the ideals, and only a few deletions and refinements to the thirteen potential metrics. This led to a final proposed set of ten core technical metrics. To further validate the security ideals, the modifications made to the original thirteen potential metrics, and the final proposed set of ten core metrics, seven separate control systems security assessments performed over the past three years were reviewed for findings and recommended mitigations. These findings and mitigations were then mapped to the security ideals and metrics to assess gaps in their coverage. The mappings indicated that there are no gaps in the security ideals and that the ten core technical metrics provide significant coverage of standard security issues with 87% coverage. Based

  2. Giving patients secure < Google-like > access to their medical record.

    PubMed

    Quantin, Catherine; Fassa, Maniane; Coatrieux, Gouenou; Breton, Vincent; Boire, Jean Yves; Allaert, François André

    2008-01-01

    The main problem for the patient who wants to have access to all of the information about his health is that this information is very often spread over many medical records. Therefore, it would be convenient for the patient, after being identified and authenticated, to use a kind of specific medical search engine as one part of the solution to this main problem. The principal objective is for the patient to have access to his or her medical information at anytime and wherever it has been stored. This proposal for secure "Google Like" access requires the addition of different conditions: very strict identity checks using cryptographic techniques such as those planned for the electronic signature, which will not only ensure authentication of the patient and integrity of the file, but also protection of the confidentiality and access follow-up. The electronic medical record must also be electronically signed by the practitioner in order to provide evidence that he has given his agreement and accepted responsibility for the content. This electronic signature also prevents any kind of post-transmission falsification. New advances in technology make it possible to envisage access to medical records anywhere and anytime, thanks to Grid and watermarking methodologies.

  3. A secure WDM ring access network employing silicon micro-ring based remote node

    NASA Astrophysics Data System (ADS)

    Sung, Jiun-Yu; Chow, Chi-Wai; Yeh, Chien-Hung; Xu, Ke; Hsu, Chin-Wei; Su, Hong-Quan; Tsang, Hon-Ki

    2014-08-01

    A secure and scalable wavelength-division-multiplexing (WDM) ring-based access network is proposed and demonstrated using proof-of-concept experiments. In the remote node (RN), wavelength hopping for specific optical networking unit (ONU) is deployed by using silicon micro-ring resonators (SMR). Using silicon-based devices could be cost-effective for the cost-sensitive access network. Hence the optical physical layer security is introduced. The issues of denial of service (DOS) attacks, eavesdropping and masquerading can be made more difficult in the proposed WDM ring-based access network. Besides, the SMRs with different dropped wavelengths can be cascaded, such that the signals pass through the preceding SMRs can be dropped by a succeeding SMR. This can increase the scalability of the RN for supporting more ONUs for future upgrade. Here, error-free 10 Gb/s downlink and 1.25 Gb/s uplink transmission are demonstrated to show the feasibility of the proposed network.

  4. Building secure wireless access point based on certificate authentication and firewall captive portal

    NASA Astrophysics Data System (ADS)

    Soewito, B.; Hirzi

    2014-03-01

    Wireless local area network or WLAN more vulnerability than wired network even though WLAN has many advantages over wired. Wireless networks use radio transmissions to carry data between end users and access point. Therefore, it is possible for someone to sit in your office building's lobby or parking lot or parking lot to eavesdrop on the wireless network communication. This paper discussed securing wires local area network used WPA2 Enterprise based PEAP MS-CHAP and Captive portal firewall. We also divided the network for employer and visitor to increase the level of security. Our experiment showed that the WLAN could be broken using the attacker tool such as airodump, aireply, and aircrack.

  5. DOE`s nation-wide system for access control can solve problems for the federal government

    SciTech Connect

    Callahan, S.; Tomes, D.; Davis, G.; Johnson, D.; Strait, S.

    1996-07-01

    The U.S. Department of Energy`s (DOE`s) ongoing efforts to improve its physical and personnel security systems while reducing its costs, provide a model for federal government visitor processing. Through the careful use of standardized badges, computer databases, and networks of automated access control systems, the DOE is increasing the security associated with travel throughout the DOE complex, and at the same time, eliminating paperwork, special badging, and visitor delays. The DOE is also improving badge accountability, personnel identification assurance, and access authorization timeliness and accuracy. Like the federal government, the DOE has dozens of geographically dispersed locations run by many different contractors operating a wide range of security systems. The DOE has overcome these obstacles by providing data format standards, a complex-wide virtual network for security, the adoption of a standard high security system, and an open-systems-compatible link for any automated access control system. If the location`s level of security requires it, positive visitor identification is accomplished by personal identification number (PIN) and/or by biometrics. At sites with automated access control systems, this positive identification is integrated into the portals.

  6. How to implement security controls for an information security program at CBRN facilities

    SciTech Connect

    Lenaeus, Joseph D.; O'Neil, Lori Ross; Leitch, Rosalyn M.; Glantz, Clifford S.; Landine, Guy P.; Bryant, Janet L.; Lewis, John; Mathers, Gemma; Rodger, Robert; Johnson, Christopher

    2015-12-01

    This document was prepared by PNNL within the framework of Project 19 of the European Union Chemical Biological Radiological and Nuclear Risk Mitigation Centres of Excellence Initiative entitled, ''Development of procedures and guidelines to create and improve secure information management systems and data exchange mechanisms for CBRN materials under regulatory control.'' It provides management and workers at CBRN facilities, parent organization managers responsible for those facilities, and regulatory agencies (governmental and nongovernmental) with guidance on the best practices for protecting information security. The security mitigation approaches presented in this document were chosen because they present generally accepted guidance in an easy-to-understand manner, making it easier for facility personnel to grasp key concepts and envision how security controls could be implemented by the facility. This guidance is presented from a risk management perspective.

  7. Race Differences in Mental Health Service Access in a Secure Male Juvenile Justice Facility

    ERIC Educational Resources Information Center

    Dalton, Richard F.; Evans, Lisa J.; Cruise, Keith R.; Feinstein, Ronald A.; Kendrick, Rhonda F.

    2009-01-01

    This study examined whether African American and Caucasian male youths had similar rates of referral to mental health services in a juvenile justice secure facility when controlling for differences obtained in the initial screening and assessment process. Data from the Massachusetts Youth Screening Instrument-2 (MAYSI-2), Initial Health Care…

  8. Resource reliability, accessibility and governance: pillars for managing water resources to achieve water security in Nepal

    NASA Astrophysics Data System (ADS)

    Biggs, E. M.; Duncan, J.; Atkinson, P.; Dash, J.

    2013-12-01

    As one of the world's most water-abundant countries, Nepal has plenty of water yet resources are both spatially and temporally unevenly distributed. With a population heavily engaged in subsistence farming, whereby livelihoods are entirely dependent on rain-fed agriculture, changes in freshwater resources can substantially impact upon survival. The two main sources of water in Nepal come from monsoon precipitation and glacial runoff. The former is essential for sustaining livelihoods where communities have little or no access to perennial water resources. Much of Nepal's population live in the southern Mid-Hills and Terai regions where dependency on the monsoon system is high and climate-environment interactions are intricate. Any fluctuations in precipitation can severely affect essential potable resources and food security. As the population continues to expand in Nepal, and pressures build on access to adequate and clean water resources, there is a need for institutions to cooperate and increase the effectiveness of water management policies. This research presents a framework detailing three fundamental pillars for managing water resources to achieve sustainable water security in Nepal. These are (i) resource reliability; (ii) adequate accessibility; and (iii) effective governance. Evidence is presented which indicates that water resources are adequate in Nepal to sustain the population. In addition, aspects of climate change are having less impact than previously perceived e.g. results from trend analysis of precipitation time-series indicate a decrease in monsoon extremes and interannual variation over the last half-century. However, accessibility to clean water resources and the potential for water storage is limiting the use of these resources. This issue is particularly prevalent given the heterogeneity in spatial and temporal distributions of water. Water governance is also ineffective due to government instability and a lack of continuity in policy

  9. 47 CFR Appendix B to Part 64 - Priority Access Service (PAS) for National Security and Emergency Preparedness (NSEP)

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... 47 Telecommunication 3 2013-10-01 2013-10-01 false Priority Access Service (PAS) for National.... 64, App. B Appendix B to Part 64—Priority Access Service (PAS) for National Security and Emergency... meaning as in Appendix A to Part 64: (a) Assignment; (b) Government; (c) National Communications...

  10. Managed Access by Controlled Sensing (MACS)

    SciTech Connect

    Curtiss, J.A.; Indusi, J.P.

    1994-08-01

    During chemical weapons challenge inspections, the CWC treaty allows ``alternate means`` of access to be proposed by the nation challenged. BNL`s Safeguards, Safety and Nonproliferation Division is funded by the Defense Nuclear Agency to develop a system to provide the challenge inspection team with a ``virtual presence`` within the facility while denying personal access. A general purpose configuration of a mobile station manned by site personnel and a base station manned by the challenge inspector, supported by a flexible communication system, will allow facility personnel to tailor the basic model to their site. Design of the MACS system is based on maximum use of commercial equipment that is available on the international market. Design requirements for the MACS system include methods of establishing geographical position, distance measuring equipment for use in verifying dimensions on floor plans, video and two-way audio links between the mobile unit and the base station, and portability and versatility of the equipment. The MACS platform will also support deployment of selected instrumentation which the site may offer to the challenge inspection team. This paper describes the design and construction of the prototype MACS system.

  11. Healthcare professionals' experiences with EHR-system access control mechanisms.

    PubMed

    Faxvaag, Arild; Johansen, Trond S; Heimly, Vigdis; Melby, Line; Grimsmo, Anders

    2011-01-01

    Access control mechanisms might influence on the information seeking and documentation behavior of clinicians. In this study, we have surveyed healthcare professionals in nursing homes and hospitals on their attitudes to, and experiences with using access control mechanisms. In some situations, the access control mechanisms of the EHR system made clinicians postpone documentation work. Their practice of reading what others have documented was also influenced. Not all clinicians logged out of the system when they left a workstation, and some clinicians reported to do some of their documentation work in the name of others. The reported practices might have implications for the safety of the patient.

  12. Urban Studies: A Study of Bibliographic Access and Control.

    ERIC Educational Resources Information Center

    Anderson, Barbara E.

    This paper analyzes: (1) the bibliographic access to publications in urban studies via printed secondary sources; (2) development and scope of classification systems and of vocabulary control for urban studies; and (3) currently accessible automated collections of bibliographic citations. Urban studies is defined as "an agglomeration of…

  13. Improving Control System Security through the Evaluation of Current Trends in Computer Security Research

    SciTech Connect

    Rolston

    2005-03-01

    At present, control system security efforts are primarily technical and reactive in nature. What has been overlooked is the need for proactive efforts, focused on the IT security research community from which new threats might emerge. Evaluating cutting edge IT security research and how it is evolving can provide defenders with valuable information regarding what new threats and tools they can anticipate in the future. Only known attack methodologies can be blocked, and there is a gap between what is known to the general security community and what is being done by cutting edge researchers --both those trying to protect systems and those trying to compromise them. The best security researchers communicate with others in their field; they know what cutting edge research is being done; what software can be penetrated via this research; and what new attack techniques and methodologies are being circulated in the black hat community. Standardization of control system applications, operating systems, and networking protocols is occurring at a rapid rate, following a path similar to the standardization of modern IT networks. Many attack methodologies used on IT systems can be ported over to the control system environment with little difficulty. It is extremely important to take advantage of the lag time between new research, its use on traditional IT networks, and the time it takes to port the research over for use on a control system network. Analyzing nascent trends in IT security and determining their applicability to control system networks provides significant information regarding defense mechanisms needed to secure critical infrastructure more effectively. This work provides the critical infrastructure community with a better understanding of how new attacks might be launched, what layers of defense will be needed to deter them, how the attacks could be detected, and how their impact could be limited.

  14. Communication Security for Control Systems in Smart Grid

    NASA Astrophysics Data System (ADS)

    Robles, Rosslin John; Kim, Tai-Hoon

    As an example of Control System, Supervisory Control and Data Acquisition systems can be relatively simple, such as one that monitors environmental conditions of a small office building, or incredibly complex, such as a system that monitors all the activity in a nuclear power plant or the activity of a municipal water system. SCADA systems are basically Process Control Systems, designed to automate systems such as traffic control, power grid management, waste processing etc. Connecting SCADA to the Internet can provide a lot of advantages in terms of control, data viewing and generation. SCADA infrastructures like electricity can also be a part of a Smart Grid. Connecting SCADA to a public network can bring a lot of security issues. To answer the security issues, a SCADA communication security solution is proposed.

  15. Automated biometric access control system for two-man-rule enforcement

    SciTech Connect

    Holmes, J.P.; Maxwell, R.L. ); Henderson, R.W. )

    1991-01-01

    This paper describes a limited access control system for nuclear facilities which makes use of the eye retinal identity verifier to control the passage of personnel into and out of one or a group of security controlled working areas. This access control system requires no keys, cards or credentials. The user simply enters his Personal Identification Number (PIN) and takes an eye reading to request passage. The PIN does not have to be kept secret. The system then relies on biometric identity verification of the user, along with other system information, to make the decision of whether or not to unlock the door. It also enforces multiple zones control with personnel tracking and the two-man-rule.

  16. Secure VM for Monitoring Industrial Process Controllers

    SciTech Connect

    Dasgupta, Dipankar; Ali, Mohammad Hassan; Abercrombie, Robert K; Schlicher, Bob G; Sheldon, Frederick T; Carvalho, Marco

    2011-01-01

    In this paper, we examine the biological immune system as an autonomic system for self-protection, which has evolved over millions of years probably through extensive redesigning, testing, tuning and optimization process. The powerful information processing capabilities of the immune system, such as feature extraction, pattern recognition, learning, memory, and its distributive nature provide rich metaphors for its artificial counterpart. Our study focuses on building an autonomic defense system, using some immunological metaphors for information gathering, analyzing, decision making and launching threat and attack responses. In order to detection Stuxnet like malware, we propose to include a secure VM (or dedicated host) to the SCADA Network to monitor behavior and all software updates. This on-going research effort is not to mimic the nature but to explore and learn valuable lessons useful for self-adaptive cyber defense systems.

  17. Personnel Access Control System Evaluation for National Ignition Facility Operations

    SciTech Connect

    Altenbach, T; Brereton, S.; Hermes, G.; Singh, M.

    2001-06-01

    The purpose of this document is to analyze the baseline Access Control System for the National Ignition Facility (NIF), and to assess its effectiveness at controlling access to hazardous locations during full NIF operations. It reviews the various hazards present during a NIF shot sequence, and evaluates the effectiveness of the applicable set of controls at preventing access while the hazards are present. It considers only those hazards that could potentially be lethal. In addition, various types of technologies that might be applicable at NIF are reviewed, as are systems currently in use at other facilities requiring access control for safety reasons. Recommendations on how this system might be modified to reduce risk are made.

  18. Role-based access control model for GIS

    NASA Astrophysics Data System (ADS)

    Pan, Yuqing; Sheng, Yehua; Zhou, Jieyu

    2007-06-01

    Access control of Geographical Information System (GIS) has more complex spatial constraints than the general MIS system, it makes the classic role-based access control model(RBAC) can't be used in GIS. To achieve an effective Access Control Model for GIS, an extension model of the RBAC is presented in the paper. Firstly, this paper introduce the three kinds spatial constraints that included layer constraints, region constraints and spatial object constraints; Then the paper expanded the basic RBAC model, added regional class, layers class and so on; Finally, the paper has given the system RABC control model as well as the realization method in view of GIS. An extension model of the RBAC is applicable to mobile computing, wireless access and system about location is concluded by analyzing.

  19. 75 FR 5609 - Privacy Act of 1974; Department of Homeland Security/ALL-024 Facility and Perimeter Access...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-02-03

    ... DHS/ALL--024 Facility and Perimeter Access Control and Visitor Management System of Records (74 FR... Perimeter Access Control and Visitor Management System of Records AGENCY: Privacy Office; DHS. ACTION... Facility and Perimeter Access Control and Visitor Management System of Records to include record...

  20. Pace: Privacy-Protection for Access Control Enforcement in P2P Networks

    NASA Astrophysics Data System (ADS)

    Sánchez-Artigas, Marc; García-López, Pedro

    In open environments such as peer-to-peer (P2P) systems, the decision to collaborate with multiple users — e.g., by granting access to a resource — is hard to achieve in practice due to extreme decentralization and the lack of trusted third parties. The literature contains a plethora of applications in which a scalable solution for distributed access control is crucial. This fact motivates us to propose a protocol to enforce access control, applicable to networks consisting entirely of untrusted nodes. The main feature of our protocol is that it protects both sensitive permissions and sensitive policies, and does not rely on any centralized authority. We analyze the efficiency (computational effort and communication overhead) as well as the security of our protocol.

  1. IT Security Support for Spaceport Command and Control System

    NASA Technical Reports Server (NTRS)

    McLain, Jeffrey

    2013-01-01

    During the fall 2013 semester, I worked at the Kennedy Space Center as an IT Security Intern in support of the Spaceport Command and Control System under the guidance of the IT Security Lead Engineer. Some of my responsibilities included assisting with security plan documentation collection, system hardware and software inventory, and malicious code and malware scanning. Throughout the semester, I had the opportunity to work on a wide range of security related projects. However, there are three projects in particular that stand out. The first project I completed was updating a large interactive spreadsheet that details the SANS Institutes Top 20 Critical Security Controls. My task was to add in all of the new commercial of the shelf (COTS) software listed on the SANS website that can be used to meet their Top 20 controls. In total, there are 153 unique security tools listed by SANS that meet one or more of their 20 controls. My second project was the creation of a database that will allow my mentor to keep track of the work done by the contractors that report to him in a more efficient manner by recording events as they occur throughout the quarter. Lastly, I expanded upon a security assessment of the Linux machines being used on center that I began last semester. To do this, I used a vulnerability and configuration tool that scans hosts remotely through the network and presents the user with an abundance of information detailing each machines configuration. The experience I gained from working on each of these projects has been invaluable, and I look forward to returning in the spring semester to continue working with the IT Security team.

  2. 33 CFR 104.265 - Security measures for access control.

    Code of Federal Regulations, 2014 CFR

    2014-07-01

    ... individual has reported the TWIC as lost, damaged, or stolen to TSA as required in 49 CFR 1572.19(f); (ii... screening of people, baggage (including carry-on items), personal effects, vehicles and the vehicle's... screening of people, personal effects, and vehicles being embarked or loaded onto the vessel as...

  3. 33 CFR 104.265 - Security measures for access control.

    Code of Federal Regulations, 2013 CFR

    2013-07-01

    ... individual has reported the TWIC as lost, damaged, or stolen to TSA as required in 49 CFR 1572.19(f); (ii... screening of people, baggage (including carry-on items), personal effects, vehicles and the vehicle's... screening of people, personal effects, and vehicles being embarked or loaded onto the vessel as...

  4. Reexamining the Security of Controlled Quantum Secure Direct Communication by Using Four Particle Cluster States

    NASA Astrophysics Data System (ADS)

    Qin, Su-Juan

    2012-09-01

    A controlled quantum secure direct communication protocol (Zhang et al. in Int. J. Theor. Phys. 48:2971-2976, 2009) by using four particle cluster states was proposed recently. Yang et al. presented an attack with fake entangled particles (FEP attack) and gave an improvement (Yang et al. in Int. J. Theor. Phys. 50:395-400, 2010). In this paper, we reexamine the protocol's security and discover that, Bob can also take a different attack, disentanglement attack, to obtain Alice's secret message without controller's permission. Moreover, our attack strategy also works for Yang's improvement.

  5. System and method for secure group transactions

    DOEpatents

    Goldsmith, Steven Y.

    2006-04-25

    A method and a secure system, processing on one or more computers, provides a way to control a group transaction. The invention uses group consensus access control and multiple distributed secure agents in a network environment. Each secure agent can organize with the other secure agents to form a secure distributed agent collective.

  6. Visualization for cyber security command and control

    NASA Astrophysics Data System (ADS)

    Langton, John T.; Newey, Brent; Havig, Paul R.

    2010-04-01

    To address the unique requirements of cyber Command and Control (C2), new visualization methods are needed to provide situation awareness and decision support within the cyber domain. A key challenge is the complexity of relevant data: it is immense and multidimensional, includes streaming and log data, and comes from multiple, disparate applications and devices. Decision makers must be afforded a view of a) the current state of the cyber battlespace, b) enemy and friendly capabilities and vulnerabilities, c) correlations between cyber events, and d) potential effects of alternative courses of action within cyberspace. In this paper we present requirements and designs for Visualization for Integrated Cyber Command and Control (VIC3).

  7. Integrated safeguards & security for material protection, accounting, and control.

    SciTech Connect

    Duran, Felicia Angelica; Cipiti, Benjamin B.

    2009-10-01

    Traditional safeguards and security design for fuel cycle facilities is done separately and after the facility design is near completion. This can result in higher costs due to retrofits and redundant use of data. Future facilities will incorporate safeguards and security early in the design process and integrate the systems to make better use of plant data and strengthen both systems. The purpose of this project was to evaluate the integration of materials control and accounting (MC&A) measurements with physical security design for a nuclear reprocessing plant. Locations throughout the plant where data overlap occurs or where MC&A data could be a benefit were identified. This mapping is presented along with the methodology for including the additional data in existing probabilistic assessments to evaluate safeguards and security systems designs.

  8. The Smart Card concept applied to access control

    SciTech Connect

    Seidman, S.

    1986-01-01

    Passwords tend to be handled carelessly, and so are easily lost or stolen. Because they are intangible, their loss or theft generally goes unnoticed. Because they are constant, they may be used by anyone for as long as they remain in active use by a legitimate user. A step up in password security is offered by a new range of products which generate a new code each time the device is used. Devices are being produced in packages as small as a standard plastic credit card, including internal battery power, integral keyboard and LCD display. Security features of the Smart Card are reviewed, and several random access code generators currently available in the commercial marketplace are described.

  9. Accessible Gaming through Mainstreaming Kinetic Controller

    NASA Astrophysics Data System (ADS)

    Garrido, Yolanda; Marco, Álvaro; Segura, Joaquín; Blanco, Teresa; Casas, Roberto

    Leisure is a very important aspect in our everyday life; and gaming is one of the main ways to it. Depending on the particular situation of each person, the way of playing could be very different. Motivation, preferences, skills, knowledge are some of the factors that influences this experience. When the person has a disability, additional agents come to scene such as cognitive level and mobility. Besides the design of the game, these factors clearly affect how the person interacts with the game; its user interface. In this paper we present a tool that allows people with disabilities to play games with a normalized user interface. This tool a) manages several wireless kinetic remote controllers, e.g. the Wiimotes; b) can be configured to capture any voluntary movements users could do and c) convert them into the specific inputs required by existing adapted games. As a result, users with disabilities can experience and enjoy games that were previously inaccessible to them.

  10. Process Control System Cyber Security Standards - An Overview

    SciTech Connect

    Robert P. Evans; V Stanley Scown; Rolf Carlson; Shabbir Shamsuddin; George Shaw; Jeff Dagle; Paul W Oman; Jeannine Schmidt

    2005-10-01

    The use of cyber security standards can greatly assist in the protection of critical infrastructure by providing guidelines and requisite imperatives in the implementation of computer-controlled systems. These standards are most effective when the engineers and operators using the standards understand what each of the standards addresses and does not address. This paper provides a review and comparison of ten documents dealing with control system cyber security. It is not meant to be a complete treatment of all applicable standards; rather, this is an exemplary analysis showing the benefits of comparing and contrasting differing documents.

  11. Control with a random access protocol and packet dropouts

    NASA Astrophysics Data System (ADS)

    Wang, Liyuan; Guo, Ge

    2016-08-01

    This paper investigates networked control systems whose actuators communicate with the controller via a limited number of unreliable channels. The access to the channels is decided by a so-called group random access protocol, which is modelled as a binary Markov sequence. Data packet dropouts in the channels are modelled as independent Bernoulli processes. For such systems, a systematic characterisation for controller synthesis is established and stated in terms of the transition probabilities of the Markov protocol and the packet dropout probabilities. The results are illustrated via a numerical example.

  12. Security guide for subcontractors

    SciTech Connect

    Adams, R.C.

    1993-06-01

    This guide is provided to aid in the achievement of security objectives in the Department of Energy (DOE) contractor/subcontractor program. The objectives of security are to protect information that, if released, would endanger the common defense and security of the nation and to safeguard plants and installations of the DOE and its contractors to prevent the interruption of research and production programs. The security objective and means of achieving the objective are described. Specific security measures discussed in this guide include physical barriers, personnel identification systems, personnel and vehicular access control, classified document control, protection of classified matter in use, storing classified matter, and repository combinations. Means of dealing with security violations and security infractions are described. Maintenance of a security education program is discussed. Also discussed are methods of handling clearance terminations, visitor control, travel to sensitive countries, and shipment security. The Technical Surveillance Countermeasures Program (TSCM), the Computer Security Program, and the Operations Security Plan (OPSEC) are examined.

  13. Face Recognition for Access Control Systems Combining Image-Difference Features Based on a Probabilistic Model

    NASA Astrophysics Data System (ADS)

    Miwa, Shotaro; Kage, Hiroshi; Hirai, Takashi; Sumi, Kazuhiko

    We propose a probabilistic face recognition algorithm for Access Control System(ACS)s. Comparing with existing ACSs using low cost IC-cards, face recognition has advantages in usability and security that it doesn't require people to hold cards over scanners and doesn't accept imposters with authorized cards. Therefore face recognition attracts more interests in security markets than IC-cards. But in security markets where low cost ACSs exist, price competition is important, and there is a limitation on the quality of available cameras and image control. Therefore ACSs using face recognition are required to handle much lower quality images, such as defocused and poor gain-controlled images than high security systems, such as immigration control. To tackle with such image quality problems we developed a face recognition algorithm based on a probabilistic model which combines a variety of image-difference features trained by Real AdaBoost with their prior probability distributions. It enables to evaluate and utilize only reliable features among trained ones during each authentication, and achieve high recognition performance rates. The field evaluation using a pseudo Access Control System installed in our office shows that the proposed system achieves a constant high recognition performance rate independent on face image qualities, that is about four times lower EER (Equal Error Rate) under a variety of image conditions than one without any prior probability distributions. On the other hand using image difference features without any prior probabilities are sensitive to image qualities. We also evaluated PCA, and it has worse, but constant performance rates because of its general optimization on overall data. Comparing with PCA, Real AdaBoost without any prior distribution performs twice better under good image conditions, but degrades to a performance as good as PCA under poor image conditions.

  14. Secure Control Systems for the Energy Sector

    SciTech Connect

    Smith, Rhett; Stewart, John; Chavez, Adrian

    2014-10-22

    The Padlock Project is an alliance between Tennessee Valley Authority (TVA), Sandia National Laboratories (SNL), and Schweitzer Engineering Laboratories Inc. (SEL). SEL is the prime contractor on the Padlock project. Rhett Smith (SEL) is the project director and Adrian Chaves (SNL) and John Stewart (TVA) are principle investigators. SEL is the world’s leader in microprocessor-based electronic equipment for protecting electric power systems. The Tennessee Valley Authority, a corporation owned by the U.S. government, provides electricity for 9 million people in parts of seven southeastern states at prices below the national average. TVA, which receives no taxpayer money and makes no profits, also provides flood control, navigation and land management for the Tennessee River system and assists utilities, and state and local governments with economic development.

  15. MPEG-21 as an access control tool for the National Health Service Care Records Service.

    PubMed

    Brox, Georg A

    2005-01-01

    Since the launch of the National Health Service (NHS) Care Records Service with plans to share patient information across England, there has been an emphasis on the need for manageable access control methods. MPEG-21 is a structured file format which includes an Intellectual Property Management and Protection (IPMP) function using XML to present all digitally stored items in the patient record. Using DICreator software, patient records consisting of written text, audio-recordings, non-X-ray digital imaging and video sequences were linked up successfully. Audio records were created using Talk-Back 2002 to standardize and optimize recording quality. The recorded reports were then linked and archived using iTunes. A key was used each time the file was displayed to secure access to confidential patient data. The building of the correct file structure could be monitored during the entire creation of the file. The results demonstrated the ability to ensure secure access of the MPEG-21 file by both health-care professionals and patients by use of different keys and a specific MPEG-21 browser. The study also showed that the enabling of IPMP will provide accurate audit trails to authenticate appropriate access to medical information. PMID:16035983

  16. Secure Communications in High Speed Fiber Optical Networks Using Code Division Multiple Access (CDMA) Transmission

    SciTech Connect

    Han, I; Bond, S; Welty, R; Du, Y; Yoo, S; Reinhardt, C; Behymer, E; Sperry, V; Kobayashi, N

    2004-02-12

    This project is focused on the development of advanced components and system technologies for secure data transmission on high-speed fiber optic data systems. This work capitalizes on (1) a strong relationship with outstanding faculty at the University of California-Davis who are experts in high speed fiber-optic networks, (2) the realization that code division multiple access (CDMA) is emerging as a bandwidth enhancing technique for fiber optic networks, (3) the realization that CDMA of sufficient complexity forms the basis for almost unbreakable one-time key transmissions, (4) our concepts for superior components for implementing CDMA, (5) our expertise in semiconductor device processing and (6) our Center for Nano and Microtechnology, which is where the majority of the experimental work was done. Here we present a novel device concept, which will push the limits of current technology, and will simultaneously solve system implementation issues by investigating new state-of-the-art fiber technologies. This will enable the development of secure communication systems for the transmission and reception of messages on deployed commercial fiber optic networks, through the CDMA phase encoding of broad bandwidth pulses. CDMA technology has been developed as a multiplexing technology, much like wavelength division multiplexing (WDM) or time division multiplexing (TDM), to increase the potential number of users on a given communication link. A novel application of the techniques created for CDMA is to generate secure communication through physical layer encoding. Physical layer encoding devices are developed which utilize semiconductor waveguides with fast carrier response times to phase encode spectral components of a secure signal. Current commercial technology, most commonly a spatial light modulator, allows phase codes to be changed at rates of only 10's of Hertz ({approx}25ms response). The use of fast (picosecond to nanosecond) carrier dynamics of semiconductors, as

  17. Secure Data Transfer Guidance for Industrial Control and SCADA Systems

    SciTech Connect

    Mahan, Robert E.; Fluckiger, Jerry D.; Clements, Samuel L.; Tews, Cody W.; Burnette, John R.; Goranson, Craig A.; Kirkham, Harold

    2011-09-01

    This document was developed to provide guidance for the implementation of secure data transfer in a complex computational infrastructure representative of the electric power and oil and natural gas enterprises and the control systems they implement. For the past 20 years the cyber security community has focused on preventative measures intended to keep systems secure by providing a hard outer shell that is difficult to penetrate. Over time, the hard exterior, soft interior focus changed to focus on defense-in-depth adding multiple layers of protection, introducing intrusion detection systems, more effective incident response and cleanup, and many other security measures. Despite much larger expenditures and more layers of defense, successful attacks have only increased in number and severity. Consequently, it is time to re-focus the conventional approach to cyber security. While it is still important to implement measures to keep intruders out, a new protection paradigm is warranted that is aimed at discovering attempted or real compromises as early as possible. Put simply, organizations should take as fact that they have been, are now, or will be compromised. These compromises may be intended to steal information for financial gain as in the theft of intellectual property or credentials that lead to the theft of financial resources, or to lie silent until instructed to cause physical or electronic damage and/or denial of services. This change in outlook has been recently confirmed by the National Security Agency [19]. The discovery of attempted and actual compromises requires an increased focus on monitoring events by manual and/or automated log monitoring, detecting unauthorized changes to a system's hardware and/or software, detecting intrusions, and/or discovering the exfiltration of sensitive information and/or attempts to send inappropriate commands to ICS/SCADA (Industrial Control System/Supervisory Control And Data Acquisition) systems.

  18. Secondary retention of rubber dam: effective moisture control access considerations.

    PubMed

    Liebenberg, W H

    1995-04-01

    Primary rubber dam retention affects attachment of the latex sheet to the anchor teeth bordering the isolated working field. Secondary rubber dam retention is the provision of an effective seal at the dam-tooth junction, which is essential to the maintenance of adequate access and moisture control within the working field. Practical hints are offered to optimize access and moisture control through well-planned and properly executed secondary retention of classic rubber dam applications. In addition, innovative solutions to the limitations of general field isolation, which pertain mostly to secondary retention of the unrestrained buccal and lingual curtains of the slit dam, are introduced.

  19. Controlling user access to electronic resources without password

    SciTech Connect

    Smith, Fred Hewitt

    2015-06-16

    Described herein are devices and techniques for remotely controlling user access to a restricted computer resource. The process includes pre-determining an association of the restricted computer resource and computer-resource-proximal environmental information. Indicia of user-proximal environmental information are received from a user requesting access to the restricted computer resource. Received indicia of user-proximal environmental information are compared to associated computer-resource-proximal environmental information. User access to the restricted computer resource is selectively granted responsive to a favorable comparison in which the user-proximal environmental information is sufficiently similar to the computer-resource proximal environmental information. In at least some embodiments, the process further includes comparing user-supplied biometric measure and comparing it with a predetermined association of at least one biometric measure of an authorized user. Access to the restricted computer resource is granted in response to a favorable comparison.

  20. Building a Secure Library System.

    ERIC Educational Resources Information Center

    Benson, Allen C.

    1998-01-01

    Presents tips for building a secure library system to guard against threats like hackers, viruses, and theft. Topics include: determining what is at risk; recovering from disasters; developing security policies; developing front-end security; securing menu systems; accessing control programs; protecting against damage from viruses; developing…

  1. Accessibility, stabilizability, and feedback control of continuous orbital transfer.

    PubMed

    Gurfil, Pini

    2004-05-01

    This paper investigates the problem of low-thrust orbital transfer using orbital element feedback from a control-theoretic standpoint, concepts of controllability, feedback stabilizability, and their interaction. The Gauss variational equations (GVEs) are used to model the state-space dynamics. First, the notion of accessibility, a weaker form of controllability, is presented. It is then shown that the GVEs are globally accessible. Based on the accessibility result, a nonlinear feedback controller is derived that asymptotically steers a vehicle from an initial elliptic Keplerian orbit to any given elliptic Keplerian orbit. The performance of the new controller is illustrated by simulating an orbital transfer between two geosynchronous Earth orbits. It is shown that the low-thrust controller requires less fuel than an impulsive maneuver for the same transfer time. Closed-form, analytic expressions for the new orbital transfer controller are given. Finally, it is proved, based on a topological nonlinear stabilizability test, that there does not exist a continuous closed-loop controller that can transfer a spacecraft to a parabolic escape trajectory.

  2. Joint Access Control Based on Access Ratio and Resource Utilization for High-Speed Railway Communications

    NASA Astrophysics Data System (ADS)

    Zhou, Yuzhe; Ai, Bo

    2015-05-01

    The fast development of high-speed rails makes people's life more and more convenient. However, provisioning of quality of service of multimedia applications for users on the high-speed train is a critical task for wireless communications. Therefore, new solutions are desirable to be found to address this kind of problem. Current researches mainly focus on providing seamless broadband wireless access for high-speed mobile terminals. In this paper, an algorithm to calculate the optimal resource reservation fraction of handovers is proposed. A joint access control scheme for high-speed railway communication handover scenario is proposed. Metrics of access ratio and resource utilization ratio are considered jointly in the analysis and the performance evaluation. Simulation results show that the proposed algorithm and the scheme improve quality of service compared with other conventional schemes.

  3. Access Control for Mobile Assessment Systems Using ID.

    PubMed

    Nakayama, Masaharu; Ishii, Tadashi; Morino, Kazuma

    2015-01-01

    The assessment of shelters during disaster is critical to ensure the health of evacuees and prevent pandemic. In the Ishinomaki area, one of the areas most damaged by the Great East Japan Earthquake, the highly organized assessment helped to successfully manage a total of 328 shelters with a total of 46,480 evacuees. The input and analysis of vast amounts of data was tedious work for staff members. However, a web-based assessment system that utilized mobile devices was thought to decrease workload and standardize the evaluation form. The necessary access of information should be controlled in order to maintain individuals' privacy. We successfully developed an access control system using IDs. By utilizing a unique numerical ID, users can access the input form or assessment table. This avoids unnecessary queries to the server, resulting in a quick response and easy availability, even with poor internet connection. PMID:26262204

  4. Balancing Security and Learning. School Security Supplement.

    ERIC Educational Resources Information Center

    Kennedy, Mike

    2002-01-01

    Discusses ways to provide vital safety to schools without inhibiting the learning environment for students. Describes security efforts at Orange County, Florida schools, such as using video cameras, school police officers, and access-control systems. (EV)

  5. 33 CFR 105.405 - Format and content of the Facility Security Plan (FSP).

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ...) Security measures for access control, including designated public access areas; (11) Security measures for restricted areas; (12) Security measures for handling cargo; (13) Security measures for delivery of vessel stores and bunkers; (14) Security measures for monitoring; (15) Security incident procedures; (16)...

  6. Access Control for Agent-based Computing: A Distributed Approach.

    ERIC Educational Resources Information Center

    Antonopoulos, Nick; Koukoumpetsos, Kyriakos; Shafarenko, Alex

    2001-01-01

    Discusses the mobile software agent paradigm that provides a foundation for the development of high performance distributed applications and presents a simple, distributed access control architecture based on the concept of distributed, active authorization entities (lock cells), any combination of which can be referenced by an agent to provide…

  7. INDUSTRIAL CONTROL SYSTEM CYBER SECURITY: QUESTIONS AND ANSWERS RELEVANT TO NUCLEAR FACILITIES, SAFEGUARDS AND SECURITY

    SciTech Connect

    Robert S. Anderson; Mark Schanfein; Trond Bjornard; Paul Moskowitz

    2011-07-01

    Typical questions surrounding industrial control system (ICS) cyber security always lead back to: What could a cyber attack do to my system(s) and; how much should I worry about it? These two leading questions represent only a fraction of questions asked when discussing cyber security as it applies to any program, company, business, or organization. The intent of this paper is to open a dialog of important pertinent questions and answers that managers of nuclear facilities engaged in nuclear facility security and safeguards should examine, i.e., what questions should be asked; and how do the answers affect an organization's ability to effectively safeguard and secure nuclear material. When a cyber intrusion is reported, what does that mean? Can an intrusion be detected or go un-noticed? Are nuclear security or safeguards systems potentially vulnerable? What about the digital systems employed in process monitoring, and international safeguards? Organizations expend considerable efforts to ensure that their facilities can maintain continuity of operations against physical threats. However, cyber threats particularly on ICSs may not be well known or understood, and often do not receive adequate attention. With the disclosure of the Stuxnet virus that has recently attacked nuclear infrastructure, many organizations have recognized the need for an urgent interest in cyber attacks and defenses against them. Several questions arise including discussions about the insider threat, adequate cyber protections, program readiness, encryption, and many more. These questions, among others, are discussed so as to raise the awareness and shed light on ways to protect nuclear facilities and materials against such attacks.

  8. Secure quantum network coding for controlled repeater networks

    NASA Astrophysics Data System (ADS)

    Shang, Tao; Li, Jiao; Liu, Jian-wei

    2016-07-01

    To realize efficient quantum communication based on quantum repeater, we propose a secure quantum network coding scheme for controlled repeater networks, which adds a controller as a trusted party and is able to control the process of EPR-pair distribution. As the key operations of quantum repeater, local operations and quantum communication are designed to adopt quantum one-time pad to enhance the function of identity authentication instead of local operations and classical communication. Scheme analysis shows that the proposed scheme can defend against active attacks for quantum communication and realize long-distance quantum communication with minimal resource consumption.

  9. An Extended Role-Based Access Control Model for Delegating Obligations

    NASA Astrophysics Data System (ADS)

    Ben-Ghorbel-Talbi, Meriam; Cuppens, Frédéric; Cuppens-Boulahia, Nora; Bouhoula, Adel

    The main aim of access control models is to provide means to simplify the management of the security policy, which is a fastidious and error-prone task. Supporting delegation is considered as an important mean to decentralize the administration and therefore to allow security policy to be more flexible and easier to manipulate. Our main contribution is the proposition of a unified model to the administration and delegation of obligations. Managing such delegations implies more requirements than managing traditional privileges delegation. In fact, delegating obligations may include two interpretations: the delegation of the obligation and the delegation of the responsibility related to this obligation. Therefore, it is important to deal with these two notions separately. Moreover, since delegating an obligation involves the delegation of sanctions, then the consent of the user who receives this delegation may be required in some cases. We address in this paper these requirements and we propose a formalism to deal with them.

  10. T3: Secure, Scalable, Distributed Data Movement and Remote System Control for Enterprise Level Cyber Security

    SciTech Connect

    Thomas, Gregory S.; Nickless, William K.; Thiede, David R.; Gorton, Ian; Pitre, Bill J.; Christy, Jason E.; Faultersack, Elizabeth M.; Mauth, Jeffery A.

    2009-07-20

    Enterprise level cyber security requires the deployment, operation, and monitoring of many sensors across geographically dispersed sites. Communicating with the sensors to gather data and control behavior is a challenging task when the number of sensors is rapidly growing. This paper describes the system requirements, design, and implementation of T3, the third generation of our transport software that performs this task. T3 relies on open source software and open Internet standards. Data is encoded in MIME format messages and transported via NNTP, which provides scalability. OpenSSL and public key cryptography are used to secure the data. Robustness and ease of development are increased by defining an internal cryptographic API, implemented by modules in C, Perl, and Python. We are currently using T3 in a production environment. It is freely available to download and use for other projects.

  11. Distributed reservation control protocols for random access broadcasting channels

    NASA Technical Reports Server (NTRS)

    Greene, E. P.; Ephremides, A.

    1981-01-01

    Attention is given to a communication network consisting of an arbitrary number of nodes which can communicate with each other via a time-division multiple access (TDMA) broadcast channel. The reported investigation is concerned with the development of efficient distributed multiple access protocols for traffic consisting primarily of single packet messages in a datagram mode of operation. The motivation for the design of the protocols came from the consideration of efficient multiple access utilization of moderate to high bandwidth (4-40 Mbit/s capacity) communication satellite channels used for the transmission of short (1000-10,000 bits) fixed length packets. Under these circumstances, the ratio of roundtrip propagation time to packet transmission time is between 100 to 10,000. It is shown how a TDMA channel can be adaptively shared by datagram traffic and constant bandwidth users such as in digital voice applications. The distributed reservation control protocols described are a hybrid between contention and reservation protocols.

  12. Online power system security classifier and enhancement control

    NASA Astrophysics Data System (ADS)

    de Arizon, Maria Paloma

    Today, the stable and reliable operation of power systems is becoming increasingly difficult. While, on the one hand, due to regulatory reforms, an increasing number of merchant plants and co-generators are being connected to the network, on the other, the expansion of transmission systems has been increasingly difficult due to environmental and land issues. As a result, thousands of power flow schedules are changed hourly, complicating the systems operation. This scenario has rendered the. traditional system operation criteria, based on off-line studies, inadequate to cope with the constantly changing nature, and online assessment techniques are becoming increasingly important. In this work, an approach based on "approximate reasoning techniques" is presented for the classification of dynamic security conditions in the power system and for the selection of dynamic security enhancement strategies (preventive control actions). The algorithm proposed combines energy functions and sensitivities to find the "membership" of the system to the subsets that determine its security status, as well as, the "membership" of the different generators to specific control related subsets. The algorithm proposed combines energy functions and sensitivities, together with physical equipment limitations, to select the generators voltage and power output such that the required security level is met. The procedure uses optimisation methods for tuning the threshold values that describe the membership functions in order to obtain optimum preventive control strategies. The developed procedure was also designed to produce a simultaneous preventive control for a set of non-disjoint contingencies. Finally to enhance the speed of the algorithm a new and time-saving technique for efficient [Ybus] matrix evaluations was developed in this work. The results presented in the work show that the proposed method achieves the following objectives: (a) A fast and accurate classification of the system

  13. 33 CFR 101.405 - Maritime Security (MARSEC) Directives.

    Code of Federal Regulations, 2010 CFR

    2010-07-01

    ... this section shall be marked as sensitive security information (SSI) in accordance with 49 CFR part... of and access to sensitive security information, and that under 49 CFR 1520.5(b), they have a need to... SECURITY MARITIME SECURITY MARITIME SECURITY: GENERAL Control Measures for Security § 101.405...

  14. Secure control systems with application to cyber-physical systems

    SciTech Connect

    Dong, Jin; Djouadi, Seddik M; Nutaro, James J; Kuruganti, Phani Teja

    2014-01-01

    Control systems are computer-based systems with networked units consisting of sensors, actuators, control processing units, and communication devices. The role of control system is to interact, monitor, and control physical processes. Reactive power control is a fundamental issue in ensuring the security of the power network. It is claimed that Synchronous Condensers (SC) have been used at both distribution and transmission voltage levels to improve stability and to maintain voltages within desired limits under changing load conditions and contingency situations. Performance of PI controller corresponding to various tripping faults are analyzed for SC systems. Most of the eort in protecting these systems has been in protection against random failures or reliability. However, besides failures these systems are subject to various signal attacks for which new analysis are discussed here. When a breach does occur, it is necessary to react in a time commensurate with the physical dynamics of the system as it responds to the attack. Failure to act swiftly enough may result in undesirable, and possibly irreversible, physical eects. Therefore, it is meaningful to evaluate the security of a cyber-physical system, especially to protect it from cyber-attack. Illustrative numerical examples are provided together with an application to the SC systems.

  15. Catheter Securement Systems for Peripherally Inserted and Nontunneled Central Vascular Access Devices: Clinical Evaluation of a Novel Sutureless Device.

    PubMed

    Krenik, Karen M; Smith, Graham E; Bernatchez, Stéphanie F

    2016-01-01

    Sutureless catheter securement systems are intended to eliminate risks associated with sutures. The clinical acceptability of a novel system was investigated compared with the current method of securement for peripherally inserted central catheters (19 facilities using StatLock or sutures) or nontunneled central vascular access devices (3 facilities using StatLock or sutures or HubGuard + Sorbaview Shield). More than 94% of respondents rated the novel system as same, better, or much better than their current product. More than 82% of respondents were willing to replace their current system with the new one. PMID:27379679

  16. Controlling multiple security robots in a warehouse environment

    NASA Technical Reports Server (NTRS)

    Everett, H. R.; Gilbreath, G. A.; Heath-Pastore, T. A.; Laird, R. T.

    1994-01-01

    The Naval Command Control and Ocean Surveillance Center (NCCOSC) has developed an architecture to provide coordinated control of multiple autonomous vehicles from a single host console. The multiple robot host architecture (MRHA) is a distributed multiprocessing system that can be expanded to accommodate as many as 32 robots. The initial application will employ eight Cybermotion K2A Navmaster robots configured as remote security platforms in support of the Mobile Detection Assessment and Response System (MDARS) Program. This paper discusses developmental testing of the MRHA in an operational warehouse environment, with two actual and four simulated robotic platforms.

  17. Tag Content Access Control with Identity-based Key Exchange

    NASA Astrophysics Data System (ADS)

    Yan, Liang; Rong, Chunming

    2010-09-01

    Radio Frequency Identification (RFID) technology that used to identify objects and users has been applied to many applications such retail and supply chain recently. How to prevent tag content from unauthorized readout is a core problem of RFID privacy issues. Hash-lock access control protocol can make tag to release its content only to reader who knows the secret key shared between them. However, in order to get this shared secret key required by this protocol, reader needs to communicate with a back end database. In this paper, we propose to use identity-based secret key exchange approach to generate the secret key required for hash-lock access control protocol. With this approach, not only back end database connection is not needed anymore, but also tag cloning problem can be eliminated at the same time.

  18. Statistical process control testing of electronic security equipment

    SciTech Connect

    Murray, D.W.; Spencer, D.D.

    1994-06-01

    Statistical Process Control testing of manufacturing processes began back in the 1940`s with the development of Process Control Charts by Dr. Walter A. Shewart. Sandia National Laboratories has developed an application of the SPC method for performance testing of electronic security equipment. This paper documents the evaluation of this testing methodology applied to electronic security equipment and an associated laptop computer-based system for obtaining and analyzing the test data. Sandia developed this SPC sensor performance testing method primarily for use on portal metal detectors, but, has evaluated it for testing of an exterior intrusion detection sensor and other electronic security devices. This method is an alternative to the traditional binomial (alarm or no-alarm) performance testing. The limited amount of information in binomial data drives the number of tests necessary to meet regulatory requirements to unnecessarily high levels. For example, a requirement of a 0.85 probability of detection with a 90% confidence requires a minimum of 19 alarms out of 19 trials. By extracting and analyzing measurement (variables) data whenever possible instead of the more typical binomial data, the user becomes more informed about equipment health with fewer tests (as low as five per periodic evaluation).

  19. Rural providers' access to online resources: a randomized controlled trial

    PubMed Central

    Hall, Laura J.; McElfresh, Karen R.; Warner, Teddy D.; Stromberg, Tiffany L.; Trost, Jaren; Jelinek, Devin A.

    2016-01-01

    Objective The research determined the usage and satisfaction levels with one of two point-of-care (PoC) resources among health care providers in a rural state. Methods In this randomized controlled trial, twenty-eight health care providers in rural areas were stratified by occupation and region, then randomized into either the DynaMed or the AccessMedicine study arm. Study participants were physicians, physician assistants, and nurses. A pre- and post-study survey measured participants' attitudes toward different information resources and their information-seeking activities. Medical student investigators provided training and technical support for participants. Data analyses consisted of analysis of variance (ANOVA), paired t tests, and Cohen's d statistic to compare pre- and post-study effects sizes. Results Participants in both the DynaMed and the AccessMedicine arms of the study reported increased satisfaction with their respective PoC resource, as expected. Participants in both arms also reported that they saved time in finding needed information. At baseline, both arms reported too little information available, which increased to “about right amounts of information” at the completion of the study. DynaMed users reported a Cohen's d increase of +1.50 compared to AccessMedicine users' reported use of 0.82. DynaMed users reported d2 satisfaction increases of 9.48 versus AccessMedicine satisfaction increases of 0.59 using a Cohen's d. Conclusion Participants in the DynaMed arm of the study used this clinically oriented PoC more heavily than the users of the textbook-based AccessMedicine. In terms of user satisfaction, DynaMed users reported higher levels of satisfaction than the users of AccessMedicine. PMID:26807050

  20. An approach to access control in electronic health record.

    PubMed

    Sucurovic, Snezana

    2010-08-01

    OASIS is a non-for-profit consortium that drives the development convergence and adoption of open standards for the global information society. It involves more than 600 organizations and individuals as well as IT leaders Sun, Microsoft, IBM and Oracle. One of its standards is XACML which appeared a few years ago and now there are about 150,000 hits on Google. XACML (eXtensible Access Control Markup Language) is not technology related. Sun published in 2004 open source Sun XACML which is in compliance with XACML 1.0. specification and now works to make it comply with XACML 2.0. The heart of XACML are attributes values of defined type and name that is to be attached to a subject, a resource, an action and an environment in which a subject request action on resource. In that way XACML is to replace Role Based Access Control which dominated for years. The paper examines performances in CEN 13 606 and ISO 22 600 based healthcare system which uses XACML for access control.

  1. Integration of access control and ancillary information systems

    SciTech Connect

    Rodriguez, J.R.; Ahrens, J.S.

    1995-07-01

    The DOE has identified the Lawrence Livermore National Laboratory ARGUS system as the standard entry control system for the DOE Complex. ARGUS integrates several key functions, specifically, badging, entry control, and verification of clearance status. Not all sites need or can afford an ARGUS system. Such sites are therefore limited to commercial equipment which provide ARGUS like features. In this project an alternative way to integrate commercial equipment into an integrated system to include badging, access control, property control, and automated verification of clearance status has been investigated. Such a system would provide smaller sites the same functionality as is provided by ARGUS. Further, it would allow sites to fully participate in the DOE`s concept of Complex wide access control. This multi-year task is comprised of three phases. Phase 1, system requirements and definitions, and phase 2, software and hardware development, were completed during fiscal year 1994. This report covers these two phases and the demonstration system which resulted. Phase three would employ the demonstration system to evaluate system performance, identify operational limits and to integrate additional features. The demonstration system includes a badging station, a database server, a managers workstation, an entry control system, and a property protection system. The functions have been integrated through the use of custom interfaces and operator screens which greatly increase ease of use.

  2. DOE/DHS INDUSTRIAL CONTROL SYSTEM CYBER SECURITY PROGRAMS: A MODEL FOR USE IN NUCLEAR FACILITY SAFEGUARDS AND SECURITY

    SciTech Connect

    Robert S. Anderson; Mark Schanfein; Trond Bjornard; Paul Moskowitz

    2011-07-01

    Many critical infrastructure sectors have been investigating cyber security issues for several years especially with the help of two primary government programs. The U.S. Department of Energy (DOE) National SCADA Test Bed and the U.S. Department of Homeland Security (DHS) Control Systems Security Program have both implemented activities aimed at securing the industrial control systems that operate the North American electric grid along with several other critical infrastructure sectors (ICS). These programs have spent the last seven years working with industry including asset owners, educational institutions, standards and regulating bodies, and control system vendors. The programs common mission is to provide outreach, identification of cyber vulnerabilities to ICS and mitigation strategies to enhance security postures. The success of these programs indicates that a similar approach can be successfully translated into other sectors including nuclear operations, safeguards, and security. The industry regulating bodies have included cyber security requirements and in some cases, have incorporated sets of standards with penalties for non-compliance such as the North American Electric Reliability Corporation Critical Infrastructure Protection standards. These DOE and DHS programs that address security improvements by both suppliers and end users provide an excellent model for nuclear facility personnel concerned with safeguards and security cyber vulnerabilities and countermeasures. It is not a stretch to imagine complete surreptitious collapse of protection against the removal of nuclear material or even initiation of a criticality event as witnessed at Three Mile Island or Chernobyl in a nuclear ICS inadequately protected against the cyber threat.

  3. A study of multiple access schemes in satellite control network

    NASA Astrophysics Data System (ADS)

    Mo, Zijian; Wang, Zhonghai; Xiang, Xingyu; Wang, Gang; Chen, Genshe; Nguyen, Tien; Pham, Khanh; Blasch, Erik

    2016-05-01

    Satellite Control Networks (SCN) have provided launch control for space lift vehicles; tracking, telemetry and commanding (TTC) for on-orbit satellites; and, test support for space experiments since the 1960s. Currently, SCNs encounter a new challenge: how to maintain the high reliability of services when sharing the spectrum with emerging commercial services. To achieve this goal, the capability of multiple satellites reception is deserved as an update/modernization of SCN in the future. In this paper, we conducts an investigation of multiple access techniques in SCN scenario, e.g., frequency division multiple access (FDMA) and coded division multiple access (CDMA). First, we introduce two upgrade options of SCN based on FDMA and CDMA techniques. Correspondingly, we also provide their performance analysis, especially the system improvement in spectrum efficiency and interference mitigation. Finally, to determine the optimum upgrade option, this work uses CRISP, i.e., Cost, Risk, Installation, Supportability and Performance, as the baseline approach for a comprehensive trade study of these two options. Extensive numerical and simulation results are presented to illustrate the theoretical development.

  4. Coalition Warfare Program (CWP): secure policy controlled information query and dissemination over a Bices network

    NASA Astrophysics Data System (ADS)

    Toth, Andrew; Pham, Tien; Karr, Todd; Bent, Graham; Harries, Dominic; Knox, Alan

    2013-05-01

    In 2006, the US Army Research Laboratory (ARL) and the UK Ministry of Defence (MoD) established a collaborative research alliance with academia and industry, called the International Technology Alliance (ITA) to address fundamental issues concerning Network and Information Sciences. Under the ITA research program, a US-UK transition project on "ITA Policy Controlled Information Query and Dissemination" was funded in 2011 by OSD's Coalition Warfare Program (CWP). The goal of this CWP project is to develop an extensible capability of performing distributed federated query and information dissemination across a coalition network of distributed disparate data/information sources with access­ controlled policies. The CWP project is lead by US Army Research Laboratory (ARL) and UK Defence Science Technology Laboratory (Dstl) with software development by IBM UK and IBM US. The CWP project exploits two key technology components developed within the ITA, namely the Gaian Database and integrated Access Policy Decision and Enforcement mechanisms. The Gaian Database (GaianDB) is a Dynamic Distributed Federated Database (DDFD) that addresses a need to share information among coalition members by providing a means for policy-controlled access to data across a network of heterogeneous data sources. GaianDB implements a SQL-compliant Store-Locally-Query-Anywhere (SLQA) approach providing software applications with global access to data from any node in the database network via standard SQL queries. Security policy is stored locally and enforced at the database node level, reducing potential for unauthorized data access and waste of network bandwidth. A key metric of success for a CWP project is the transition of coalition-related technology from TRL-3 or 4 to TRL-6 or higher. Thus, the end goal of this CWP project was to demonstrate the GaianDB and policy technology within an operational environment at the NATO Intelligence Fusion Centre (NIFC) at Molesworth RAF. An initial

  5. Creating and Maintaining Security on Campus.

    ERIC Educational Resources Information Center

    Polensky, David W.

    2002-01-01

    Describes the various components of an effective campus security program, including the master plan/needs assessment, law enforcement staffing, security technology, access control, closed circuit television systems, and emergency planning. (EV)

  6. 78 FR 7334 - Port Authority Access to Facility Vulnerability Assessments and the Integration of Security Systems

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-02-01

    ... our public dockets in the January 17, 2008, issue of the Federal Register (73 FR 3316). Public meeting..., prevent, mitigate, and respond to Transportation Security Incidents (TSIs) and other disasters. If the... disaster. Each Facility Security Assessment (FSA) must contain provisions for contingency...

  7. Iterative algorithm analysis for phase-only diffractive control access system

    NASA Astrophysics Data System (ADS)

    Mihailescu, Mona; Preda, Alexandru; Cojoc, Dan; Scarlat, Eugen; Preda, Liliana

    2007-08-01

    A new architecture with two phases-only diffractive elements and one decryption mask for optical control access system is presented. Only three different persons which keep this element have the permission to access together. The Iterative Fourier Transform Algorithm (IFTA) is analyzed for phase-only diffractive optical elements (PODE) design with different constraints in the input and output plane and the optimal variant is chosen for better image quality in the output plane (big value for diffraction efficiency and small value for merit function and signal to noise ratio). For higher security we propose different incident waves. That are compared with the case when the first phase-only diffractive element and decryption masks are designed together in an extended iteration and the output images of them (first desired image) is taken over the second phase-only diffractive element. In order to increase security level, this finally PODE are designed to increase some parts from the first desired image. Only with this condition the key image on the detector is formed.

  8. Towards human-centric visual access control for clinical data management.

    PubMed

    Fahl, Sascha; Harbach, Marian; Smith, Matthew

    2012-01-01

    We propose a novel human-centric, visual, and context-aware access control (AC) system for distributed clinical data management and health information systems. Human-centricity in this context means that medical staff should be able to configure AC rules, both in a timesaving and reliable manner. Since medical data often includes (meta-) information about a patient, it is essential that an AC system includes the patient into the AC process. To cater for the strong security needs in the medical domain, both the AC policy creation by medical staff as well as the patient-interaction feature need to be taken into account. While traditional AC systems offer sufficient security in theory, they lack in comfort and flexibility and as a result find no widespread acceptance with non tech-savvy users. Distributed medical institutions could enormously benefit from the opportunity of dynamic AC configuration at an end-user level while adhering to legal, ethical or other privacy requirements. Hence, this paper presents a human-centric visual AC model for medical data, addressing usability, information security and patient interaction. PMID:22874293

  9. Secure portal.

    SciTech Connect

    Nelson, Cynthia Lee

    2007-09-01

    There is a need in security systems to rapidly and accurately grant access of authorized personnel to a secure facility while denying access to unauthorized personnel. In many cases this role is filled by security personnel, which can be very costly. Systems that can perform this role autonomously without sacrificing accuracy or speed of throughput are very appealing. To address the issue of autonomous facility access through the use of technology, the idea of a ''secure portal'' is introduced. A secure portal is a defined zone where state-of-the-art technology can be implemented to grant secure area access or to allow special privileges for an individual. Biometric technologies are of interest because they are generally more difficult to defeat than technologies such as badge swipe and keypad entry. The biometric technologies selected for this concept were facial and gait recognition. They were chosen since they require less user cooperation than other biometrics such as fingerprint, iris, and hand geometry and because they have the most potential for flexibility in deployment. The secure portal concept could be implemented within the boundaries of an entry area to a facility. As a person is approaching a badge and/or PIN portal, face and gait information can be gathered and processed. The biometric information could be fused for verification against the information that is gathered from the badge. This paper discusses a facial recognition technology that was developed for the purposes of providing high verification probabilities with low false alarm rates, which would be required of an autonomous entry control system. In particular, a 3-D facial recognition approach using Fisher Linear Discriminant Analysis is described. Gait recognition technology, based on Hidden Markov Models has been explored, but those results are not included in this paper. Fusion approaches for combining the results of the biometrics would be the next step in realizing the secure portal

  10. Statistical process control based chart for information systems security

    NASA Astrophysics Data System (ADS)

    Khan, Mansoor S.; Cui, Lirong

    2015-07-01

    Intrusion detection systems have a highly significant role in securing computer networks and information systems. To assure the reliability and quality of computer networks and information systems, it is highly desirable to develop techniques that detect intrusions into information systems. We put forward the concept of statistical process control (SPC) in computer networks and information systems intrusions. In this article we propose exponentially weighted moving average (EWMA) type quality monitoring scheme. Our proposed scheme has only one parameter which differentiates it from the past versions. We construct the control limits for the proposed scheme and investigate their effectiveness. We provide an industrial example for the sake of clarity for practitioner. We give comparison of the proposed scheme with EWMA schemes and p chart; finally we provide some recommendations for the future work.

  11. CS2SAT: THE CONTROL SYSTEMS CYBER SECURITY SELF-ASSESSMENT TOOL

    SciTech Connect

    Kathleen A. Lee

    2008-01-01

    The Department of Homeland Security National Cyber Security Division has developed the Control System Cyber Security Self-Assessment Tool (CS2SAT) that provides users with a systematic and repeatable approach for assessing the cyber-security posture of their industrial control system networks. The CS2SAT was developed by cyber security experts from Department of Energy National Laboratories and with assistance from the National Institute of Standards and Technology. The CS2SAT is a desktop software tool that guides users through a step-by-step process to collect facility-specific control system information and then makes appropriate recommendations for improving the system’s cyber-security posture. The CS2SAT provides recommendations from a database of industry available cyber-security practices, which have been adapted specifically for application to industry control system networks and components. Each recommendation is linked to a set of actions that can be applied to remediate-specific security vulnerabilities.

  12. Security Implications of OPC, OLE, DCOM, and RPC in Control Systems

    SciTech Connect

    Not Available

    2006-01-01

    OPC is a collection of software programming standards and interfaces used in the process control industry. It is intended to provide open connectivity and vendor equipment interoperability. The use of OPC technology simplifies the development of control systems that integrate components from multiple vendors and support multiple control protocols. OPC-compliant products are available from most control system vendors, and are widely used in the process control industry. OPC was originally known as OLE for Process Control; the first standards for OPC were based on underlying services in the Microsoft Windows computing environment. These underlying services (OLE [Object Linking and Embedding], DCOM [Distributed Component Object Model], and RPC [Remote Procedure Call]) have been the source of many severe security vulnerabilities. It is not feasible to automatically apply vendor patches and service packs to mitigate these vulnerabilities in a control systems environment. Control systems using the original OPC data access technology can thus inherit the vulnerabilities associated with these services. Current OPC standardization efforts are moving away from the original focus on Microsoft protocols, with a distinct trend toward web-based protocols that are independent of any particular operating system. However, the installed base of OPC equipment consists mainly of legacy implementations of the OLE for Process Control protocols.

  13. 48 CFR 3004.470 - Security requirements for access to unclassified facilities, Information Technology resources...

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... access to unclassified facilities, Information Technology resources, and sensitive information. 3004.470... Technology resources, and sensitive information. ... ACQUISITION REGULATION (HSAR) GENERAL ADMINISTRATIVE MATTERS Safeguarding Classified and Sensitive...

  14. 48 CFR 3004.470 - Security requirements for access to unclassified facilities, Information Technology resources...

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... access to unclassified facilities, Information Technology resources, and sensitive information. 3004.470... Technology resources, and sensitive information. ... ACQUISITION REGULATION (HSAR) GENERAL ADMINISTRATIVE MATTERS Safeguarding Classified and Sensitive...

  15. 48 CFR 3004.470 - Security requirements for access to unclassified facilities, Information Technology resources...

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... access to unclassified facilities, Information Technology resources, and sensitive information. 3004.470... Technology resources, and sensitive information. ... ACQUISITION REGULATION (HSAR) GENERAL ADMINISTRATIVE MATTERS Safeguarding Classified and Sensitive...

  16. 48 CFR 3004.470 - Security requirements for access to unclassified facilities, Information Technology resources...

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... access to unclassified facilities, Information Technology resources, and sensitive information. 3004.470... Technology resources, and sensitive information. ... ACQUISITION REGULATION (HSAR) GENERAL ADMINISTRATIVE MATTERS Safeguarding Classified and Sensitive...

  17. Extending a Role Graph for Role-Based Access Control

    NASA Astrophysics Data System (ADS)

    Asakura, Yoshiharu; Nakamoto, Yukikazu

    Role-based access control (RBAC) is widely used as an access control mechanism in various computer systems. Since an organization's lines of authority influence the authorized privileges of jobs, roles also form a hierarchical structure. A role graph is a model that represents role hierarchies and is suitable for the runtime phase of RBAC deployment. Since a role graph cannot take various forms for given roles and cannot handle abstraction of roles well, however, it is not suitable for the design phase of RBAC deployment. Hence, an extended role graph, which can take a more flexible form than that of a role graph, is proposed. The extended role graph improves diversity and clarifies abstraction of roles, making it suitable for the design phase. An equivalent transformation algorithm (ETA), for transforming an extended role graph into an equivalent role graph, is also proposed. Using the ETA, system administrators can deploy efficiently RBAC by using an extended role graph in the design phase and a standard role graph in the runtime phase.

  18. 47 CFR 76.1204 - Availability of equipment performing conditional access or security functions.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... 47 Telecommunication 4 2011-10-01 2011-10-01 false Availability of equipment performing... Availability of Navigation Devices § 76.1204 Availability of equipment performing conditional access or... perform conditional access functions shall make available equipment that incorporates only the...

  19. 76 FR 60398 - Exemption to Prohibition on Circumvention of Copyright Protection Systems for Access Control...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-09-29

    ... Prohibition on Circumvention of Copyright Protection Systems for Access Control Technologies, 68 FR 62011... Circumvention of Copyright Protection Systems for Access Control Technologies, 71 FR 68472, 68480, published in... Protection Systems for Access Control Technologies, 65 FR 64556, 64564, published in the Federal...

  20. School Security, 2000.

    ERIC Educational Resources Information Center

    Agron, Joe, Ed.; Anderson, Larry, Ed.

    This supplement, a collaboration of "American School & University" and "Access Control & Security Systems Integration" magazines, presents four articles examining equipment and management strategies to ensure school safety. "School Security by the Numbers" (Joe Agron; Larry Anderson) defines the parameters and quantifies the trend in the school…

  1. BIOPACK: the ground controlled late access biological research facility.

    PubMed

    van Loon, Jack J W A

    2004-03-01

    Future Space Shuttle flights shall be characterized by activities necessary to further build the International Space Station, ISS. During these missions limited resources are available to conduct biological experiments in space. The Shuttles' Middeck is a very suitable place to conduct science during the ISS assembly missions or dedicated science missions. The BIOPACK, which flew its first mission during the STS-107, provides a versatile Middeck Locker based research tool for gravitational biology studies. The core facility occupies the space of only two Middeck Lockers. Experiment temperatures are controlled for bacteria, plant, invertebrate and mammalian cultures. Gravity levels and profiles can be set ranging from 0 to 2.0 x g on three independent centrifuges. This provides the experimenter with a 1.0 x g on-board reference and intermediate hypogravity and hypergravity data points to investigate e.g. threshold levels in biological responses. Temperature sensitive items can be stored in the facilities' -10 degrees C and +4 degrees C stowage areas. During STS-107 the facility also included a small glovebox (GBX) and passive temperature controlled units (PTCU). The GBX provides the experimenter with two extra levels of containment for safe sample handling. This biological research facility is a late access (L-10 hrs) laboratory, which, when reaching orbit, could automatically be starting up reducing important experiment lag-time and valuable crew time. The system is completely telecommanded when needed. During flight system parameters like temperatures, centrifuge speeds, experiment commanding or sensor readouts can be monitored and changed when needed. Although ISS provides a wide range of research facilities there is still need for an STS-based late access facility such as the BIOPACK providing experimenters with a very versatile research cabinet for biological experiments under microgravity and in-flight control conditions.

  2. Controlled Access under Review: Improving the Governance of Genomic Data Access

    PubMed Central

    Shabani, Mahsa; Dyke, Stephanie O. M.; Joly, Yann; Borry, Pascal

    2015-01-01

    In parallel with massive genomic data production, data sharing practices have rapidly expanded over the last decade. To ensure authorized access to data, access review by data access committees (DACs) has been utilized as one potential solution. Here we discuss core elements to be integrated into the fabric of access review by both established and emerging DACs in order to foster fair, efficient, and responsible access to datasets. We particularly highlight the fact that the access review process could be adversely influenced by the potential conflicts of interest of data producers, particularly when they are directly involved in DACs management. Therefore, in structuring DACs and access procedures, possible data withholding by data producers should receive thorough attention. PMID:26720729

  3. Assessing School Security: Not an Either/Or Question.

    ERIC Educational Resources Information Center

    Butterfield, Eric

    2000-01-01

    Discusses school security program assessment and strategies that try to strike a balance between security equipment and staffing needs. Also explored are where security equipment can save school districts money, access control strategies, the physical elements that often compromise security, and school security personnel hiring criteria. (GR)

  4. Enabling mHealth while assuring compliance: reliable and secure information access in a mobile world.

    PubMed

    Wirth, Axel

    2012-01-01

    An increasingly mobile clinical workforce rapidly adopting consumer devices to access mobile, cloud-based applications, complemented by the wide range of mobile storage devices and other portable electronics, such as digital cameras, MP3 players, can make it difficult to efficiently assure compliance without impacting user productivity. This article reviewed a number of healthcare use cases and introduced comprehensive concepts and possible automated solutions to meet the requirements of a highly complex infrastructure of devices accessing confidential information.

  5. 10 CFR 76.111 - Physical security, material control and accounting, and protection of certain information.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... 10 Energy 2 2013-01-01 2013-01-01 false Physical security, material control and accounting, and protection of certain information. 76.111 Section 76.111 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.111 Physical security, material...

  6. 10 CFR 76.111 - Physical security, material control and accounting, and protection of certain information.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 10 Energy 2 2012-01-01 2012-01-01 false Physical security, material control and accounting, and protection of certain information. 76.111 Section 76.111 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.111 Physical security, material...

  7. 10 CFR 76.111 - Physical security, material control and accounting, and protection of certain information.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 10 Energy 2 2011-01-01 2011-01-01 false Physical security, material control and accounting, and protection of certain information. 76.111 Section 76.111 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.111 Physical security, material...

  8. 10 CFR 76.111 - Physical security, material control and accounting, and protection of certain information.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... 10 Energy 2 2010-01-01 2010-01-01 false Physical security, material control and accounting, and protection of certain information. 76.111 Section 76.111 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.111 Physical security, material...

  9. 10 CFR 76.111 - Physical security, material control and accounting, and protection of certain information.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 10 Energy 2 2014-01-01 2014-01-01 false Physical security, material control and accounting, and protection of certain information. 76.111 Section 76.111 Energy NUCLEAR REGULATORY COMMISSION (CONTINUED) CERTIFICATION OF GASEOUS DIFFUSION PLANTS Safeguards and Security § 76.111 Physical security, material...

  10. First Experiences Using XACML for Access Control in Distributed Systems

    NASA Technical Reports Server (NTRS)

    Lorch, Marcus; Proctor, Seth; Lepro, Rebekah; Kafura, Dennis; Shah, Sumit

    2003-01-01

    Authorization systems today are increasingly complex. They span domains of administration, rely on many different authentication sources, and manage permissions that can be as complex as the system itself. Worse still, while there are many standards that define authentication mechanisms, the standards that address authorization are less well defined and tend to work only within homogeneous systems. This paper presents XACML, a standard access control language, as one component of a distributed and inter-operable authorization framework. Several emerging systems which incorporate XACML are discussed. These discussions illustrate how authorization can be deployed in distributed, decentralized systems. Finally, some new and future topics are presented to show where this work is heading and how it will help connect the general components of an authorization system.

  11. Safety systems and access control in the National Ignition Facility.

    PubMed

    Reed, Robert K; Bell, Jayce C

    2013-06-01

    The National Ignition Facility (NIF) is the world's largest and most energetic laser system. The facility has the potential to generate ionizing radiation due to the interaction between the laser beams and target material, with neutrons and gamma rays being produced during deuterium-tritium fusion reactions. To perform these experiments, several types of hazards must be mitigated and controlled to ensure personnel safety. NIF uses a real-time safety system to monitor and mitigate the hazards presented by the facility. The NIF facility Safety Interlock System (SIS) monitors for oxygen deficiency and controls access to the facility preventing exposure to laser light and radiation from the Radiation Generating Devices. It also interfaces to radiation monitoring and other radiological monitoring and alarm systems. The SIS controls permissives to the hazard-generating equipment and annunciates hazard levels in the facility. To do this reliably and safely, the SIS has been designed as a fail-safe system with a proven performance record now spanning over 10 y. This paper discusses the SIS, its design, implementation, operator interfaces, validation/verification, and the hazard mitigation approaches employed in the NIF. A brief discussion of the Failure Modes and Effect Analysis supporting the SIS will also be presented. The paper ends with a general discussion of SIS do's and don'ts and common design flaws that should be avoided in SIS design. PMID:23629061

  12. Control Systems Security Center Comparison Study of Industrial Control System Standards against the Control Systems Protection Framework Cyber-Security Requirements

    SciTech Connect

    Robert P. Evans

    2005-09-01

    Cyber security standards, guidelines, and best practices for control systems are critical requirements that have been delineated and formally recognized by industry and government entities. Cyber security standards provide a common language within the industrial control system community, both national and international, to facilitate understanding of security awareness issues but, ultimately, they are intended to strengthen cyber security for control systems. This study and the preliminary findings outlined in this report are an initial attempt by the Control Systems Security Center (CSSC) Standard Awareness Team to better understand how existing and emerging industry standards, guidelines, and best practices address cyber security for industrial control systems. The Standard Awareness Team comprised subject matter experts in control systems and cyber security technologies and standards from several Department of Energy (DOE) National Laboratories, including Argonne National Laboratory, Idaho National Laboratory, Pacific Northwest National Laboratory, and Sandia National Laboratories. This study was conducted in two parts: a standard identification effort and a comparison analysis effort. During the standard identification effort, the Standard Awareness Team conducted a comprehensive open-source survey of existing control systems security standards, regulations, and guidelines in several of the critical infrastructure (CI) sectors, including the telecommunication, water, chemical, energy (electric power, petroleum and oil, natural gas), and transportation--rail sectors and sub-sectors. During the comparison analysis effort, the team compared the requirements contained in selected, identified, industry standards with the cyber security requirements in ''Cyber Security Protection Framework'', Version 0.9 (hereafter referred to as the ''Framework''). For each of the seven sector/sub-sectors listed above, one standard was selected from the list of standards identified

  13. 9 CFR 121.10 - Restricting access to select agents and toxins; security risk assessments.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... and toxins; security risk assessments. 121.10 Section 121.10 Animals and Animal Products ANIMAL AND PLANT HEALTH INSPECTION SERVICE, DEPARTMENT OF AGRICULTURE VIRUSES, SERUMS, TOXINS, AND ANALOGOUS PRODUCTS; ORGANISMS AND VECTORS POSSESSION, USE, AND TRANSFER OF SELECT AGENTS AND TOXINS §...

  14. 9 CFR 121.10 - Restricting access to select agents and toxins; security risk assessments.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... and toxins; security risk assessments. 121.10 Section 121.10 Animals and Animal Products ANIMAL AND PLANT HEALTH INSPECTION SERVICE, DEPARTMENT OF AGRICULTURE VIRUSES, SERUMS, TOXINS, AND ANALOGOUS PRODUCTS; ORGANISMS AND VECTORS POSSESSION, USE, AND TRANSFER OF SELECT AGENTS AND TOXINS §...

  15. 9 CFR 121.10 - Restricting access to select agents and toxins; security risk assessments.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... and toxins; security risk assessments. 121.10 Section 121.10 Animals and Animal Products ANIMAL AND PLANT HEALTH INSPECTION SERVICE, DEPARTMENT OF AGRICULTURE VIRUSES, SERUMS, TOXINS, AND ANALOGOUS PRODUCTS; ORGANISMS AND VECTORS POSSESSION, USE, AND TRANSFER OF SELECT AGENTS AND TOXINS §...

  16. 9 CFR 121.10 - Restricting access to select agents and toxins; security risk assessments.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... and toxins; security risk assessments. 121.10 Section 121.10 Animals and Animal Products ANIMAL AND PLANT HEALTH INSPECTION SERVICE, DEPARTMENT OF AGRICULTURE VIRUSES, SERUMS, TOXINS, AND ANALOGOUS PRODUCTS; ORGANISMS AND VECTORS POSSESSION, USE, AND TRANSFER OF SELECT AGENTS AND TOXINS §...

  17. 9 CFR 121.10 - Restricting access to select agents and toxins; security risk assessments.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... and toxins; security risk assessments. 121.10 Section 121.10 Animals and Animal Products ANIMAL AND PLANT HEALTH INSPECTION SERVICE, DEPARTMENT OF AGRICULTURE VIRUSES, SERUMS, TOXINS, AND ANALOGOUS PRODUCTS; ORGANISMS AND VECTORS POSSESSION, USE, AND TRANSFER OF SELECT AGENTS AND TOXINS §...

  18. A Framework for Context Sensitive Risk-Based Access Control in Medical Information Systems.

    PubMed

    Choi, Donghee; Kim, Dohoon; Park, Seog

    2015-01-01

    Since the access control environment has changed and the threat of insider information leakage has come to the fore, studies on risk-based access control models that decide access permissions dynamically have been conducted vigorously. Medical information systems should protect sensitive data such as medical information from insider threat and enable dynamic access control depending on the context such as life-threatening emergencies. In this paper, we suggest an approach and framework for context sensitive risk-based access control suitable for medical information systems. This approach categorizes context information, estimating and applying risk through context- and treatment-based permission profiling and specifications by expanding the eXtensible Access Control Markup Language (XACML) to apply risk. The proposed framework supports quick responses to medical situations and prevents unnecessary insider data access through dynamic access authorization decisions in accordance with the severity of the context and treatment. PMID:26075013

  19. A Framework for Context Sensitive Risk-Based Access Control in Medical Information Systems

    PubMed Central

    Choi, Donghee; Kim, Dohoon; Park, Seog

    2015-01-01

    Since the access control environment has changed and the threat of insider information leakage has come to the fore, studies on risk-based access control models that decide access permissions dynamically have been conducted vigorously. Medical information systems should protect sensitive data such as medical information from insider threat and enable dynamic access control depending on the context such as life-threatening emergencies. In this paper, we suggest an approach and framework for context sensitive risk-based access control suitable for medical information systems. This approach categorizes context information, estimating and applying risk through context- and treatment-based permission profiling and specifications by expanding the eXtensible Access Control Markup Language (XACML) to apply risk. The proposed framework supports quick responses to medical situations and prevents unnecessary insider data access through dynamic access authorization decisions in accordance with the severity of the context and treatment. PMID:26075013

  20. A case study of the Secure Anonymous Information Linkage (SAIL) Gateway: a privacy-protecting remote access system for health-related research and evaluation.

    PubMed

    Jones, Kerina H; Ford, David V; Jones, Chris; Dsilva, Rohan; Thompson, Simon; Brooks, Caroline J; Heaven, Martin L; Thayer, Daniel S; McNerney, Cynthia L; Lyons, Ronan A

    2014-08-01

    With the current expansion of data linkage research, the challenge is to find the balance between preserving the privacy of person-level data whilst making these data accessible for use to their full potential. We describe a privacy-protecting safe haven and secure remote access system, referred to as the Secure Anonymised Information Linkage (SAIL) Gateway. The Gateway provides data users with a familiar Windows interface and their usual toolsets to access approved anonymously-linked datasets for research and evaluation. We outline the principles and operating model of the Gateway, the features provided to users within the secure environment, and how we are approaching the challenges of making data safely accessible to increasing numbers of research users. The Gateway represents a powerful analytical environment and has been designed to be scalable and adaptable to meet the needs of the rapidly growing data linkage community.

  1. External Labeling as a Framework for Access Control

    ERIC Educational Resources Information Center

    Rozenbroek, Thomas H.

    2012-01-01

    With the ever increasing volume of data existing on and passing through on-line resources together with a growing number of legitimate users of that information and potential adversaries, the need for better security and safeguards is immediate and critical. Currently, most of the security and safeguards afforded on-line information are provided…

  2. Security

    ERIC Educational Resources Information Center

    Technology & Learning, 2008

    2008-01-01

    Anytime, anywhere, learning provides opportunities to create digital learning environments for new teaching styles and personalized learning. As part of making sure the program is effective, the safety and security of students and assets are essential--and mandated by law. The Children's Internet Protection Act (CIPA) addresses Internet content…

  3. Dynamic access control model for privacy preserving personalized healthcare in cloud environment.

    PubMed

    Son, Jiseong; Kim, Jeong-Dong; Na, Hong-Seok; Baik, Doo-Kwon

    2015-01-01

    When sharing and storing healthcare data in a cloud environment, access control is a central issue for preserving data privacy as a patient's personal health data may be accessed without permission from many stakeholders. Specifically, dynamic authorization for the access of data is required because personal health data is stored in cloud storage via wearable devices. Therefore, we propose a dynamic access control model for preserving the privacy of personal healthcare data in a cloud environment. The proposed model considers context information for dynamic access. According to the proposed model, access control can be dynamically determined by changing the context information; this means that even for a subject with the same role in the cloud, access permission is defined differently depending on the context information and access condition. Furthermore, we experiment the ability of the proposed model to provide correct responses by representing a dynamic access decision with real-life personalized healthcare system scenarios. PMID:26409546

  4. Dynamic access control model for privacy preserving personalized healthcare in cloud environment.

    PubMed

    Son, Jiseong; Kim, Jeong-Dong; Na, Hong-Seok; Baik, Doo-Kwon

    2015-01-01

    When sharing and storing healthcare data in a cloud environment, access control is a central issue for preserving data privacy as a patient's personal health data may be accessed without permission from many stakeholders. Specifically, dynamic authorization for the access of data is required because personal health data is stored in cloud storage via wearable devices. Therefore, we propose a dynamic access control model for preserving the privacy of personal healthcare data in a cloud environment. The proposed model considers context information for dynamic access. According to the proposed model, access control can be dynamically determined by changing the context information; this means that even for a subject with the same role in the cloud, access permission is defined differently depending on the context information and access condition. Furthermore, we experiment the ability of the proposed model to provide correct responses by representing a dynamic access decision with real-life personalized healthcare system scenarios.

  5. Access to Network Login by Three-Factor Authentication for Effective Information Security.

    PubMed

    Vaithyasubramanian, S; Christy, A; Saravanan, D

    2016-01-01

    Today's technology development in the field of computer along with internet of things made huge difference in the transformation of our lives. Basic computer framework and web client need to make significant login signify getting to mail, long range interpersonal communication, internet keeping money, booking tickets, perusing online daily papers, and so forth. The login user name and secret key mapping validate if the logging user is the intended client. Secret key is assumed an indispensable part in security. The objective of MFA is to make a layered safeguard and make it more troublesome for an unauthenticated entity to get to an objective, for example, a physical area, processing gadget, system, or database. In the event that one element is bargained or broken, the assailant still has two more boundaries to rupture before effectively breaking into the objective. An endeavor has been made by utilizing three variable types of authentication. In this way managing additional secret key includes an additional layer of security.

  6. An Information Security Control Assessment Methodology for Organizations

    ERIC Educational Resources Information Center

    Otero, Angel R.

    2014-01-01

    In an era where use and dependence of information systems is significantly high, the threat of incidents related to information security that could jeopardize the information held by organizations is more and more serious. Alarming facts within the literature point to inadequacies in information security practices, particularly the evaluation of…

  7. Privacy aware access controls for medical data disclosure on European healthgrids.

    PubMed

    Rahmouni, Hanene Boussi; Solomonides, Tony; Mont, Marco Casassa; Shiu, Simon

    2010-01-01

    To be processed within a healthgrid environment, medical data goes through a complete lifecycle and several stages until it is finally used for the primary reason it has been collected for. This stage is not always the final occurrence of when the data would have been manipulated. The data could rather continue to be needed for secondary purposes of legitimate or non legitimate nature. Although other privacy issues are related to the processing of patient data while it is residing on a healthgrid environment, the control of data disclosure is our primary interest. When sharing medical data between different Healthcare and biomedical research organizations in Europe, it is important that the different parties involved in the sharing handle the data in the same way indicated by the legislation of the member state where the data was originally collected as the requirements might differ from one state to another. Privacy requirements, such as patient consent, may be subject to conflicting conditions between different national frameworks as well as between different legal and ethical frameworks within a single member state. These circumstances have made the compliance management process in European healthgrid very challenging. In this paper we are presenting an approach to tackle these issues by relying on several technologies contained in the semantic web stack. Our work suggests a direct mapping from high level legislation on privacy and data protection to operational level privacy aware controls. Additionally we suggest an architecture for the enforcement of these controls on access control models adopted by healthgrids security infrastructures.

  8. A secure web-based approach for accessing transitional health information for people with traumatic brain injury.

    PubMed

    Lemaire, E D; Deforge, D; Marshall, S; Curran, D

    2006-03-01

    A web-based transitional health record was created to provide regional healthcare professionals with ubiquitous access to information on people with brain injuries as they move through the healthcare system. Participants included public, private, and community healthcare organizations/providers in Eastern Ontario (Canada). One hundred and nineteen service providers and 39 brain injury survivors registered over 6 months. Fifty-eight percent received English and 42% received bilingual services (English-French). Public health providers contacted the regional service coordinator more than private providers (52% urban centres, 26% rural service providers, and 22% both areas). Thirty-five percent of contacts were for technical difficulties, 32% registration inquiries, 21% forms and processes, 6% resources, and 6% education. Seventeen technical enquiries required action by technical support personnel: 41% digital certificates, 29% web forms, and 12% log-in. This web-based approach to clinical information sharing provided access to relevant data as clients moved through or re-entered the health system. Improvements include automated digital certificate management, institutional health records system integration, and more referral tracking tools. More sensitive test data could be accessed on-line with increasing consumer/clinician confidence. In addition to a strong technical infrastructure, human resource issues are a major information security component and require continuing attention to ensure a viable on-line information environment.

  9. Collections Security: The Preservation Perspective.

    ERIC Educational Resources Information Center

    Patkus, Beth L.

    1998-01-01

    Provides a brief review of the basic elements of library security and preservation programs as a background for an exploration of security/preservation issues, problems, and policies. Discusses environmental control, disaster preparedness, fire protection, storage and handling, and controlling access to collections. (AEF)

  10. A comprehensive Network Security Risk Model for process control networks.

    PubMed

    Henry, Matthew H; Haimes, Yacov Y

    2009-02-01

    The risk of cyber attacks on process control networks (PCN) is receiving significant attention due to the potentially catastrophic extent to which PCN failures can damage the infrastructures and commodity flows that they support. Risk management addresses the coupled problems of (1) reducing the likelihood that cyber attacks would succeed in disrupting PCN operation and (2) reducing the severity of consequences in the event of PCN failure or manipulation. The Network Security Risk Model (NSRM) developed in this article provides a means of evaluating the efficacy of candidate risk management policies by modeling the baseline risk and assessing expectations of risk after the implementation of candidate measures. Where existing risk models fall short of providing adequate insight into the efficacy of candidate risk management policies due to shortcomings in their structure or formulation, the NSRM provides model structure and an associated modeling methodology that captures the relevant dynamics of cyber attacks on PCN for risk analysis. This article develops the NSRM in detail in the context of an illustrative example.

  11. A comprehensive Network Security Risk Model for process control networks.

    PubMed

    Henry, Matthew H; Haimes, Yacov Y

    2009-02-01

    The risk of cyber attacks on process control networks (PCN) is receiving significant attention due to the potentially catastrophic extent to which PCN failures can damage the infrastructures and commodity flows that they support. Risk management addresses the coupled problems of (1) reducing the likelihood that cyber attacks would succeed in disrupting PCN operation and (2) reducing the severity of consequences in the event of PCN failure or manipulation. The Network Security Risk Model (NSRM) developed in this article provides a means of evaluating the efficacy of candidate risk management policies by modeling the baseline risk and assessing expectations of risk after the implementation of candidate measures. Where existing risk models fall short of providing adequate insight into the efficacy of candidate risk management policies due to shortcomings in their structure or formulation, the NSRM provides model structure and an associated modeling methodology that captures the relevant dynamics of cyber attacks on PCN for risk analysis. This article develops the NSRM in detail in the context of an illustrative example. PMID:19000078

  12. Secure remote access to a clinical data repository using a wireless personal digital assistant (PDA).

    PubMed Central

    Duncan, R. G.; Shabot, M. M.

    2000-01-01

    TCP/IP and World-Wide-Web (WWW) technology have become the universal standards for networking and delivery of information. Personal digital assistants (PDAs), cellular telephones, and alphanumeric pagers are rapidly converging on a single pocket device that will leverage wireless TCP/IP networks and WWW protocols and can be used to deliver clinical information and alerts anytime, anywhere. We describe a wireless interface to clinical information for physicians based on Palm Corp.'s Palm VII pocket computer, a wireless digital network, encrypted data transmission, secure web servers, and a clinical data repository (CDR). PMID:11079875

  13. Security of medical multimedia.

    PubMed

    Tzelepi, S; Pangalos, G; Nikolacopoulou, G

    2002-09-01

    The application of information technology to health care has generated growing concern about the privacy and security of medical information. Furthermore, data and communication security requirements in the field of multimedia are higher. In this paper we describe firstly the most important security requirements that must be fulfilled by multimedia medical data, and the security measures used to satisfy these requirements. These security measures are based mainly on modern cryptographic and watermarking mechanisms as well as on security infrastructures. The objective of our work is to complete this picture, exploiting the capabilities of multimedia medical data to define and implement an authorization model for regulating access to the data. In this paper we describe an extended role-based access control model by considering, within the specification of the role-permission relationship phase, the constraints that must be satisfied in order for the holders of the permission to use those permissions. The use of constraints allows role-based access control to be tailored to specifiy very fine-grained and flexible content-, context- and time-based access control policies. Other restrictions, such as role entry restriction also can be captured. Finally, the description of system architecture for a secure DBMS is presented.

  14. 21 CFR 1301.77 - Security controls for freight forwarding facilities.

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 21 Food and Drugs 9 2013-04-01 2013-04-01 false Security controls for freight forwarding facilities. 1301.77 Section 1301.77 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION OF MANUFACTURERS, DISTRIBUTORS, AND DISPENSERS OF CONTROLLED SUBSTANCES Security...

  15. 21 CFR 1301.77 - Security controls for freight forwarding facilities.

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 21 Food and Drugs 9 2014-04-01 2014-04-01 false Security controls for freight forwarding facilities. 1301.77 Section 1301.77 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION OF MANUFACTURERS, DISTRIBUTORS, AND DISPENSERS OF CONTROLLED SUBSTANCES Security...

  16. 21 CFR 1301.77 - Security controls for freight forwarding facilities.

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 21 Food and Drugs 9 2011-04-01 2011-04-01 false Security controls for freight forwarding facilities. 1301.77 Section 1301.77 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION OF MANUFACTURERS, DISTRIBUTORS, AND DISPENSERS OF CONTROLLED SUBSTANCES Security...

  17. 21 CFR 1301.77 - Security controls for freight forwarding facilities.

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 21 Food and Drugs 9 2012-04-01 2012-04-01 false Security controls for freight forwarding facilities. 1301.77 Section 1301.77 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION OF MANUFACTURERS, DISTRIBUTORS, AND DISPENSERS OF CONTROLLED SUBSTANCES Security...

  18. 21 CFR 1301.77 - Security controls for freight forwarding facilities.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 21 Food and Drugs 9 2010-04-01 2010-04-01 false Security controls for freight forwarding facilities. 1301.77 Section 1301.77 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION OF MANUFACTURERS, DISTRIBUTORS, AND DISPENSERS OF CONTROLLED SUBSTANCES Security...

  19. Control and Non-Payload Communications (CNPC) Prototype Radio - Generation 2 Security Architecture Lab Test Report

    NASA Technical Reports Server (NTRS)

    Iannicca, Dennis C.; McKim, James H.; Stewart, David H.; Thadhani, Suresh K.; Young, Daniel P.

    2015-01-01

    NASA Glenn Research Center, in cooperation with Rockwell Collins, is working to develop a prototype Control and Non-Payload Communications (CNPC) radio platform as part of NASA Integrated Systems Research Program's (ISRP) Unmanned Aircraft Systems (UAS) Integration in the National Airspace System (NAS) project. A primary focus of the project is to work with the FAA and industry standards bodies to build and demonstrate a safe, secure, and efficient CNPC architecture that can be used by industry to evaluate the feasibility of deploying a system using these technologies in an operational capacity. GRC has been working in conjunction with these groups to assess threats, identify security requirements, and to develop a system of standards-based security controls that can be applied to the current GRC prototype CNPC architecture as a demonstration platform. The security controls were integrated into a lab test bed mock-up of the Mobile IPv6 architecture currently being used for NASA flight testing, and a series of network tests were conducted to evaluate the security overhead of the controls compared to the baseline CNPC link without any security. The aim of testing was to evaluate the performance impact of the additional security control overhead when added to the Mobile IPv6 architecture in various modes of operation. The statistics collected included packet captures at points along the path to gauge packet size as the sample data traversed the CNPC network, round trip latency, jitter, and throughput. The effort involved a series of tests of the baseline link, a link with Robust Header Compression (ROHC) and without security controls, a link with security controls and without ROHC, and finally a link with both ROHC and security controls enabled. The effort demonstrated that ROHC is both desirable and necessary to offset the additional expected overhead of applying security controls to the CNPC link.

  20. FACELOCK-Lock Control Security System Using Face Recognition-

    NASA Astrophysics Data System (ADS)

    Hirayama, Takatsugu; Iwai, Yoshio; Yachida, Masahiko

    A security system using biometric person authentication technologies is suited to various high-security situations. The technology based on face recognition has advantages such as lower user’s resistance and lower stress. However, facial appearances change according to facial pose, expression, lighting, and age. We have developed the FACELOCK security system based on our face recognition methods. Our methods are robust for various facial appearances except facial pose. Our system consists of clients and a server. The client communicates with the server through our protocol over a LAN. Users of our system do not need to be careful about their facial appearance.

  1. Access to Network Login by Three-Factor Authentication for Effective Information Security

    PubMed Central

    Vaithyasubramanian, S.; Christy, A.; Saravanan, D.

    2016-01-01

    Today's technology development in the field of computer along with internet of things made huge difference in the transformation of our lives. Basic computer framework and web client need to make significant login signify getting to mail, long range interpersonal communication, internet keeping money, booking tickets, perusing online daily papers, and so forth. The login user name and secret key mapping validate if the logging user is the intended client. Secret key is assumed an indispensable part in security. The objective of MFA is to make a layered safeguard and make it more troublesome for an unauthenticated entity to get to an objective, for example, a physical area, processing gadget, system, or database. In the event that one element is bargained or broken, the assailant still has two more boundaries to rupture before effectively breaking into the objective. An endeavor has been made by utilizing three variable types of authentication. In this way managing additional secret key includes an additional layer of security. PMID:27006976

  2. Access to Network Login by Three-Factor Authentication for Effective Information Security.

    PubMed

    Vaithyasubramanian, S; Christy, A; Saravanan, D

    2016-01-01

    Today's technology development in the field of computer along with internet of things made huge difference in the transformation of our lives. Basic computer framework and web client need to make significant login signify getting to mail, long range interpersonal communication, internet keeping money, booking tickets, perusing online daily papers, and so forth. The login user name and secret key mapping validate if the logging user is the intended client. Secret key is assumed an indispensable part in security. The objective of MFA is to make a layered safeguard and make it more troublesome for an unauthenticated entity to get to an objective, for example, a physical area, processing gadget, system, or database. In the event that one element is bargained or broken, the assailant still has two more boundaries to rupture before effectively breaking into the objective. An endeavor has been made by utilizing three variable types of authentication. In this way managing additional secret key includes an additional layer of security. PMID:27006976

  3. Automatic public access to documents and maps stored on and internal secure system.

    NASA Astrophysics Data System (ADS)

    Trench, James; Carter, Mary

    2013-04-01

    The Geological Survey of Ireland operates a Document Management System for providing documents and maps stored internally in high resolution and in a high level secure environment, to an external service where the documents are automatically presented in a lower resolution to members of the public. Security is devised through roles and Individual Users where role level and folder level can be set. The application is an electronic document/data management (EDM) system which has a Geographical Information System (GIS) component integrated to allow users to query an interactive map of Ireland for data that relates to a particular area of interest. The data stored in the database consists of Bedrock Field Sheets, Bedrock Notebooks, Bedrock Maps, Geophysical Surveys, Geotechnical Maps & Reports, Groundwater, GSI Publications, Marine, Mine Records, Mineral Localities, Open File, Quaternary and Unpublished Reports. The Konfig application Tool is both an internal and public facing application. It acts as a tool for high resolution data entry which are stored in a high resolution vault. The public facing application is a mirror of the internal application and differs only in that the application furnishes high resolution data into low resolution format which is stored in a low resolution vault thus, making the data web friendly to the end user for download.

  4. A Security Framework for Online Distance Learning and Training.

    ERIC Educational Resources Information Center

    Furnell, S. M.; Onions, P. D.; Bleimann, U.; Gojny, U.; Knahl, M.; Roder, H. F.; Sanders, P. W.

    1998-01-01

    Presents a generic reference model for online distance learning and discusses security issues for each stage (enrollment, study, completion, termination, suspension). Discusses a security framework (authentication and accountability, access control, intrusion detection, network communications, nonrepudiation, learning resources provider…

  5. 10 CFR 20.1602 - Control of access to very high radiation areas.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... 10 Energy 1 2010-01-01 2010-01-01 false Control of access to very high radiation areas. 20.1602 Section 20.1602 Energy NUCLEAR REGULATORY COMMISSION STANDARDS FOR PROTECTION AGAINST RADIATION Control of Exposure From External Sources in Restricted Areas § 20.1602 Control of access to very high radiation...

  6. 10 CFR 20.1602 - Control of access to very high radiation areas.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 10 Energy 1 2011-01-01 2011-01-01 false Control of access to very high radiation areas. 20.1602 Section 20.1602 Energy NUCLEAR REGULATORY COMMISSION STANDARDS FOR PROTECTION AGAINST RADIATION Control of Exposure From External Sources in Restricted Areas § 20.1602 Control of access to very high radiation...

  7. 10 CFR 20.1602 - Control of access to very high radiation areas.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 10 Energy 1 2012-01-01 2012-01-01 false Control of access to very high radiation areas. 20.1602 Section 20.1602 Energy NUCLEAR REGULATORY COMMISSION STANDARDS FOR PROTECTION AGAINST RADIATION Control of Exposure From External Sources in Restricted Areas § 20.1602 Control of access to very high radiation...

  8. 10 CFR 20.1601 - Control of access to high radiation areas.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... 10 Energy 1 2013-01-01 2013-01-01 false Control of access to high radiation areas. 20.1601 Section 20.1601 Energy NUCLEAR REGULATORY COMMISSION STANDARDS FOR PROTECTION AGAINST RADIATION Control of Exposure From External Sources in Restricted Areas § 20.1601 Control of access to high radiation areas....

  9. 10 CFR 20.1601 - Control of access to high radiation areas.

    Code of Federal Regulations, 2010 CFR

    2010-01-01

    ... 10 Energy 1 2010-01-01 2010-01-01 false Control of access to high radiation areas. 20.1601 Section 20.1601 Energy NUCLEAR REGULATORY COMMISSION STANDARDS FOR PROTECTION AGAINST RADIATION Control of Exposure From External Sources in Restricted Areas § 20.1601 Control of access to high radiation areas....

  10. 10 CFR 20.1602 - Control of access to very high radiation areas.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 10 Energy 1 2014-01-01 2014-01-01 false Control of access to very high radiation areas. 20.1602 Section 20.1602 Energy NUCLEAR REGULATORY COMMISSION STANDARDS FOR PROTECTION AGAINST RADIATION Control of Exposure From External Sources in Restricted Areas § 20.1602 Control of access to very high radiation...

  11. 10 CFR 20.1602 - Control of access to very high radiation areas.

    Code of Federal Regulations, 2013 CFR

    2013-01-01

    ... 10 Energy 1 2013-01-01 2013-01-01 false Control of access to very high radiation areas. 20.1602 Section 20.1602 Energy NUCLEAR REGULATORY COMMISSION STANDARDS FOR PROTECTION AGAINST RADIATION Control of Exposure From External Sources in Restricted Areas § 20.1602 Control of access to very high radiation...

  12. 10 CFR 20.1601 - Control of access to high radiation areas.

    Code of Federal Regulations, 2014 CFR

    2014-01-01

    ... 10 Energy 1 2014-01-01 2014-01-01 false Control of access to high radiation areas. 20.1601 Section 20.1601 Energy NUCLEAR REGULATORY COMMISSION STANDARDS FOR PROTECTION AGAINST RADIATION Control of Exposure From External Sources in Restricted Areas § 20.1601 Control of access to high radiation areas....

  13. 10 CFR 20.1601 - Control of access to high radiation areas.

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ... 10 Energy 1 2011-01-01 2011-01-01 false Control of access to high radiation areas. 20.1601 Section 20.1601 Energy NUCLEAR REGULATORY COMMISSION STANDARDS FOR PROTECTION AGAINST RADIATION Control of Exposure From External Sources in Restricted Areas § 20.1601 Control of access to high radiation areas....

  14. 10 CFR 20.1601 - Control of access to high radiation areas.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... 10 Energy 1 2012-01-01 2012-01-01 false Control of access to high radiation areas. 20.1601 Section 20.1601 Energy NUCLEAR REGULATORY COMMISSION STANDARDS FOR PROTECTION AGAINST RADIATION Control of Exposure From External Sources in Restricted Areas § 20.1601 Control of access to high radiation areas....

  15. 75 FR 4007 - Risk Management Controls for Brokers or Dealers With Market Access

    Federal Register 2010, 2011, 2012, 2013, 2014

    2010-01-26

    .... See, e.g., Carol E. Curtis, Aite: More Oversight Inevitable for Sponsored Access, Securities Industry.... 40354 (August 24, 1998), 63 FR 46264 (August 31, 1998) (NASD NTM-98-66). Certain market participants may..., proprietary trading strategies, and reduce trading costs by lowering operational costs,\\7\\ commissions,...

  16. 21 CFR 1311.130 - Requirements for establishing logical access control-Institutional practitioner.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 21 Food and Drugs 9 2010-04-01 2010-04-01 false Requirements for establishing logical access...) Electronic Prescriptions § 1311.130 Requirements for establishing logical access control—Institutional... practitioner that enters permissions for logical access controls into the application. The...

  17. 21 CFR 1311.125 - Requirements for establishing logical access control-Individual practitioner.

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 21 Food and Drugs 9 2010-04-01 2010-04-01 false Requirements for establishing logical access... Prescriptions § 1311.125 Requirements for establishing logical access control—Individual practitioner. (a) At... his two-factor authentication credential to satisfy the logical access controls. The second...

  18. Broadband passive optical network media access control protocols

    NASA Astrophysics Data System (ADS)

    Quayle, Alan

    1996-11-01

    Most telecommunication operators are currently deciding on how to respond to customers' needs stimulated by the synergy between compression coding of multimedia and the emergence of broadband digital networks. This paper describes a range of broadband access architectures under consideration in the full services access network initiative. All architectures have a common requirement for a broadband ATM PON. A common broadband PON applicable to many operators increases the world-wide market for the product. With greater production volumes manufacturers' costs reduce because of the experience curve effect making broadband access systems economic.

  19. Preserving Smart Objects Privacy through Anonymous and Accountable Access Control for a M2M-Enabled Internet of Things

    PubMed Central

    Hernández-Ramos, José L.; Bernabe, Jorge Bernal; Moreno, M. Victoria; Skarmeta, Antonio F.

    2015-01-01

    As we get into the Internet of Things era, security and privacy concerns remain as the main obstacles in the development of innovative and valuable services to be exploited by society. Given the Machine-to-Machine (M2M) nature of these emerging scenarios, the application of current privacy-friendly technologies needs to be reconsidered and adapted to be deployed in such global ecosystem. This work proposes different privacy-preserving mechanisms through the application of anonymous credential systems and certificateless public key cryptography. The resulting alternatives are intended to enable an anonymous and accountable access control approach to be deployed on large-scale scenarios, such as Smart Cities. Furthermore, the proposed mechanisms have been deployed on constrained devices, in order to assess their suitability for a secure and privacy-preserving M2M-enabled Internet of Things. PMID:26140349

  20. Preserving Smart Objects Privacy through Anonymous and Accountable Access Control for a M2M-Enabled Internet of Things.

    PubMed

    Hernández-Ramos, José L; Bernabe, Jorge Bernal; Moreno, M Victoria; Skarmeta, Antonio F

    2015-07-01

    As we get into the Internet of Things era, security and privacy concerns remain as the main obstacles in the development of innovative and valuable services to be exploited by society. Given the Machine-to-Machine (M2M) nature of these emerging scenarios, the application of current privacy-friendly technologies needs to be reconsidered and adapted to be deployed in such global ecosystem. This work proposes different privacy-preserving mechanisms through the application of anonymous credential systems and certificateless public key cryptography. The resulting alternatives are intended to enable an anonymous and accountable access control approach to be deployed on large-scale scenarios, such as Smart Cities. Furthermore, the proposed mechanisms have been deployed on constrained devices, in order to assess their suitability for a secure and privacy-preserving M2M-enabled Internet of Things.

  1. Preserving Smart Objects Privacy through Anonymous and Accountable Access Control for a M2M-Enabled Internet of Things.

    PubMed

    Hernández-Ramos, José L; Bernabe, Jorge Bernal; Moreno, M Victoria; Skarmeta, Antonio F

    2015-01-01

    As we get into the Internet of Things era, security and privacy concerns remain as the main obstacles in the development of innovative and valuable services to be exploited by society. Given the Machine-to-Machine (M2M) nature of these emerging scenarios, the application of current privacy-friendly technologies needs to be reconsidered and adapted to be deployed in such global ecosystem. This work proposes different privacy-preserving mechanisms through the application of anonymous credential systems and certificateless public key cryptography. The resulting alternatives are intended to enable an anonymous and accountable access control approach to be deployed on large-scale scenarios, such as Smart Cities. Furthermore, the proposed mechanisms have been deployed on constrained devices, in order to assess their suitability for a secure and privacy-preserving M2M-enabled Internet of Things. PMID:26140349

  2. IT Security Support for the Spaceport Command Control Systems Development Ground Support Development Operations

    NASA Technical Reports Server (NTRS)

    Branch, Drew A.

    2014-01-01

    Security is one of the most if not the most important areas today. After the several attacks on the United States, security everywhere has heightened from airports to the communication among the military branches legionnaires. With advanced persistent threats (APT's) on the rise following Stuxnet, government branches and agencies are required, more than ever, to follow several standards, policies and procedures to reduce the likelihood of a breach. Attack vectors today are very advanced and are going to continue to get more and more advanced as security controls advance. This creates a need for networks and systems to be in an updated and secured state in a launch control system environment. FISMA is a law that is mandated by the government to follow when government agencies secure networks and devices. My role on this project is to ensure network devices and systems are in compliance with NIST, as outlined in FISMA. I will achieve this by providing assistance with security plan documentation and collection, system hardware and software inventory, malicious code and malware scanning, and configuration of network devices i.e. routers and IDS's/IPS's. In addition, I will be completing security assessments on software and hardware, vulnerability assessments and reporting, and conducting patch management and risk assessments. A guideline that will help with compliance with NIST is the SANS Top 20 Critical Controls. SANS Top 20 Critical Controls as well as numerous security tools, security software and the conduction of research will be used to successfully complete the tasks given to me. This will ensure compliance with FISMA and NIST, secure systems and a secured network. By the end of this project, I hope to have carried out the tasks stated above as well as gain an immense knowledge about compliance, security tools, networks and network devices, as well as policies and procedures.

  3. IT Security Support for the Spaceport Command Control Systems Development Ground Support Development Operations

    NASA Technical Reports Server (NTRS)

    Branch, Drew

    2013-01-01

    Security is one of the most if not the most important areas today. After the several attacks on the United States, security everywhere was heightened from Airports to the communication among the military branches legionnaires. With advanced persistent threats (APTs) on the rise following Stuxnet, government branches and agencies are required, more than ever, to follow several standards, policies and procedures to reduce the likelihood of a breach. Attack vectors today are very advanced and are going to continue to get more and more advanced as security controls advance. This creates a need for networks and systems to be in an updated and secured state in a launch control system environment. FISMA is a law that is mandated by the government to follow when government agencies secure networks and devices. My role on this project is to ensure network devices and systems are in compliance with NIST, as outlined in FISMA. I will achieve this by providing assistance with security plan documentation and collection, system hardware and software inventory, malicious code and malware scanning and configuration of network devices i.e. routers and IDSsIPSs. In addition I will be completing security assessments on software and hardware, vulnerability assessments and reporting, conducting patch management and risk assessments. A guideline that will help with compliance with NIST is the SANS Top 20 Critical Controls. SANS Top 20 Critical Controls as well as numerous security tools, security software and the conduction of research will be used to successfully complete the tasks given to me. This will ensure compliance with FISMA and NIST, secure systems and a secured network. By the end of this project, I hope to have carried out stated above as well as gain an immense knowledge about compliance, security tools, networks and network devices, policies and procedures.

  4. Equity in access to health care provision under the medicare security for small scale entrepreneurs in Dar es Salaam.

    PubMed

    Urassa, J A E

    2012-03-01

    The main objective of this study was to assess equity in access to health care provision under the Medicare Security for Small Scale Entrepreneurs (SSE). Methodological triangulation was used to an exploratory and randomized cross- sectional study in order to supplement information on the topic under investigation. Questionnaires were administered to 281 respondents and 6 Focus Group Discussions (FGDs) were held with males and females. Documentary review was also used. For quantitative aspect of the study, significant associations were measured using confidence intervals (95% CI) testing. Qualitative data were analyzed with assistance of Open code software. The results show that inequalities in access to health care services were found in respect to affordability of medical care costs, distance from home to health facilities, availability of drugs as well as medical equipments and supplies. As the result of existing inequalities some of clients were not satisfied with the provided health services. The study concludes by drawing policy and research implications of the findings. PMID:23120940

  5. Management of Control System Information SecurityI: Control System Patch Management

    SciTech Connect

    Quanyan Zhu; Miles McQueen; Craig Rieger; Tamer Basar

    2011-09-01

    The use of information technologies in control systems poses additional potential threats due to the frequent disclosure of software vulnerabilities. The management of information security involves a series of policy-making on the vulnerability discovery, disclosure, patch development and patching. In this paper, we use a system approach to devise a model to understand the interdependencies of these decision processes. In more details, we establish a theoretical framework for making patching decision for control systems, taking into account the requirement of functionability of control systems. We illustrate our results with numerical simulations and show that the optimal operation period of control systems given the currently estimated attack rate is roughly around a half a month.

  6. Main control computer security model of closed network systems protection against cyber attacks

    NASA Astrophysics Data System (ADS)

    Seymen, Bilal

    2014-06-01

    The model that brings the data input/output under control in closed network systems, that maintains the system securely, and that controls the flow of information through the Main Control Computer which also brings the network traffic under control against cyber-attacks. The network, which can be controlled single-handedly thanks to the system designed to enable the network users to make data entry into the system or to extract data from the system securely, intends to minimize the security gaps. Moreover, data input/output record can be kept by means of the user account assigned for each user, and it is also possible to carry out retroactive tracking, if requested. Because the measures that need to be taken for each computer on the network regarding cyber security, do require high cost; it has been intended to provide a cost-effective working environment with this model, only if the Main Control Computer has the updated hardware.

  7. Making the Grade with School Security.

    ERIC Educational Resources Information Center

    Fickes, Michael

    2000-01-01

    Shows how technology is helping school security directors prevent violence and protect students. One school's use of a state-of-the-art security system involving closed-circuit television, access control for doors, vehicles equipped with global positioning technology, and hand-held computers for security officers is discussed. (GR)

  8. A revised controlled deterministic secure quantum communication with five-photon entangled state

    NASA Astrophysics Data System (ADS)

    Xiu, Xiao-Ming; Dong, Li; Gao, Ya-Jun; Chi, Feng; Ren, Yuan-Peng; Liu, Hui-Wei

    2010-01-01

    A revised controlled deterministic secure quantum communication protocol using five-photon entangled state is proposed. It amends the security loopholes pointed by Qin et al. in [S.J. Qin, Q.Y. Wen, L.M. Meng, F.C. Zhu, Opt. Commun. 282 (2009) 2656] in the original protocol proposed by Xiu et al. in [X.M. Xiu, L. Dong, Y.J. Gao, F. Chi, Opt. Commun. 282 (2009) 333]. The security loopholes are solved by using order rearrangement of transmission photons and two-step security test.

  9. Autonomous Information Unit for Fine-Grain Data Access Control and Information Protection in a Net-Centric System

    NASA Technical Reports Server (NTRS)

    Chow, Edward T.; Woo, Simon S.; James, Mark; Paloulian, George K.

    2012-01-01

    As communication and networking technologies advance, networks will become highly complex and heterogeneous, interconnecting different network domains. There is a need to provide user authentication and data protection in order to further facilitate critical mission operations, especially in the tactical and mission-critical net-centric networking environment. The Autonomous Information Unit (AIU) technology was designed to provide the fine-grain data access and user control in a net-centric system-testing environment to meet these objectives. The AIU is a fundamental capability designed to enable fine-grain data access and user control in the cross-domain networking environments, where an AIU is composed of the mission data, metadata, and policy. An AIU provides a mechanism to establish trust among deployed AIUs based on recombining shared secrets, authentication and verify users with a username, X.509 certificate, enclave information, and classification level. AIU achieves data protection through (1) splitting data into multiple information pieces using the Shamir's secret sharing algorithm, (2) encrypting each individual information piece using military-grade AES-256 encryption, and (3) randomizing the position of the encrypted data based on the unbiased and memory efficient in-place Fisher-Yates shuffle method. Therefore, it becomes virtually impossible for attackers to compromise data since attackers need to obtain all distributed information as well as the encryption key and the random seeds to properly arrange the data. In addition, since policy can be associated with data in the AIU, different user access and data control strategies can be included. The AIU technology can greatly enhance information assurance and security management in the bandwidth-limited and ad hoc net-centric environments. In addition, AIU technology can be applicable to general complex network domains and applications where distributed user authentication and data protection are

  10. Poverty, food security and universal access to sexual and reproductive health services: a call for cross-movement advocacy against neoliberal globalisation.

    PubMed

    Sundari Ravindran, T K

    2014-05-01

    Universal access to sexual and reproductive health services is one of the goals of the International Conference on Population and Development of 1994. The Millennium Development Goals were intended above all to end poverty. Universal access to health and health services are among the goals being considered for the post-2015 agenda, replacing or augmenting the MDGs. Yet we are not only far from reaching any of these goals but also appear to have lost our way somewhere along the line. Poverty and lack of food security have, through their multiple linkages to health and access to health care, deterred progress towards universal access to health services, including for sexual and reproductive health needs. A more insidious influence is neoliberal globalisation. This paper describes neoliberal globalisation and the economic policies it has engendered, the ways in which it influences poverty and food security, and the often unequal impact it has had on women as compared to men. It explores the effects of neoliberal economic policies on health, health systems, and universal access to health care services, and the implications for access to sexual and reproductive health. To be an advocate for universal access to health and health care is to become an advocate against neoliberal globalisation. PMID:24908453

  11. Poverty, food security and universal access to sexual and reproductive health services: a call for cross-movement advocacy against neoliberal globalisation.

    PubMed

    Sundari Ravindran, T K

    2014-05-01

    Universal access to sexual and reproductive health services is one of the goals of the International Conference on Population and Development of 1994. The Millennium Development Goals were intended above all to end poverty. Universal access to health and health services are among the goals being considered for the post-2015 agenda, replacing or augmenting the MDGs. Yet we are not only far from reaching any of these goals but also appear to have lost our way somewhere along the line. Poverty and lack of food security have, through their multiple linkages to health and access to health care, deterred progress towards universal access to health services, including for sexual and reproductive health needs. A more insidious influence is neoliberal globalisation. This paper describes neoliberal globalisation and the economic policies it has engendered, the ways in which it influences poverty and food security, and the often unequal impact it has had on women as compared to men. It explores the effects of neoliberal economic policies on health, health systems, and universal access to health care services, and the implications for access to sexual and reproductive health. To be an advocate for universal access to health and health care is to become an advocate against neoliberal globalisation.

  12. An efficient key-management scheme for hierarchical access control in e-medicine system.

    PubMed

    Wu, Shuhua; Chen, Kefei

    2012-08-01

    In e-medicine system, the sharing of patients' medical histories scattered among medical institutions through the Internet is highly desirable. The most immediate cryptographic need certainly is an efficient key management method to solve dynamic access problems in a user hierarchy. In this paper, we propose a practical solution for dynamic access problem in a user hierarchy based on hybrid cryptosystems. When compared with Nikooghadam et al.'s scheme proposed most recently, the time complexity and the required storage space is reduced significantly. Moreover, it provides provable security, and is easy to implement. Therefore, our scheme is more suitable for e-medicine system.

  13. Environmental Assessment for Proposed Access Control and Traffic Improvements at Los Alamos National Laboratory, Los Alamos, New Mexico

    SciTech Connect

    N /A

    2002-08-23

    The National Nuclear Security Administration (NNSA) has assigned a continuing role to Los Alamos National Laboratory (LANL) in carrying out NNSA's national security mission. It is imperative that LANL continue this enduring responsibility and that NNSA adequately safeguard LANL capabilities. NNSA has identified the need to restrict vehicular access to certain areas within LANL for the purpose of permanently enhancing the physical security environment at LANL. It has also identified the need to change certain traffic flow patterns for the purpose of enhancing physical safety at LANL. The Proposed Action would include the construction of eastern and western bypass roads around the LANL Technical Area (TA) 3 area and the installation of vehicle access controls and related improvements to enhance security along Pajarito Road and in the LANL core area. This Proposed Action would modify the current roadway network and traffic patterns. It would also result in traversing Areas of Environmental Interest identified in the LANL Habitat Management Plan, demolition of part of an historic structure at Building 3-40, and traversing several potential release sites and part of the Los Alamos County landfill. The No Action Alternative was also considered. Under this alternative NNSA would not construct the eastern or western bypass roads, any access-control stations, or related improvements. Diamond Drive would continue to serve as the primary conduit for most vehicle traffic within the LANL core area regardless of actual trip destinations. The No Action Alternative does not meet NNSA's purpose and need for action. The proposed bypass road corridors traverse both developed and undeveloped areas. Several potential release sites are present. These would either be sampled and remediated in accordance with New Mexico Environment Department requirements before construction or avoided to allow for future remediation. In some cases, contaminant levels may fall below remediation thresholds

  14. Proximity-based access control for context-sensitive information provision in SOA-based systems

    NASA Astrophysics Data System (ADS)

    Rajappan, Gowri; Wang, Xiaofei; Grant, Robert; Paulini, Matthew

    2014-06-01

    Service Oriented Architecture (SOA) has enabled open-architecture integration of applications within an enterprise. For net-centric Command and Control (C2), this elucidates information sharing between applications and users, a critical requirement for mission success. The Information Technology (IT) access control schemes, which arbitrate who gets access to what information, do not yet have the contextual knowledge to dynamically allow this information sharing to happen dynamically. The access control might prevent legitimate users from accessing information relevant to the current mission context, since this context may be very different from the context for which the access privileges were configured. We evaluate a pair of data relevance measures - proximity and risk - and use these as the basis of dynamic access control. Proximity is a measure of the strength of connection between the user and the resource. However, proximity is not sufficient, since some data might have a negative impact, if leaked, which far outweighs importance to the subject's mission. For this, we use a risk measure to quantify the downside of data compromise. Given these contextual measures of proximity and risk, we investigate extending Attribute-Based Access Control (ABAC), which is used by the Department of Defense, and Role-Based Access Control (RBAC), which is widely used in the civilian market, so that these standards-based access control models are given contextual knowledge to enable dynamic information sharing. Furthermore, we consider the use of such a contextual access control scheme in a SOA-based environment, in particular for net-centric C2.

  15. Issues in Public Access: The Solomons Conferences.

    ERIC Educational Resources Information Center

    Sprehe, J. Timothy

    1993-01-01

    Reports on conferences held by federal agencies in 1991 and 1992 that addressed issues of public access to electronic government information. Topics discussed include agency information dissemination programs; public access to federal computers; security controls; and user charges. A working draft policy framework on public access to government…

  16. Control and Non-Payload Communications (CNPC) Prototype Radio - Generation 2 Security Flight Test Report

    NASA Technical Reports Server (NTRS)

    Iannicca, Dennis C.; Ishac, Joseph A.; Shalkhauser, Kurt A.

    2015-01-01

    NASA Glenn Research Center (GRC), in cooperation with Rockwell Collins, is working to develop a prototype Control and Non-Payload Communications (CNPC) radio platform as part of NASA Integrated Systems Research Program's (ISRP) Unmanned Aircraft Systems (UAS) Integration in the National Airspace System (NAS) project. A primary focus of the project is to work with the Federal Aviation Administration (FAA) and industry standards bodies to build and demonstrate a safe, secure, and efficient CNPC architecture that can be used by industry to evaluate the feasibility of deploying a system using these technologies in an operational capacity. GRC has been working in conjunction with these groups to assess threats, identify security requirements, and to develop a system of standards-based security controls that can be applied to the GRC prototype CNPC architecture as a demonstration platform. The proposed security controls were integrated into the GRC flight test system aboard our S-3B Viking surrogate aircraft and several network tests were conducted during a flight on November 15th, 2014 to determine whether the controls were working properly within the flight environment. The flight test was also the first to integrate Robust Header Compression (ROHC) as a means of reducing the additional overhead introduced by the security controls and Mobile IPv6. The effort demonstrated the complete end-to-end secure CNPC link in a relevant flight environment.

  17. Fertility Effects of Abortion and Birth Control Pill Access for Minors

    PubMed Central

    GULDI, MELANIE

    2008-01-01

    This article empirically assesses whether age-restricted access to abortion and the birth control pill influence minors’ fertility in the United States. There is not a strong consensus in previous literature regarding the relationship between laws restricting minors’ access to abortion and minors’ birthrates. This is the first study to recognize that state laws in place prior to the 1973 Roe v. Wade decision enabled minors to legally consent to surgical treatment—including abortion—in some states but not in others, and to construct abortion access variables reflecting this. In this article, age-specific policy variables measure either a minor’s legal ability to obtain an abortion or to obtain the birth control pill without parental involvement. I find fairly strong evidence that young women’s birthrates dropped as a result of abortion access as well as evidence that birth control pill access led to a drop in birthrates among whites. PMID:19110899

  18. 21 CFR 1301.74 - Other security controls for non-practitioners; narcotic treatment programs and compounders for...

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 21 Food and Drugs 9 2014-04-01 2014-04-01 false Other security controls for non-practitioners; narcotic treatment programs and compounders for narcotic treatment programs. 1301.74 Section 1301.74 Food..., DISTRIBUTORS, AND DISPENSERS OF CONTROLLED SUBSTANCES Security Requirements § 1301.74 Other security...

  19. 21 CFR 1301.74 - Other security controls for non-practitioners; narcotic treatment programs and compounders for...

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 21 Food and Drugs 9 2012-04-01 2012-04-01 false Other security controls for non-practitioners; narcotic treatment programs and compounders for narcotic treatment programs. 1301.74 Section 1301.74 Food..., DISTRIBUTORS, AND DISPENSERS OF CONTROLLED SUBSTANCES Security Requirements § 1301.74 Other security...

  20. 21 CFR 1301.74 - Other security controls for non-practitioners; narcotic treatment programs and compounders for...

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 21 Food and Drugs 9 2013-04-01 2013-04-01 false Other security controls for non-practitioners; narcotic treatment programs and compounders for narcotic treatment programs. 1301.74 Section 1301.74 Food..., DISTRIBUTORS, AND DISPENSERS OF CONTROLLED SUBSTANCES Security Requirements § 1301.74 Other security...

  1. 21 CFR 1301.74 - Other security controls for non-practitioners; narcotic treatment programs and compounders for...

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 21 Food and Drugs 9 2010-04-01 2010-04-01 false Other security controls for non-practitioners; narcotic treatment programs and compounders for narcotic treatment programs. 1301.74 Section 1301.74 Food..., DISTRIBUTORS, AND DISPENSERS OF CONTROLLED SUBSTANCES Security Requirements § 1301.74 Other security...

  2. 21 CFR 1301.74 - Other security controls for non-practitioners; narcotic treatment programs and compounders for...

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 21 Food and Drugs 9 2011-04-01 2011-04-01 false Other security controls for non-practitioners; narcotic treatment programs and compounders for narcotic treatment programs. 1301.74 Section 1301.74 Food..., DISTRIBUTORS, AND DISPENSERS OF CONTROLLED SUBSTANCES Security Requirements § 1301.74 Other security...

  3. A contextual role-based access control authorization model for electronic patient record.

    PubMed

    Motta, Gustavo H M B; Furuie, Sergio S

    2003-09-01

    The design of proper models for authorization and access control for electronic patient record (EPR) is essential to a wide scale use of EPR in large health organizations. In this paper, we propose a contextual role-based access control authorization model aiming to increase the patient privacy and the confidentiality of patient data, whereas being flexible enough to consider specific cases. This model regulates user's access to EPR based on organizational roles. It supports a role-tree hierarchy with authorization inheritance; positive and negative authorizations; static and dynamic separation of duties based on weak and strong role conflicts. Contextual authorizations use environmental information available at access time, like user/patient relationship, in order to decide whether a user is allowed to access an EPR resource. This enables the specification of a more flexible and precise authorization policy, where permission is granted or denied according to the right and the need of the user to carry out a particular job function.

  4. 45 CFR Appendix A to Subpart C of... - Security Standards: Matrix

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... Other Arrangement (R) Physical Safeguards Facility Access Controls 164.310(a)(1) Contingency Operations (A) Facility Security Plan (A) Access Control and Validation Procedures (A) Maintenance Records (A... § 164.312) Access Control 164.312(a)(1) Unique User Identification (R) Emergency Access Procedure...

  5. 76 FR 38293 - Risk Management Controls for Brokers or Dealers With Market Access

    Federal Register 2010, 2011, 2012, 2013, 2014

    2011-06-30

    ... COMMISSION 17 CFR Part 240 RIN 3235-AK53 Risk Management Controls for Brokers or Dealers With Market Access... establish, document, and maintain a system of risk management controls and supervisory procedures that... develop, test, and implement the relevant risk management controls and supervisory procedures...

  6. The Security Continuum.

    ERIC Educational Resources Information Center

    Thompson, Ian

    2002-01-01

    Discusses the creation of a comprehensive security strategy for schools, including the importance of tailoring it to a specific school's mission and culture. Describes three classes of tactics (natural, organized, and technical) which can be chosen to implement the strategy. Discusses access control as an example of how strategies and tactics…

  7. Security at a "model" psychiatric center.

    PubMed

    Camacho, H S; Cottrell, P A

    1997-01-01

    The security problems faced by a recently opened psychiatric center located on the campus of a hospital--including staffing, fire safety, access control, patient restraints, and budget cuts--and how they are being dealt with. PMID:10173429

  8. A Healthy Approach to Fitness Center Security.

    ERIC Educational Resources Information Center

    Sturgeon, Julie

    2000-01-01

    Examines techniques for keeping college fitness centers secure while maintaining an inviting atmosphere. Building access control, preventing locker room theft, and suppressing causes for physical violence are discussed. (GR)

  9. Cognitive Control and Lexical Access in Younger and Older Bilinguals

    ERIC Educational Resources Information Center

    Bialystok, Ellen; Craik, Fergus; Luk, Gigi

    2008-01-01

    Ninety-six participants, who were younger (20 years) or older (68 years) adults and either monolingual or bilingual, completed tasks assessing working memory, lexical retrieval, and executive control. Younger participants performed most of the tasks better than older participants, confirming the effect of aging on these processes. The effect of…

  10. A Framework for Translating a High Level Security Policy into Low Level Security Mechanisms

    NASA Astrophysics Data System (ADS)

    Hassan, Ahmed A.; Bahgat, Waleed M.

    2010-01-01

    Security policies have different components; firewall, active directory, and IDS are some examples of these components. Enforcement of network security policies to low level security mechanisms faces some essential difficulties. Consistency, verification, and maintenance are the major ones of these difficulties. One approach to overcome these difficulties is to automate the process of translation of high level security policy into low level security mechanisms. This paper introduces a framework of an automation process that translates a high level security policy into low level security mechanisms. The framework is described in terms of three phases; in the first phase all network assets are categorized according to their roles in the network security and relations between them are identified to constitute the network security model. This proposed model is based on organization based access control (OrBAC). However, the proposed model extend the OrBAC model to include not only access control policy but also some other administrative security policies like auditing policy. Besides, the proposed model enables matching of each rule of the high level security policy with the corresponding ones of the low level security policy. Through the second phase of the proposed framework, the high level security policy is mapped into the network security model. The second phase could be considered as a translation of the high level security policy into an intermediate model level. Finally, the intermediate model level is translated automatically into low level security mechanism. The paper illustrates the applicability of proposed approach through an application example.

  11. A Game-Theoretical Approach to Multimedia Social Networks Security

    PubMed Central

    Liu, Enqiang; Liu, Zengliang; Shao, Fei; Zhang, Zhiyong

    2014-01-01

    The contents access and sharing in multimedia social networks (MSNs) mainly rely on access control models and mechanisms. Simple adoptions of security policies in the traditional access control model cannot effectively establish a trust relationship among parties. This paper proposed a novel two-party trust architecture (TPTA) to apply in a generic MSN scenario. According to the architecture, security policies are adopted through game-theoretic analyses and decisions. Based on formalized utilities of security policies and security rules, the choice of security policies in content access is described as a game between the content provider and the content requester. By the game method for the combination of security policies utility and its influences on each party's benefits, the Nash equilibrium is achieved, that is, an optimal and stable combination of security policies, to establish and enhance trust among stakeholders. PMID:24977226

  12. A game-theoretical approach to multimedia social networks security.

    PubMed

    Liu, Enqiang; Liu, Zengliang; Shao, Fei; Zhang, Zhiyong

    2014-01-01

    The contents access and sharing in multimedia social networks (MSNs) mainly rely on access control models and mechanisms. Simple adoptions of security policies in the traditional access control model cannot effectively establish a trust relationship among parties. This paper proposed a novel two-party trust architecture (TPTA) to apply in a generic MSN scenario. According to the architecture, security policies are adopted through game-theoretic analyses and decisions. Based on formalized utilities of security policies and security rules, the choice of security policies in content access is described as a game between the content provider and the content requester. By the game method for the combination of security policies utility and its influences on each party's benefits, the Nash equilibrium is achieved, that is, an optimal and stable combination of security policies, to establish and enhance trust among stakeholders.

  13. Fingerprint authentication via joint transform correlator and its application in remote access control of a 3D microscopic system

    NASA Astrophysics Data System (ADS)

    He, Wenqi; Lai, Hongji; Wang, Meng; Liu, Zeyi; Yin, Yongkai; Peng, Xiang

    2014-05-01

    We present a fingerprint authentication scheme based on the optical joint transform correlator (JTC) and further describe its application to the remote access control of a Network-based Remote Laboratory (NRL). It is built to share a 3D microscopy system of our realistic laboratory in Shenzhen University with the remote co-researchers in Stuttgart University. In this article, we would like to focus on the involved security issues, mainly on the verification of various remote visitors to our NRL. By making use of the JTC-based optical pattern recognition technique as well as the Personal Identification Number (PIN), we are able to achieve the aim of authentication and access control for any remote visitors. Note that only the authorized remote visitors could be guided to the Virtual Network Computer (VNC), a cross-platform software, which allows the remote visitor to access the desktop applications and visually manipulate the instruments of our NRL through the internet. Specifically to say, when a remote visitor attempts to access to our NRL, a PIN is mandatory required in advance, which is followed by fingerprint capturing and verification. Only if both the PIN and the fingerprint are correct, can one be regarded as an authorized visitor, and then he/she would get the authority to visit our NRL by the VNC. It is also worth noting that the aforementioned "two-step verification" strategy could be further applied to verify the identity levels of various remote visitors, and therefore realize the purpose of diversified visitor management.

  14. Evaluating Security Controls Based on Key Performance Indicators and Stakeholder Mission

    SciTech Connect

    Sheldon, Frederick T; Abercrombie, Robert K; Mili, Ali

    2008-01-01

    Good security metrics are required to make good decisions about how to design security countermeasures, to choose between alternative security architectures, and to improve security during operations. Therefore, in essence, measurement can be viewed as a decision aid. The lack of sound practical security metrics is severely hampering progress in the development of secure systems. The Cyberspace Security Econometrics System (CSES) offers the following advantages over traditional measurement systems: (1) CSES reflects the variances that exist amongst different stakeholders of the same system. Different stakeholders will typically attach different stakes to the same requirement or service (e.g., a service may be provided by an information technology system or process control system, etc.). (2) For a given stakeholder, CSES reflects the variance that may exist among the stakes she/he attaches to meeting each requirement. The same stakeholder may attach different stakes to satisfying different requirements within the overall system specification. (3) For a given compound specification (e.g., combination(s) of commercial off the shelf software and/or hardware), CSES reflects the variance that may exist amongst the levels of verification and validation (i.e., certification) performed on components of the specification. The certification activity may produce higher levels of assurance across different components of the specification than others. Consequently, this paper introduces the basis, objectives and capabilities for the CSES including inputs/outputs and the basic structural and mathematical underpinnings.

  15. Trust-Based Access Control Model from Sociological Approach in Dynamic Online Social Network Environment

    PubMed Central

    Kim, Seungjoo

    2014-01-01

    There has been an explosive increase in the population of the OSN (online social network) in recent years. The OSN provides users with many opportunities to communicate among friends and family. Further, it facilitates developing new relationships with previously unknown people having similar beliefs or interests. However, the OSN can expose users to adverse effects such as privacy breaches, the disclosing of uncontrolled material, and the disseminating of false information. Traditional access control models such as MAC, DAC, and RBAC are applied to the OSN to address these problems. However, these models are not suitable for the dynamic OSN environment because user behavior in the OSN is unpredictable and static access control imposes a burden on the users to change the access control rules individually. We propose a dynamic trust-based access control for the OSN to address the problems of the traditional static access control. Moreover, we provide novel criteria to evaluate trust factors such as sociological approach and evaluate a method to calculate the dynamic trust values. The proposed method can monitor negative behavior and modify access permission levels dynamically to prevent the indiscriminate disclosure of information. PMID:25374943

  16. Trust-based access control model from sociological approach in dynamic online social network environment.

    PubMed

    Baek, Seungsoo; Kim, Seungjoo

    2014-01-01

    There has been an explosive increase in the population of the OSN (online social network) in recent years. The OSN provides users with many opportunities to communicate among friends and family. Further, it facilitates developing new relationships with previously unknown people having similar beliefs or interests. However, the OSN can expose users to adverse effects such as privacy breaches, the disclosing of uncontrolled material, and the disseminating of false information. Traditional access control models such as MAC, DAC, and RBAC are applied to the OSN to address these problems. However, these models are not suitable for the dynamic OSN environment because user behavior in the OSN is unpredictable and static access control imposes a burden on the users to change the access control rules individually. We propose a dynamic trust-based access control for the OSN to address the problems of the traditional static access control. Moreover, we provide novel criteria to evaluate trust factors such as sociological approach and evaluate a method to calculate the dynamic trust values. The proposed method can monitor negative behavior and modify access permission levels dynamically to prevent the indiscriminate disclosure of information.

  17. Tailoring NIST Security Controls for the Ground System: Selection and Implementation -- Recommendations for Information System Owners

    NASA Technical Reports Server (NTRS)

    Takamura, Eduardo; Mangum, Kevin

    2016-01-01

    The National Aeronautics and Space Administration (NASA) invests millions of dollars in spacecraft and ground system development, and in mission operations in the pursuit of scientific knowledge of the universe. In recent years, NASA sent a probe to Mars to study the Red Planet's upper atmosphere, obtained high resolution images of Pluto, and it is currently preparing to find new exoplanets, rendezvous with an asteroid, and bring a sample of the asteroid back to Earth for analysis. The success of these missions is enabled by mission assurance. In turn, mission assurance is backed by information assurance. The information systems supporting NASA missions must be reliable as well as secure. NASA - like every other U.S. Federal Government agency - is required to manage the security of its information systems according to federal mandates, the most prominent being the Federal Information Security Management Act (FISMA) of 2002 and the legislative updates that followed it. Like the management of enterprise information technology (IT), federal information security management takes a "one-size fits all" approach for protecting IT systems. While this approach works for most organizations, it does not effectively translate into security of highly specialized systems such as those supporting NASA missions. These systems include command and control (C&C) systems, spacecraft and instrument simulators, and other elements comprising the ground segment. They must be carefully configured, monitored and maintained, sometimes for several years past the missions' initially planned life expectancy, to ensure the ground system is protected and remains operational without any compromise of its confidentiality, integrity and availability. Enterprise policies, processes, procedures and products, if not effectively tailored to meet mission requirements, may not offer the needed security for protecting the information system, and they may even become disruptive to mission operations

  18. Generalized access control strategies for integrated services token passing systems

    NASA Astrophysics Data System (ADS)

    Pang, Joseph W. M.; Tobagi, Fouad A.; Boyd, Stephen

    1994-08-01

    The demand for integrated services local area networks is increasing at a rapid pace with the advent of many new and exciting applications: office and factory automation, distributed computing, and multimedia communications. To support these new applications, it is imperative to integrate traffic with diverse statistical characteristics and differing delay requirements on the same network. An attractive approach for integrating traffic has been adopted in two token passing local area network standards, the IEEE 802.4 token bus standard and FDDI. The idea is to control the transmissions of each station based on a distributed timing algorithm, so as to achieve the following goals: (1) to limit the token cycles so that time-critical traffic can be accommodated, and (2) to allocate pre-specified bandwidths to different stations when the network is overloaded. We have investigated the analysis and design of this protocol. In this paper, we generalize the transmission control algorithm used previously. The major advantages of the generalization over the original protocol are: (1) it provides a much expanded design space, (2) it guarantees convergent behavior, and (3) it gives meaningful insights into the dynamics of the basic control algorithm.

  19. Security for safety critical space borne systems

    NASA Technical Reports Server (NTRS)

    Legrand, Sue

    1987-01-01

    The Space Station contains safety critical computer software components in systems that can affect life and vital property. These components require a multilevel secure system that provides dynamic access control of the data and processes involved. A study is under way to define requirements for a security model providing access control through level B3 of the Orange Book. The model will be prototyped at NASA-Johnson Space Center.

  20. Controlled quantum secure direct communication by entanglement distillation or generalized measurement

    NASA Astrophysics Data System (ADS)

    Tan, Xiaoqing; Zhang, Xiaoqian

    2016-05-01

    We propose two controlled quantum secure communication schemes by entanglement distillation or generalized measurement. The sender Alice, the receiver Bob and the controllers David and Cliff take part in the whole schemes. The supervisors David and Cliff can control the information transmitted from Alice to Bob by adjusting the local measurement angles θ _4 and θ _3. Bob can verify his secret information by classical one-way function after communication. The average amount of information is analyzed and compared for these two methods by MATLAB. The generalized measurement is a better scheme. Our schemes are secure against some well-known attacks because classical encryption and decoy states are used to ensure the security of the classical channel and the quantum channel.

  1. An action-based fine-grained access control mechanism for structured documents and its application.

    PubMed

    Su, Mang; Li, Fenghua; Tang, Zhi; Yu, Yinyan; Zhou, Bo

    2014-01-01

    This paper presents an action-based fine-grained access control mechanism for structured documents. Firstly, we define a describing model for structured documents and analyze the application scenarios. The describing model could support the permission management on chapters, pages, sections, words, and pictures of structured documents. Secondly, based on the action-based access control (ABAC) model, we propose a fine-grained control protocol for structured documents by introducing temporal state and environmental state. The protocol covering different stages from document creation, to permission specification and usage control are given by using the Z-notation. Finally, we give the implementation of our mechanism and make the comparisons between the existing methods and our mechanism. The result shows that our mechanism could provide the better solution of fine-grained access control for structured documents in complicated networks. Moreover, it is more flexible and practical.

  2. An Action-Based Fine-Grained Access Control Mechanism for Structured Documents and Its Application

    PubMed Central

    Su, Mang; Li, Fenghua; Tang, Zhi; Yu, Yinyan; Zhou, Bo

    2014-01-01

    This paper presents an action-based fine-grained access control mechanism for structured documents. Firstly, we define a describing model for structured documents and analyze the application scenarios. The describing model could support the permission management on chapters, pages, sections, words, and pictures of structured documents. Secondly, based on the action-based access control (ABAC) model, we propose a fine-grained control protocol for structured documents by introducing temporal state and environmental state. The protocol covering different stages from document creation, to permission specification and usage control are given by using the Z-notation. Finally, we give the implementation of our mechanism and make the comparisons between the existing methods and our mechanism. The result shows that our mechanism could provide the better solution of fine-grained access control for structured documents in complicated networks. Moreover, it is more flexible and practical. PMID:25136651

  3. Novel Multiparty Controlled Bidirectional Quantum Secure Direct Communication Based on Continuous-variable States

    NASA Astrophysics Data System (ADS)

    Yu, Zhen-Bo; Gong, Li-Hua; Wen, Ru-Hong

    2016-03-01

    A novel multiparty controlled bidirectional quantum secure direct communication protocol combining continuous-variable states with qubit block transmission is proposed. Two legitimate communication parties encode their own secret information into entangled optical modes with translation operations, and the secret information of each counterpart can only be recovered under the permission of all controllers. Due to continuous-variable states and block transmission strategy, the proposed protocol is easy to realize with perfect qubit efficiency. Security analyses show that the proposed protocol is free from common attacks, including the man-in-the-middle attack.

  4. Advanced Guidance and Control for Hypersonics and Space Access

    NASA Technical Reports Server (NTRS)

    Hanson, John M.; Hall, Charles E.; Mulqueen, John A.; Jones, Robert E.

    2003-01-01

    Advanced guidance and control (AG&C) technologies are critical for meeting safety, reliability, and cost requirements for the next generation of reusable launch vehicle (RLV), whether it is fully rocket-powered or has air- breathing components. This becomes clear upon examining the number of expendable launch vehicle failures in the recent past where AG&C technologies could have saved a RLV with the same failure mode, the additional vehicle problems where t h i s technology applies, and the costs and time associated with mission design with or without all these failure issues. The state-of-the-art in guidance and control technology, as well as in computing technology, is the point where we can look to the possibility of being able to safely return a RLV in any situation where it can physically be recovered. This paper outlines reasons for AWC, current technology efforts, and the additional work needed for making this goal a reality. There are a number of approaches to AG&C that have the potential for achieving the desired goals. For some of these methods, we compare the results of tests designed to demonstrate the achievement of the goals. Tests up to now have been focused on rocket-powered vehicles; application to hypersonic air-breathers is planned. We list the test cases used to demonstrate that the desired results are achieved, briefly describe an automated test scoring method, and display results of the tests. Some of the technology components have reached the maturity level where they are ready for application to a new vehicle concept, while others are not far along in development.

  5. 47 CFR Appendix B to Part 64 - Priority Access Service (PAS) for National Security and Emergency Preparedness (NSEP)

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... Security and Emergency Preparedness (NSEP) B Appendix B to Part 64 Telecommunication FEDERAL COMMUNICATIONS... Preparedness (NSEP) 1. Authority This appendix is issued pursuant to sections 1, 4(i), 201 through 205 and 303...; (d) National Coordinating Center; (e) National Security Emergency Preparedness...

  6. 47 CFR Appendix B to Part 64 - Priority Access Service (PAS) for National Security and Emergency Preparedness (NSEP)

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... Security and Emergency Preparedness (NSEP) B Appendix B to Part 64 Telecommunication FEDERAL COMMUNICATIONS... Preparedness (NSEP) 1. Authority This appendix is issued pursuant to sections 1, 4(i), 201 through 205 and 303...; (d) National Coordinating Center; (e) National Security Emergency Preparedness...

  7. NAC 2.0 — Unifying Network Security

    NASA Astrophysics Data System (ADS)

    Hanna, Stephen

    As information technology becomes more strategic and essential, access to networks and applications must be pervasive yet secure and controlled. The purpose of Network Access Control (NAC) has evolved beyond simply managing network access and ensuring endpoint policy compliance. NAC systems today must integrate with other network security components and increase their built-in capabilities to include support for intrusion detection, role-based application access control, network and application visibility and monitoring, leakage detection, VPNs, and other network security technologies. In fact, we need a new unified vision and understanding of network security: one that involves multiple network security functions working together dynamically using open standards. This vision of unified network security has been called “NAC 2.0.”

  8. 15. Front security entrance to the perimeter acquisition radar building, ...

    Library of Congress Historic Buildings Survey, Historic Engineering Record, Historic Landscapes Survey

    15. Front security entrance to the perimeter acquisition radar building, showing rotogates 1 and 2 and entrance door to security operations control center (SOCC), room #108 - Stanley R. Mickelsen Safeguard Complex, Perimeter Acquisition Radar Building, Limited Access Area, between Limited Access Patrol Road & Service Road A, Nekoma, Cavalier County, ND

  9. Steganography-based access control to medical data hidden in electrocardiogram.

    PubMed

    Mai, Vu; Khalil, Ibrahim; Ibaida, Ayman

    2013-01-01

    Steganographic techniques allow secret data to be embedded inside another host data such as an image or a text file without significant changes to the quality of the host data. In this research, we demonstrate how steganography can be used as the main mechanism to build an access control model that gives data owners complete control to their sensitive cardiac health information hidden in their own Electrocardiograms. Our access control model is able to protect the privacy of users, the confidentiality of medical data, reduce storage space and make it more efficient to upload and download large amount of data.

  10. Steganography-based access control to medical data hidden in electrocardiogram.

    PubMed

    Mai, Vu; Khalil, Ibrahim; Ibaida, Ayman

    2013-01-01

    Steganographic techniques allow secret data to be embedded inside another host data such as an image or a text file without significant changes to the quality of the host data. In this research, we demonstrate how steganography can be used as the main mechanism to build an access control model that gives data owners complete control to their sensitive cardiac health information hidden in their own Electrocardiograms. Our access control model is able to protect the privacy of users, the confidentiality of medical data, reduce storage space and make it more efficient to upload and download large amount of data. PMID:24109934

  11. Analysis of Decision Factors for the Application of Information Access Controls within the Organization

    ERIC Educational Resources Information Center

    Foerster, Carl A.

    2013-01-01

    The application of access controls on internal information necessarily impacts the availability of that information for sharing inside the enterprise. The decisions establishing the degree of control are a crucial first step to balance the requirements to protect and share. This research develops a set of basic decision factors and examines other…

  12. 50 CFR 622.17 - South Atlantic golden crab controlled access.

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... 50 Wildlife and Fisheries 12 2012-10-01 2012-10-01 false South Atlantic golden crab controlled... ATLANTIC Effort Limitations § 622.17 South Atlantic golden crab controlled access. (a) General. In accordance with the procedures specified in the Fishery Management Plan for the Golden Crab Fishery of...

  13. 50 CFR 622.17 - South Atlantic golden crab controlled access.

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 50 Wildlife and Fisheries 8 2010-10-01 2010-10-01 false South Atlantic golden crab controlled... ATLANTIC Effort Limitations § 622.17 South Atlantic golden crab controlled access. (a) General. In accordance with the procedures specified in the Fishery Management Plan for the Golden Crab Fishery of...

  14. 50 CFR 622.241 - South Atlantic golden crab controlled access.

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... 50 Wildlife and Fisheries 12 2013-10-01 2013-10-01 false South Atlantic golden crab controlled..., AND SOUTH ATLANTIC Golden Crab Fishery of the South Atlantic Region § 622.241 South Atlantic golden crab controlled access. (a) General. In accordance with the procedures specified in the...

  15. 50 CFR 622.241 - South Atlantic golden crab controlled access.

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 50 Wildlife and Fisheries 12 2014-10-01 2014-10-01 false South Atlantic golden crab controlled..., AND SOUTH ATLANTIC Golden Crab Fishery of the South Atlantic Region § 622.241 South Atlantic golden crab controlled access. (a) General. In accordance with the procedures specified in the...

  16. 50 CFR 622.17 - South Atlantic golden crab controlled access.

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... 50 Wildlife and Fisheries 10 2011-10-01 2011-10-01 false South Atlantic golden crab controlled... ATLANTIC Effort Limitations § 622.17 South Atlantic golden crab controlled access. (a) General. In accordance with the procedures specified in the Fishery Management Plan for the Golden Crab Fishery of...

  17. Wireless video monitoring and robot control in security applications

    NASA Astrophysics Data System (ADS)

    Nurkkala, Eero A.; Pyssysalo, Tino; Roning, Juha

    1998-10-01

    This research focuses on applications based on wireless monitoring and robot control, utilizing motion image and augmented reality. These applications include remote services and surveillance-related functions such as remote monitoring. A remote service can be, for example, a way to deliver products at a hospital or old people's home. Due to the mobile nature of the system, monitoring at places with privacy concerns is possible. On the other hand, mobility demands wireless communications. Suitable and present technologies for wireless video transfer are weighted. Identification of objects with the help of Radio Frequency Identifying (RFID) technology and facial recognition results in intelligent actions, for example, where the control of a robot does not require extensive workload from the user. In other words, tasks can be partially autonomous, RFID can be also used in augmentation of the video view with virtual objects. As a real-life experiment, a prototype environment is being constructed that consists of a robot equipped with a video camera and wireless links to the network and multimedia computer.

  18. Cyber Security for the Spaceport Command and Control System: Vulnerability Management and Compliance Analysis

    NASA Technical Reports Server (NTRS)

    Gunawan, Ryan A.

    2016-01-01

    With the rapid development of the Internet, the number of malicious threats to organizations is continually increasing. In June of 2015, the United States Office of Personnel Management (OPM) had a data breach resulting in the compromise of millions of government employee records. The National Aeronautics and Space Administration (NASA) is not exempt from these attacks. Cyber security is becoming a critical facet to the discussion of moving forward with projects. The Spaceport Command and Control System (SCCS) project at the Kennedy Space Center (KSC) aims to develop the launch control system for the next generation launch vehicle in the coming decades. There are many ways to increase the security of the network it uses, from vulnerability management to ensuring operating system images are compliant with securely configured baselines recommended by the United States Government.

  19. 33 CFR 104.305 - Vessel Security Assessment (VSA) requirements.

    Code of Federal Regulations, 2012 CFR

    2012-07-01

    ..., dock workers, etc.; (4) Frequency and effectiveness of security patrols; (5) Access control systems... and control procedures; (ii) Identification systems; (iii) Surveillance and monitoring equipment; (iv) Personnel identification documents; (v) Communication systems; (vi) Alarms; (vii) Lighting; (viii)...

  20. 33 CFR 104.305 - Vessel Security Assessment (VSA) requirements.

    Code of Federal Regulations, 2011 CFR

    2011-07-01

    ..., dock workers, etc.; (4) Frequency and effectiveness of security patrols; (5) Access control systems... and control procedures; (ii) Identification systems; (iii) Surveillance and monitoring equipment; (iv) Personnel identification documents; (v) Communication systems; (vi) Alarms; (vii) Lighting; (viii)...

  1. 48 CFR 1552.235-75 - Access to Toxic Substances Control Act Confidential Business Information (APR 1996).

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... 48 Federal Acquisition Regulations System 6 2014-10-01 2014-10-01 false Access to Toxic Substances... CONTRACT CLAUSES Texts of Provisions and Clauses 1552.235-75 Access to Toxic Substances Control Act...: Access to Toxic Substances Control Act Confidential Business Information (APR 1996) In order to...

  2. 48 CFR 1552.235-75 - Access to Toxic Substances Control Act Confidential Business Information (APR 1996).

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... 48 Federal Acquisition Regulations System 6 2010-10-01 2010-10-01 true Access to Toxic Substances... CONTRACT CLAUSES Texts of Provisions and Clauses 1552.235-75 Access to Toxic Substances Control Act...: Access to Toxic Substances Control Act Confidential Business Information (APR 1996) In order to...

  3. 48 CFR 1552.235-75 - Access to Toxic Substances Control Act Confidential Business Information (APR 1996).

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... 48 Federal Acquisition Regulations System 6 2012-10-01 2012-10-01 false Access to Toxic Substances... CONTRACT CLAUSES Texts of Provisions and Clauses 1552.235-75 Access to Toxic Substances Control Act...: Access to Toxic Substances Control Act Confidential Business Information (APR 1996) In order to...

  4. Security and Education: A Best-Case Scenario.

    ERIC Educational Resources Information Center

    Jones, Morgan

    2001-01-01

    Describes the design of Indiana's 500,000 square-foot Chesterton High School, which incorporates many security features without creating a fortress atmosphere. Features include a controlled access floor plan, security cameras, and the ability of teachers to silently page security personnel and administrators in cases of health emergencies or…

  5. 6 CFR 5.31 - Security of systems of records.

    Code of Federal Regulations, 2012 CFR

    2012-01-01

    ... AND INFORMATION Privacy Act § 5.31 Security of systems of records. (a) In general. Each component shall establish administrative and physical controls to prevent unauthorized access to its systems of... 6 Domestic Security 1 2012-01-01 2012-01-01 false Security of systems of records. 5.31 Section...

  6. The role of security in the pediatric psychiatric environment.

    PubMed

    Theile, Daniel; Snyder, Bruce

    2009-01-01

    A pediatric psychiatric facility is a unique healthcare environment which requires different approaches to security as well as variations in traditional security practices. In this article the authors describe the security policies and practices to be expected in such facilities from training, partnering with clinical staff, access control, and surveillance systems to dealing with behavioral excesses that may border on the criminal. PMID:19711792

  7. Improving Control System Cyber-State Awareness using Known Secure Sensor Measurements

    SciTech Connect

    Ondrej Linda; Milos Manic; Miles McQueen

    2012-09-01

    Abstract—This paper presents design and simulation of a low cost and low false alarm rate method for improved cyber-state awareness of critical control systems - the Known Secure Sensor Measurements (KSSM) method. The KSSM concept relies on physical measurements to detect malicious falsification of the control systems state. The KSSM method can be incrementally integrated with already installed control systems for enhanced resilience. This paper reviews the previously developed theoretical KSSM concept and then describes a simulation of the KSSM system. A simulated control system network is integrated with the KSSM components. The effectiveness of detection of various intrusion scenarios is demonstrated on several control system network topologies.

  8. Secure Information Sharing

    2005-09-09

    We are develoing a peer-to-peer system to support secure, location independent information sharing in the scientific community. Once complete, this system will allow seamless and secure sharing of information between multiple collaborators. The owners of information will be able to control how the information is stored, managed. ano shared. In addition, users will have faster access to information updates within a collaboration. Groups collaborating on scientific experiments have a need to share information and data.more » This information and data is often represented in the form of files and database entries. In a typical scientific collaboration, there are many different locations where data would naturally be stored. This makes It difficult for collaborators to find and access the information they need. Our goal is to create a lightweight file-sharing system that makes it’easy for collaborators to find and use the data they need. This system must be easy-to-use, easy-to-administer, and secure. Our information-sharing tool uses group communication, in particular the InterGroup protocols, to reliably deliver each query to all of the current participants in a scalable manner, without having to discover all of their identities. We will use the Secure Group Layer (SGL) and Akenti to provide security to the participants of our environment, SGL will provide confldentiality, integrity, authenticity, and authorization enforcement for the InterGroup protocols and Akenti will provide access control to other resources.« less

  9. 27 CFR 73.12 - What security controls must I use for identification codes and passwords?

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... Firearms ALCOHOL AND TOBACCO TAX AND TRADE BUREAU, DEPARTMENT OF THE TREASURY (CONTINUED) PROCEDURES AND PRACTICES ELECTRONIC SIGNATURES; ELECTRONIC SUBMISSION OF FORMS Electronic Signatures § 73.12 What security controls must I use for identification codes and passwords? If you use electronic signatures based upon...

  10. Effects of automatic/controlled access processes on semantic memory in Alzheimer's disease.

    PubMed

    Arroyo-Anlló, Eva M; Bellouard, Stéphanie; Ingrand, Pierre; Gil, Roger

    2011-01-01

    This study examines the impact of automatic/controlled access processes on the semantic network in 30 patients with Alzheimer's disease (AD). The AD group was compared with a control group using a battery of neuropsychological tests, a variation of Hodges's semantic testing battery, designed to assess semantic knowledge. The AD group had markedly lower scores than the normal group on each semantic test, but with a different degree of deterioration depending on the nature of the processes (controlled/automatic) in accessing the semantic network. AD patients had poorer performances on the explicit semantic tasks mainly involving controlled-process access (e.g., the WAIS Similarities Subtest) than those involving mainly automatic-process access (e.g., the Verbal Automatism test). Analyses of confidence intervals allowed a gradient of impaired performances in increasing order to be elaborated: a) the Verbal Automatism test, b) the WAIS Vocabulary Subtest, c) the WAIS Information Subtest, d) the Letter Fluency Task, e) Naming as a Response to Definition, f) the Category Fluency Task, g) the WAIS Similarities Subtest, and h) the Oral Denomination 80 Test. The results of our study suggest that explicit semantic tasks needing passive or automatic processes to access semantic memory would be better preserved in AD. PMID:21471640

  11. 12 CFR Appendix B to Part 30 - Interagency Guidelines Establishing Information Security Standards

    Code of Federal Regulations, 2011 CFR

    2011-01-01

    ...: a. Access controls on customer information systems, including controls to authenticate and permit... institution, including: 4 See Security Guidelines, III.C. a. Access controls on customer information systems... institutions should place access controls on customer information systems and conduct background checks...

  12. 78 FR 65155 - Special Conditions: Learjet Model 45 Series Airplanes; Isolation or Security Protection of the...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2013-10-31

    ... material did not anticipate this type of system architecture or electronic access to aircraft systems... electronic system security protection from unauthorized external access. Type Certification Basis Under Title... navigation systems (aircraft control domain); 2. Operator business and administrative support...

  13. Security during the Construction of New Nuclear Power Plants: Technical Basis for Access Authorization and Fitness-For-Duty Requirements

    SciTech Connect

    Branch, Kristi M.; Baker, Kathryn A.

    2009-09-01

    A technical letter report to the NRC summarizing the findings of a benchmarking study, literature review, and workshop with experts on current industry standards and expert judgments about needs for security during the construction phase of critical infrastructure facilities in the post-September 11 U.S. context, with a special focus on the construction phase of nuclear power plants and personnel security measures.

  14. Dissecting the genetic control of natural variation in salt tolerance of Arabidopsis thaliana accessions

    PubMed Central

    Katori, Taku; Ikeda, Akiro; Iuchi, Satoshi; Kobayashi, Masatomo; Shinozaki, Kazuo; Maehashi, Kenji; Sakata, Yoichi; Tanaka, Shigeo; Taji, Teruaki

    2010-01-01

    Many accessions (ecotypes) of Arabidopsis have been collected. Although few differences exist among their nucleotide sequences, these subtle differences induce large genetic variation in phenotypic traits such as stress tolerance and flowering time. To understand the natural variability in salt tolerance, large-scale soil pot experiments were performed to evaluate salt tolerance among 350 Arabidopsis thaliana accessions. The evaluation revealed a wide variation in the salt tolerance among accessions. Several accessions, including Bu-5, Bur-0, Ll-1, Wl-0, and Zu-0, exhibited marked stress tolerance compared with a salt-sensitive experimental accession, Col-0. The salt-tolerant accessions were also evaluated by agar plate assays. The data obtained by the large-scale assay correlated well with the results of a salt acclimation (SA) assay, in which plants were transferred to high-salinity medium following placement on moderate-salinity medium for 7 d. Genetic analyses indicated that the salt tolerance without SA is a quantitative trait under polygenic control, whereas salt tolerance with SA is regulated by a single gene located on chromosome 5 that is common among the markedly salt-tolerant accessions. These results provide important information for understanding the mechanisms underlying natural variation of salt tolerance in Arabidopsis. PMID:20080827

  15. The Security Factor in School Renovations.

    ERIC Educational Resources Information Center

    Fickes, Michael

    1998-01-01

    Discusses how one Indiana high school used its renovation as an opportunity to reevaluate the school's security design. Security considerations in the building's external and internal environment include lighting, directional signage, parking, access control technology, and issues regarding the use of closed circuit television. (GR)

  16. Performance Evaluation of Virtualization Techniques for Control and Access of Storage Systems in Data Center Applications

    NASA Astrophysics Data System (ADS)

    Ahmadi, Mohammad Reza

    2013-09-01

    Virtualization is a new technology that creates virtual environments based on the existing physical resources. This article evaluates effect of virtualization techniques on control servers and access method in storage systems [1, 2]. In control server virtualization, we have presented a tile based evaluation based on heterogeneous workloads to compare several key parameters and demonstrate effectiveness of virtualization techniques. Moreover, we have evaluated the virtualized model using VMotion techniques and maximum consolidation. In access method, we have prepared three different scenarios using direct, semi-virtual, and virtual attachment models. We have evaluated the proposed models with several workloads including OLTP database, data streaming, file server, web server, etc. Results of evaluation for different criteria confirm that server virtualization technique has high throughput and CPU usage as well as good performance with noticeable agility. Also virtual technique is a successful alternative for accessing to the storage systems especially in large capacity systems. This technique can therefore be an effective solution for expansion of storage area and reduction of access time. Results of different evaluation and measurements demonstrate that the virtualization in control server and full virtual access provide better performance and more agility as well as more utilization in the systems and improve business continuity plan.

  17. Creating a clinical video-conferencing facility in a security-constrained environment using open-source AccessGrid software and consumer hardware.

    PubMed

    Terrazas, Enrique; Hamill, Timothy R; Wang, Ye; Channing Rodgers, R P

    2007-10-11

    The Department of Laboratory Medicine at the University of California, San Francisco (UCSF) has been split into widely separated facilities, leading to much time being spent traveling between facilities for meetings. We installed an open-source AccessGrid multi-media-conferencing system using (largely) consumer-grade equipment, connecting 6 sites at 5 separate facilities. The system was accepted rapidly and enthusiastically, and was inexpensive compared to alternative approaches. Security was addressed by aspects of the AG software and by local network administrative practices. The chief obstacles to deployment arose from security restrictions imposed by multiple independent network administration regimes, requiring a drastically reduced list of network ports employed by AG components.

  18. Creating a Clinical Video-Conferencing Facility in a Security-Constrained Environment Using Open-Source AccessGrid Software and Consumer Hardware

    PubMed Central

    Terrazas, Enrique; Hamill, Timothy R.; Wang, Ye; Channing Rodgers, R. P.

    2007-01-01

    The Department of Laboratory Medicine at the University of California, San Francisco (UCSF) has been split into widely separated facilities, leading to much time being spent traveling between facilities for meetings. We installed an open-source AccessGrid multi-media-conferencing system using (largely) consumer-grade equipment, connecting 6 sites at 5 separate facilities. The system was accepted rapidly and enthusiastically, and was inexpensive compared to alternative approaches. Security was addressed by aspects of the AG software and by local network administrative practices. The chief obstacles to deployment arose from security restrictions imposed by multiple independent network administration regimes, requiring a drastically reduced list of network ports employed by AG components. PMID:18693930

  19. Accessibility to tuberculosis control services and tuberculosis programme performance in southern Ethiopia

    PubMed Central

    Dangisso, Mesay Hailu; Datiko, Daniel Gemechu; Lindtjørn, Bernt

    2015-01-01

    Background Despite the expansion of health services and community-based interventions in Ethiopia, limited evidence exists about the distribution of and access to health facilities and their relationship with the performance of tuberculosis (TB) control programmes. We aim to assess the geographical distribution of and physical accessibility to TB control services and their relationship with TB case notification rates (CNRs) and treatment outcome in the Sidama Zone, southern Ethiopia. Design We carried out an ecological study to assess physical accessibility to TB control facilities and the association of physical accessibility with TB CNRs and treatment outcome. We collected smear-positive pulmonary TB (PTB) cases treated during 2003–2012 from unit TB registers and TB service data such as availability of basic supplies for TB control and geographic locations of health services. We used ArcGIS 10.2 to measure the distance from each enumeration location to the nearest TB control facilities. A linear regression analysis was employed to assess factors associated with TB CNRs and treatment outcome. Results Over a decade the health service coverage (the health facility–to-population ratio) increased by 36% and the accessibility to TB control facilities also improved. Thus, the mean distance from TB control services was 7.6 km in 2003 (ranging from 1.8 to 25.5 km) between kebeles (the smallest administrative units) and had decreased to 3.2 km in 2012 (ranging from 1.5 to 12.4 km). In multivariate linear regression, as distance from TB diagnostic facilities (b-estimate=−0.25, p<0.001) and altitude (b-estimate=−0.31, p<0.001) increased, the CNRs of TB decreased, whereas a higher population density was associated with increased TB CNRs. Similarly, distance to TB control facilities (b-estimate=−0.27, p<0.001) and altitude (b-estimate=−0.30, p<0.001) were inversely associated with treatment success (proportion of treatment completed or cured cases). Conclusions

  20. An RFID-based luggage and passenger tracking system for airport security control applications

    NASA Astrophysics Data System (ADS)

    Vastianos, George E.; Kyriazanos, Dimitris M.; Kountouriotis, Vassilios I.; Thomopoulos, Stelios C. A.

    2014-06-01

    Market analysis studies of recent years have shown a steady and significant increase in the usage of RFID technology. Key factors for this growth were the decreased costs of passive RFIDs and their improved performance compared to the other identification technologies. Besides the benefits of RFID technologies into the supply chains, warehousing, traditional inventory and asset management applications, RFID has proven itself worth exploiting on experimental, as well as on commercial level in other sectors, such as healthcare, transport and security. In security sector, airport security is one of the biggest challenges. Airports are extremely busy public places and thus prime targets for terrorism, with aircraft, passengers, crew and airport infrastructure all subject to terrorist attacks. Inside this labyrinth of security challenges, the long range detection capability of the UHF passive RFID technology can be turned into a very important tracking tool that may outperform all the limitations of the barcode tracking inside the current airport security control chain. The Integrated Systems Lab of NCSR Demokritos has developed an RFID based Luggage and Passenger tracking system within the TASS (FP7-SEC-2010-241905) EU research project. This paper describes application scenarios of the system categorized according to the structured nature of the environment, the system architecture and presents evaluation results extracted from measurements with a group of different massive production GEN2 UHF RFID tags that are widely available in the world market.

  1. 47 CFR 87.395 - Plan for the Security Control of Air Traffic and Air Navigation Aids (Short Title: SCATANA).

    Code of Federal Regulations, 2010 CFR

    2010-10-01

    ... and Air Navigation Aids (Short Title: SCATANA). 87.395 Section 87.395 Telecommunication FEDERAL... Communications § 87.395 Plan for the Security Control of Air Traffic and Air Navigation Aids (Short Title: SCATANA). (a) The Plan for the Security Control of Air Traffic and Air Navigation Aids (SCATANA)...

  2. 47 CFR 87.395 - Plan for the Security Control of Air Traffic and Air Navigation Aids (Short Title: SCATANA).

    Code of Federal Regulations, 2012 CFR

    2012-10-01

    ... and Air Navigation Aids (Short Title: SCATANA). 87.395 Section 87.395 Telecommunication FEDERAL... Communications § 87.395 Plan for the Security Control of Air Traffic and Air Navigation Aids (Short Title: SCATANA). (a) The Plan for the Security Control of Air Traffic and Air Navigation Aids (SCATANA)...

  3. 47 CFR 87.395 - Plan for the Security Control of Air Traffic and Air Navigation Aids (Short Title: SCATANA).

    Code of Federal Regulations, 2014 CFR

    2014-10-01

    ... and Air Navigation Aids (Short Title: SCATANA). 87.395 Section 87.395 Telecommunication FEDERAL... Communications § 87.395 Plan for the Security Control of Air Traffic and Air Navigation Aids (Short Title: SCATANA). (a) The Plan for the Security Control of Air Traffic and Air Navigation Aids (SCATANA)...

  4. 47 CFR 87.395 - Plan for the Security Control of Air Traffic and Air Navigation Aids (Short Title: SCATANA).

    Code of Federal Regulations, 2011 CFR

    2011-10-01

    ... and Air Navigation Aids (Short Title: SCATANA). 87.395 Section 87.395 Telecommunication FEDERAL... Communications § 87.395 Plan for the Security Control of Air Traffic and Air Navigation Aids (Short Title: SCATANA). (a) The Plan for the Security Control of Air Traffic and Air Navigation Aids (SCATANA)...

  5. 47 CFR 87.395 - Plan for the Security Control of Air Traffic and Air Navigation Aids (Short Title: SCATANA).

    Code of Federal Regulations, 2013 CFR

    2013-10-01

    ... and Air Navigation Aids (Short Title: SCATANA). 87.395 Section 87.395 Telecommunication FEDERAL... Communications § 87.395 Plan for the Security Control of Air Traffic and Air Navigation Aids (Short Title: SCATANA). (a) The Plan for the Security Control of Air Traffic and Air Navigation Aids (SCATANA)...

  6. 21 CFR 1301.72 - Physical security controls for non-practitioners; narcotic treatment programs and compounders for...

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 21 Food and Drugs 9 2012-04-01 2012-04-01 false Physical security controls for non-practitioners... Schedules I and II controlled substances under security measures provided by 21 CFR 1301.72(a); (ii) Non... 1301.72 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION...

  7. 21 CFR 1301.72 - Physical security controls for non-practitioners; narcotic treatment programs and compounders for...

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 21 Food and Drugs 9 2011-04-01 2011-04-01 false Physical security controls for non-practitioners... Schedules I and II controlled substances under security measures provided by 21 CFR 1301.72(a); (ii) Non... 1301.72 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION...

  8. 21 CFR 1301.73 - Physical security controls for non-practitioners; compounders for narcotic treatment programs...

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 21 Food and Drugs 9 2013-04-01 2013-04-01 false Physical security controls for non-practitioners; compounders for narcotic treatment programs; manufacturing and compounding areas. 1301.73 Section 1301.73 Food..., DISTRIBUTORS, AND DISPENSERS OF CONTROLLED SUBSTANCES Security Requirements § 1301.73 Physical...

  9. 21 CFR 1301.73 - Physical security controls for non-practitioners; compounders for narcotic treatment programs...

    Code of Federal Regulations, 2011 CFR

    2011-04-01

    ... 21 Food and Drugs 9 2011-04-01 2011-04-01 false Physical security controls for non-practitioners; compounders for narcotic treatment programs; manufacturing and compounding areas. 1301.73 Section 1301.73 Food..., DISTRIBUTORS, AND DISPENSERS OF CONTROLLED SUBSTANCES Security Requirements § 1301.73 Physical...

  10. 21 CFR 1301.73 - Physical security controls for non-practitioners; compounders for narcotic treatment programs...

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 21 Food and Drugs 9 2014-04-01 2014-04-01 false Physical security controls for non-practitioners; compounders for narcotic treatment programs; manufacturing and compounding areas. 1301.73 Section 1301.73 Food..., DISTRIBUTORS, AND DISPENSERS OF CONTROLLED SUBSTANCES Security Requirements § 1301.73 Physical...

  11. 21 CFR 1301.72 - Physical security controls for non-practitioners; narcotic treatment programs and compounders for...

    Code of Federal Regulations, 2013 CFR

    2013-04-01

    ... 21 Food and Drugs 9 2013-04-01 2013-04-01 false Physical security controls for non-practitioners... Schedules I and II controlled substances under security measures provided by 21 CFR 1301.72(a); (ii) Non... 1301.72 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION...

  12. 21 CFR 1301.72 - Physical security controls for non-practitioners; narcotic treatment programs and compounders for...

    Code of Federal Regulations, 2014 CFR

    2014-04-01

    ... 21 Food and Drugs 9 2014-04-01 2014-04-01 false Physical security controls for non-practitioners... Schedules I and II controlled substances under security measures provided by 21 CFR 1301.72(a); (ii) Non... 1301.72 Food and Drugs DRUG ENFORCEMENT ADMINISTRATION, DEPARTMENT OF JUSTICE REGISTRATION...

  13. 21 CFR 1301.73 - Physical security controls for non-practitioners; compounders for narcotic treatment programs...

    Code of Federal Regulations, 2012 CFR

    2012-04-01

    ... 21 Food and Drugs 9 2012-04-01 2012-04-01 false Physical security controls for non-practitioners; compounders for narcotic treatment programs; manufacturing and compounding areas. 1301.73 Section 1301.73 Food..., DISTRIBUTORS, AND DISPENSERS OF CONTROLLED SUBSTANCES Security Requirements § 1301.73 Physical...

  14. 21 CFR 1301.73 - Physical security controls for non-practitioners; compounders for narcotic treatment programs...

    Code of Federal Regulations, 2010 CFR

    2010-04-01

    ... 21 Food and Drugs 9 2010-04-01 2010-04-01 false Physical security controls for non-practitioners; compounders for narcotic treatment programs; manufacturing and compounding areas. 1301.73 Section 1301.73 Food..., DISTRIBUTORS, AND DISPENSERS OF CONTROLLED SUBSTANCES Security Requirements § 1301.73 Physical...

  15. Secure Adaptive Topology Control for Wireless Ad-Hoc Sensor Networks

    PubMed Central

    Hsueh, Ching-Tsung; Li, Yu-Wei; Wen, Chih-Yu; Ouyang, Yen-Chieh

    2010-01-01

    This paper presents a secure decentralized clustering algorithm for wireless ad-hoc sensor networks. The algorithm operates without a centralized controller, operates asynchronously, and does not require that the location of the sensors be known a priori. Based on the cluster-based topology, secure hierarchical communication protocols and dynamic quarantine strategies are introduced to defend against spam attacks, since this type of attacks can exhaust the energy of sensor nodes and will shorten the lifetime of a sensor network drastically. By adjusting the threshold of infected percentage of the cluster coverage, our scheme can dynamically coordinate the proportion of the quarantine region and adaptively achieve the cluster control and the neighborhood control of attacks. Simulation results show that the proposed approach is feasible and cost effective for wireless sensor networks. PMID:22205866

  16. Hysteresis-based congestion control at the B-ISDN access

    NASA Astrophysics Data System (ADS)

    Wissing, Johannes

    1993-11-01

    Multiplexing of bursty sources and refined congestion control strategies are still the subject of numerous research activities. Broadband applications with very high peak-to-mean bitrate ratio and long silence periods like still picture video gave rise to different ideas of rate control at the B-ISDN network access. Contributions on Input Rate Control for source coded traffic as well as on Server Rate Control within a LAN/ATM Interworking Unit have recently been presented. This paper addresses a congestion avoidance strategy at the network access regarding the aggregated traffic of bursty sources. Depending on the number of active sources as well as on certain defined congestion levels the cell rate at the network access is controlled. The proposed analytical approach is based on the model of uniform and continuous arrival and service. The selected underlying Markov chain contains `split' states in order to handle the congestion correlation. The proposed model is extended to an adaptive Non-Markov system where the buffer filling level is evaluated using a switching hysteresis. This type of congestion measurement turns out to be very useful for an adaptive rate control mechanism that guarantees a certain quality of service while still achieving a good statistical gain. The analytical approach is confirmed by results of a computer simulation that is extended to the more complex case of adaptive rate control.

  17. The need for the use of XACML access control policy in a distributed EHR and some performance considerations.

    PubMed

    Sucurovic, Snezana; Milutinovic, Veljko

    2008-01-01

    The Internet based distributed large scale information systems implements attribute based access control (ABAC) rather than Role Based Access Control (RBAC). The reason is that the Internet is identity less and that ABAC scales better. EXtensible Access Control Markup Language is standardized language for writing access control policies, access control requests and access control responses in ABAC. XACML can provide decentralized administration and credentials distribution. In year 2002 version of CEN ENV 13 606 attributes have been attached to EHCR components and in such a system ABAC and XACML have been easy to implement. This paper presents writing XACML policies in the case when attributes are in hierarchical structure. It is presented two possible solutions to write XACML policy in that case and that the solution when set functions are used is more compact and provides 10% better performances.

  18. Prevention and Control of Dental Disease through Improved Access to Comprehensive Care.

    ERIC Educational Resources Information Center

    American Dental Association, Chicago, IL.

    Prevention of dental disease is the key to improving the nation's oral health. The American Dental Association (ADA) program of prevention and control of dental disease through improved access to comprehensive care concentrates on those who have special difficulties in receiving care: the poor, the elderly, the handicapped, the institutionalized…

  19. Mining Roles and Access Control for Relational Data under Privacy and Accuracy Constraints

    ERIC Educational Resources Information Center

    Pervaiz, Zahid

    2013-01-01

    Access control mechanisms protect sensitive information from unauthorized users. However, when sensitive information is shared and a Privacy Protection Mechanism (PPM) is not in place, an authorized insider can still compromise the privacy of a person leading to identity disclosure. A PPM can use suppression and generalization to anonymize and…

  20. 77 FR 26789 - Certain Semiconductor Chips Having Synchronous Dynamic Random Access Memory Controllers and...

    Federal Register 2010, 2011, 2012, 2013, 2014

    2012-05-07

    ... violation of section 337 in the infringement of certain patents. 73 FR 75131. The principal respondent was... order. 75 FR 44989-90 (July 30, 2010). The Commission also issued cease and desist orders against those... COMMISSION Certain Semiconductor Chips Having Synchronous Dynamic Random Access Memory Controllers...