Turning Access into a web-enabled secure information system for clinical trials.

PubMed

Dongquan Chen; Chen, Wei-Bang; Soong, Mayhue; Soong, Seng-Jaw; Orthner, Helmuth F

2009-08-01

Organizations that have limited resources need to conduct clinical studies in a cost-effective, but secure way. Clinical data residing in various individual databases need to be easily accessed and secured. Although widely available, digital certification, encryption, and secure web server, have not been implemented as widely, partly due to a lack of understanding of needs and concerns over issues such as cost and difficulty in implementation. The objective of this study was to test the possibility of centralizing various databases and to demonstrate ways of offering an alternative to a large-scale comprehensive and costly commercial product, especially for simple phase I and II trials, with reasonable convenience and security. We report a working procedure to transform and develop a standalone Access database into a secure Web-based secure information system. For data collection and reporting purposes, we centralized several individual databases; developed, and tested a web-based secure server using self-issued digital certificates. The system lacks audit trails. The cost of development and maintenance may hinder its wide application. The clinical trial databases scattered in various departments of an institution could be centralized into a web-enabled secure information system. The limitations such as the lack of a calendar and audit trail can be partially addressed with additional programming. The centralized Web system may provide an alternative to a comprehensive clinical trial management system.

Access Control of Web- and Java-Based Applications

NASA Technical Reports Server (NTRS)

Tso, Kam S.; Pajevski, Michael J.

2013-01-01

Cybersecurity has become a great concern as threats of service interruption, unauthorized access, stealing and altering of information, and spreading of viruses have become more prevalent and serious. Application layer access control of applications is a critical component in the overall security solution that also includes encryption, firewalls, virtual private networks, antivirus, and intrusion detection. An access control solution, based on an open-source access manager augmented with custom software components, was developed to provide protection to both Web-based and Javabased client and server applications. The DISA Security Service (DISA-SS) provides common access control capabilities for AMMOS software applications through a set of application programming interfaces (APIs) and network- accessible security services for authentication, single sign-on, authorization checking, and authorization policy management. The OpenAM access management technology designed for Web applications can be extended to meet the needs of Java thick clients and stand alone servers that are commonly used in the JPL AMMOS environment. The DISA-SS reusable components have greatly reduced the effort for each AMMOS subsystem to develop its own access control strategy. The novelty of this work is that it leverages an open-source access management product that was designed for Webbased applications to provide access control for Java thick clients and Java standalone servers. Thick clients and standalone servers are still commonly used in businesses and government, especially for applications that require rich graphical user interfaces and high-performance visualization that cannot be met by thin clients running on Web browsers

Modeling, Simulation and Analysis of Public Key Infrastructure

NASA Technical Reports Server (NTRS)

Liu, Yuan-Kwei; Tuey, Richard; Ma, Paul (Technical Monitor)

1998-01-01

Security is an essential part of network communication. The advances in cryptography have provided solutions to many of the network security requirements. Public Key Infrastructure (PKI) is the foundation of the cryptography applications. The main objective of this research is to design a model to simulate a reliable, scalable, manageable, and high-performance public key infrastructure. We build a model to simulate the NASA public key infrastructure by using SimProcess and MatLab Software. The simulation is from top level all the way down to the computation needed for encryption, decryption, digital signature, and secure web server. The application of secure web server could be utilized in wireless communications. The results of the simulation are analyzed and confirmed by using queueing theory.

A Policy Based Approach for the Management of Web Browser Resources to Prevent Anonymity Attacks in Tor

NASA Astrophysics Data System (ADS)

Navarro-Arribas, Guillermo; Garcia-Alfaro, Joaquin

Web browsers are becoming the universal interface to reach applications and services related with these systems. Different browsing contexts may be required in order to reach them, e.g., use of VPN tunnels, corporate proxies, anonymisers, etc. By browsing context we mean how the user browsers the Web, including mainly the concrete configuration of its browser. When the context of the browser changes, its security requirements also change. In this work, we present the use of authorisation policies to automatise the process of controlling the resources of a Web browser when its context changes. The objective of our proposal is oriented towards easing the adaptation to the security requirements of the new context and enforce them in the browser without the need for user intervention. We present a concrete application of our work as a plug-in for the adaption of security requirements in Mozilla/Firefox browser when a context of anonymous navigation through the Tor network is enabled.

Recent advancements on the development of web-based applications for the implementation of seismic analysis and surveillance systems

NASA Astrophysics Data System (ADS)

Friberg, P. A.; Luis, R. S.; Quintiliani, M.; Lisowski, S.; Hunter, S.

2014-12-01

Recently, a novel set of modules has been included in the Open Source Earthworm seismic data processing system, supporting the use of web applications. These include the Mole sub-system, for storing relevant event data in a MySQL database (see M. Quintiliani and S. Pintore, SRL, 2013), and an embedded webserver, Moleserv, for serving such data to web clients in QuakeML format. These modules have enabled, for the first time using Earthworm, the use of web applications for seismic data processing. These can greatly simplify the operation and maintenance of seismic data processing centers by having one or more servers providing the relevant data as well as the data processing applications themselves to client machines running arbitrary operating systems.Web applications with secure online web access allow operators to work anywhere, without the often cumbersome and bandwidth hungry use of secure shell or virtual private networks. Furthermore, web applications can seamlessly access third party data repositories to acquire additional information, such as maps. Finally, the usage of HTML email brought the possibility of specialized web applications, to be used in email clients. This is the case of EWHTMLEmail, which produces event notification emails that are in fact simple web applications for plotting relevant seismic data.Providing web services as part of Earthworm has enabled a number of other tools as well. One is ISTI's EZ Earthworm, a web based command and control system for an otherwise command line driven system; another is a waveform web service. The waveform web service serves Earthworm data to additional web clients for plotting, picking, and other web-based processing tools. The current Earthworm waveform web service hosts an advanced plotting capability for providing views of event-based waveforms from a Mole database served by Moleserve.The current trend towards the usage of cloud services supported by web applications is driving improvements in JavaScript, css and HTML, as well as faster and more efficient web browsers, including mobile. It is foreseeable that in the near future, web applications are as powerful and efficient as native applications. Hence the work described here has been the first step towards bringing the Open Source Earthworm seismic data processing system to this new paradigm.

Web-Enabled Systems for Student Access.

ERIC Educational Resources Information Center

Harris, Chad S.; Herring, Tom

1999-01-01

California State University, Fullerton is developing a suite of server-based, Web-enabled applications that distribute the functionality of its student information system software to external customers without modifying the mainframe applications or databases. The cost-effective, secure, and rapidly deployable business solution involves using the…

20 CFR 418.3220 - When is your application considered filed?

Code of Federal Regulations, 2010 CFR

2010-04-01

...? 418.3220 Section 418.3220 Employees' Benefits SOCIAL SECURITY ADMINISTRATION MEDICARE SUBSIDIES... the day it is submitted electronically through our Internet Web site. If a State Medicaid agency... subsidy application from our Internet Web site where the requirements set forth in § 418.3230 are met. ...

20 CFR 418.3220 - When is your application considered filed?

Code of Federal Regulations, 2011 CFR

2011-04-01

...? 418.3220 Section 418.3220 Employees' Benefits SOCIAL SECURITY ADMINISTRATION MEDICARE SUBSIDIES... the day it is submitted electronically through our Internet Web site. If a State Medicaid agency... subsidy application from our Internet Web site where the requirements set forth in § 418.3230 are met. ...

Security Aspects of an Enterprise-Wide Network Architecture.

ERIC Educational Resources Information Center

Loew, Robert; Stengel, Ingo; Bleimann, Udo; McDonald, Aidan

1999-01-01

Presents an overview of two projects that concern local area networks and the common point between networks as they relate to network security. Discusses security architectures based on firewall components, packet filters, application gateways, security-management components, an intranet solution, user registration by Web form, and requests for…

Access Control of Web and Java Based Applications

NASA Technical Reports Server (NTRS)

Tso, Kam S.; Pajevski, Michael J.; Johnson, Bryan

2011-01-01

Cyber security has gained national and international attention as a result of near continuous headlines from financial institutions, retail stores, government offices and universities reporting compromised systems and stolen data. Concerns continue to rise as threats of service interruption, and spreading of viruses become ever more prevalent and serious. Controlling access to application layer resources is a critical component in a layered security solution that includes encryption, firewalls, virtual private networks, antivirus, and intrusion detection. In this paper we discuss the development of an application-level access control solution, based on an open-source access manager augmented with custom software components, to provide protection to both Web-based and Java-based client and server applications.

Network Science Research Laboratory (NSRL) Telemetry Warehouse

DTIC Science & Technology

2016-06-01

Functionality and architecture of the NSRL Telemetry Warehouse are also described as well as the web interface, data structure, security aspects, and...Experiment Controller 6 4.5 Telemetry Sensors 7 4.6 Custom Data Processing Nodes 7 5. Web Interface 8 6. Data Structure 8 6.1 Measurements 8...telemetry in comma-separated value (CSV) format from the web interface or via custom applications developed by researchers using the client application

The informatics superhighway: prototyping on the World Wide Web.

PubMed

Cimino, J J; Socratous, S A; Grewal, R

1995-01-01

We have experimented with developing a prototype Surgeon's Workstation which makes use of the World Wide Web client-server architecture. Although originally intended merely as a means for obtaining user feedback for use in designing a "real" system, the application has been adopted for use by our Department of Surgery. As they begin to use the application, they have suggested changes and we have responded. This paper illustrates some of the advantages we have found for prototyping with Web-based applications, including security aspects.

77 FR 22806 - Notice of Availability of Funds and Solicitation for Grant Applications for Cooperative...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-04-17

... and adults with disabilities who are unemployed, underemployed, and/or receiving Social Security... connection with this solicitation are described in further detail on ETA's Web site at http://www.doleta.gov/grants/ or on http://www.grants.gov . The Web sites provide application information, eligibility...

Session management for web-based healthcare applications.

PubMed Central

Wei, L.; Sengupta, S.

1999-01-01

In health care systems, users may access multiple applications during one session of interaction with the system. However, users must sign on to each application individually, and it is difficult to maintain a common context among these applications. We are developing a session management system for web-based applications using LDAP directory service, which will allow single sign-on to multiple web-based applications, and maintain a common context among those applications for the user. This paper discusses the motivations for building this system, the system architecture, and the challenges of our approach, such as the session objects management for the user, and session security. PMID:10566511

Web Application Software for Ground Operations Planning Database (GOPDb) Management

NASA Technical Reports Server (NTRS)

Lanham, Clifton; Kallner, Shawn; Gernand, Jeffrey

2013-01-01

A Web application facilitates collaborative development of the ground operations planning document. This will reduce costs and development time for new programs by incorporating the data governance, access control, and revision tracking of the ground operations planning data. Ground Operations Planning requires the creation and maintenance of detailed timelines and documentation. The GOPDb Web application was created using state-of-the-art Web 2.0 technologies, and was deployed as SaaS (Software as a Service), with an emphasis on data governance and security needs. Application access is managed using two-factor authentication, with data write permissions tied to user roles and responsibilities. Multiple instances of the application can be deployed on a Web server to meet the robust needs for multiple, future programs with minimal additional cost. This innovation features high availability and scalability, with no additional software that needs to be bought or installed. For data governance and security (data quality, management, business process management, and risk management for data handling), the software uses NAMS. No local copy/cloning of data is permitted. Data change log/tracking is addressed, as well as collaboration, work flow, and process standardization. The software provides on-line documentation and detailed Web-based help. There are multiple ways that this software can be deployed on a Web server to meet ground operations planning needs for future programs. The software could be used to support commercial crew ground operations planning, as well as commercial payload/satellite ground operations planning. The application source code and database schema are owned by NASA.

WebCIS: large scale deployment of a Web-based clinical information system.

PubMed

Hripcsak, G; Cimino, J J; Sengupta, S

1999-01-01

WebCIS is a Web-based clinical information system. It sits atop the existing Columbia University clinical information system architecture, which includes a clinical repository, the Medical Entities Dictionary, an HL7 interface engine, and an Arden Syntax based clinical event monitor. WebCIS security features include authentication with secure tokens, authorization maintained in an LDAP server, SSL encryption, permanent audit logs, and application time outs. WebCIS is currently used by 810 physicians at the Columbia-Presbyterian center of New York Presbyterian Healthcare to review and enter data into the electronic medical record. Current deployment challenges include maintaining adequate database performance despite complex queries, replacing large numbers of computers that cannot run modern Web browsers, and training users that have never logged onto the Web. Although the raised expectations and higher goals have increased deployment costs, the end result is a far more functional, far more available system.

Proposal and Implementation of SSH Client System Using Ajax

NASA Astrophysics Data System (ADS)

Kosuda, Yusuke; Sasaki, Ryoichi

Technology called Ajax gives web applications the functionality and operability of desktop applications. In this study, we propose and implement a Secure Shell (SSH) client system using Ajax, independent of the OS or Java execution environment. In this system, SSH packets are generated on a web browser by using JavaScript and a web server works as a proxy in communication with an SSH server to realize end-to-end SSH communication. We implemented a prototype program and confirmed by experiment that it runs on several web browsers and mobile phones. This system has enabled secure SSH communication from a PC at an Internet cafe or any mobile phone. By measuring the processing performance, we verified satisfactory performance for emergency use, although the speed was unsatisfactory in some cases with mobile phone. The system proposed in this study will be effective in various fields of E-Business.

Efficient Authorization of Rich Presence Using Secure and Composed Web Services

NASA Astrophysics Data System (ADS)

Li, Li; Chou, Wu

This paper presents an extended Role-Based Access Control (RBAC) model for efficient authorization of rich presence using secure web services composed with an abstract presence data model. Following the information symmetry principle, the standard RBAC model is extended to support context sensitive social relations and cascaded authority. In conjunction with the extended RBAC model, we introduce an extensible presence architecture prototype using WS-Security and WS-Eventing to secure rich presence information exchanges based on PKI certificates. Applications and performance measurements of our presence system are presented to show that the proposed RBAC framework for presence and collaboration is well suited for real-time communication and collaboration.

Applications of Multi-Channel Safety Authentication Protocols in Wireless Networks.

PubMed

Chen, Young-Long; Liau, Ren-Hau; Chang, Liang-Yu

2016-01-01

People can use their web browser or mobile devices to access web services and applications which are built into these servers. Users have to input their identity and password to login the server. The identity and password may be appropriated by hackers when the network environment is not safe. The multiple secure authentication protocol can improve the security of the network environment. Mobile devices can be used to pass the authentication messages through Wi-Fi or 3G networks to serve as a second communication channel. The content of the message number is not considered in a multiple secure authentication protocol. The more excessive transmission of messages would be easier to collect and decode by hackers. In this paper, we propose two schemes which allow the server to validate the user and reduce the number of messages using the XOR operation. Our schemes can improve the security of the authentication protocol. The experimental results show that our proposed authentication protocols are more secure and effective. In regard to applications of second authentication communication channels for a smart access control system, identity identification and E-wallet, our proposed authentication protocols can ensure the safety of person and property, and achieve more effective security management mechanisms.

75 FR 40864 - Notice of Fiscal Year 2010 Border Grant Funding and Solicitation for Applications

Federal Register 2010, 2011, 2012, 2013, 2014

2010-07-14

... Federal Grant Web site, http://www.grants.gov . Eligible projects for funding with BEG are identified in... applications for BEG funding at the Federal Grant Web site, http://www.grants.gov . FOR FURTHER INFORMATION... the MOE explanation, http://www.fmcsa.dot.gov/safety-security/grants/beg/moe.aspx . The Border...

A Secure Web Application Providing Public Access to High-Performance Data Intensive Scientific Resources - ScalaBLAST Web Application

DOE Office of Scientific and Technical Information (OSTI.GOV)

Curtis, Darren S.; Peterson, Elena S.; Oehmen, Chris S.

2008-05-04

This work presents the ScalaBLAST Web Application (SWA), a web based application implemented using the PHP script language, MySQL DBMS, and Apache web server under a GNU/Linux platform. SWA is an application built as part of the Data Intensive Computer for Complex Biological Systems (DICCBS) project at the Pacific Northwest National Laboratory (PNNL). SWA delivers accelerated throughput of bioinformatics analysis via high-performance computing through a convenient, easy-to-use web interface. This approach greatly enhances emerging fields of study in biology such as ontology-based homology, and multiple whole genome comparisons which, in the absence of a tool like SWA, require a heroicmore » effort to overcome the computational bottleneck associated with genome analysis. The current version of SWA includes a user account management system, a web based user interface, and a backend process that generates the files necessary for the Internet scientific community to submit a ScalaBLAST parallel processing job on a dedicated cluster.« less

Development of Standardized Clinical Training Cases for Diagnosis of Sexual Abuse using a Secure Telehealth Application

ERIC Educational Resources Information Center

Frasier, Lori D.; Thraen, Ioana; Kaplan, Rich; Goede, Patricia

2012-01-01

Objectives: The training of physicians, nurse examiners, social workers and other health professional on the evidentiary findings of sexual abuse in children is challenging. Our objective was to develop peer reviewed training cases for medical examiners of child sexual abuse, using a secure web based telehealth application (TeleCAM). Methods:…

Cyber Security Applications: Freeware & Shareware

ERIC Educational Resources Information Center

Rogers, Gary; Ashford, Tina

2015-01-01

This paper will discuss some assignments using freeware/shareware instructors can find on the Web to use to provide students with hands-on experience in this arena. Also, the college, Palm Beach State College, via a grant with the U.S. Department of Labor, has recently purchased a unique cyber security device that simulates cyber security attacks…

The Internet: Past, Present, and Future.

ERIC Educational Resources Information Center

Galbreath, Jeremy, Ed.

1997-01-01

Examines the "reality behind the hype" surrounding the Internet. Discusses its early development; growth and present state; and key applications, including e-mail, voice/video telephony, integrated messaging, electronic commerce, the World Wide Web, and Web commerce, Intranet, Extranet; education and training; security; ownership; and…

Design of web platform for science and engineering in the model of open market

NASA Astrophysics Data System (ADS)

Demichev, A. P.; Kryukov, A. P.

2016-09-01

This paper presents a design and operation algorithms of a web-platform for convenient, secure and effective remote interaction on the principles of the open market of users and providers of scientific application software and databases.

Investigating weaknesses in Android certificate security

NASA Astrophysics Data System (ADS)

Krych, Daniel E.; Lange-Maney, Stephen; McDaniel, Patrick; Glodek, William

2015-05-01

Android's application market relies on secure certificate generation to establish trust between applications and their users; yet, cryptography is often not a priority for application developers and many fail to take the necessary security precautions. Indeed, there is cause for concern: several recent high-profile studies have observed a pervasive lack of entropy on Web-systems leading to the factorization of private keys.1 Sufficient entropy, or randomness, is essential to generate secure key pairs and combat predictable key generation. In this paper, we analyze the security of Android certificates. We investigate the entropy present in 550,000 Android application certificates using the Quasilinear GCD finding algorithm.1 Our results show that while the lack of entropy does not appear to be as ubiquitous in the mobile markets as on Web-systems, there is substantial reuse of certificates only one third of the certificates in our dataset were unique. In other words, we find that organizations frequently reuse certificates for different applications. While such a practice is acceptable under Google's specifications for a single developer, we find that in some cases the same certificates are used for a myriad of developers, potentially compromising Android's intended trust relationships. Further, we observed duplicate certificates being used by both malicious and non-malicious applications. The top 3 repeated certificates present in our dataset accounted for a total of 11,438 separate APKs. Of these applications, 451, or roughly 4%, were identified as malicious by antivirus services.

Enterprise Considerations for Ports and Protocols

DTIC Science & Technology

2016-10-21

selected communications. These protocols are restricted to specific ports or addresses in the receiving web service. HTTPS is familiarly restricted...in use by the web services and applications that are connected to the network are required for interoperability and security. Policies specify the...network or reside at the end-points (i.e., web services or clients). ____________________________ Manuscript received June 1, 2016; revised July

Special Reports; Homeland Security and Information Management; The Development of Electronic Government in the United States: The Federal Policy Experience; Digital Rights Management: Why Libraries Should Be Major Players; The Current State and Future Promise of Portal Applications; Recruitment and Retention: A Professional Concern.

ERIC Educational Resources Information Center

Relyea, Harold C.; Halchin, L. Elaine; Hogue, Henry B.; Agnew, Grace; Martin, Mairead; Schottlaender, Brian E. C.; Jackson, Mary E.

2003-01-01

Theses five reports address five special issues: the effects of the September 11 attacks on information management, including homeland security, Web site information removal, scientific and technical information, and privacy concerns; federal policy for electronic government information; digital rights management and libraries; library Web portal…

Proof of Concept Integration of a Single-Level Service-Oriented Architecture into a Multi-Domain Secure Environment

DTIC Science & Technology

2008-03-01

Machine [29]. OC4J applications support Java Servlets , Web services, and the following J2EE specific standards: Extensible Markup Language (XML...IMAP Internet Message Access Protocol IP Internet Protocol IT Information Technology xviii J2EE Java Enterprise Environment JSR 168 Java ...LDAP), World Wide Web Distributed Authoring and Versioning (WebDav), Java Specification Request 168 (JSR 168), and Web Services for Remote

Clinical software development for the Web: lessons learned from the BOADICEA project

PubMed Central

2012-01-01

Background In the past 20 years, society has witnessed the following landmark scientific advances: (i) the sequencing of the human genome, (ii) the distribution of software by the open source movement, and (iii) the invention of the World Wide Web. Together, these advances have provided a new impetus for clinical software development: developers now translate the products of human genomic research into clinical software tools; they use open-source programs to build them; and they use the Web to deliver them. Whilst this open-source component-based approach has undoubtedly made clinical software development easier, clinical software projects are still hampered by problems that traditionally accompany the software process. This study describes the development of the BOADICEA Web Application, a computer program used by clinical geneticists to assess risks to patients with a family history of breast and ovarian cancer. The key challenge of the BOADICEA Web Application project was to deliver a program that was safe, secure and easy for healthcare professionals to use. We focus on the software process, problems faced, and lessons learned. Our key objectives are: (i) to highlight key clinical software development issues; (ii) to demonstrate how software engineering tools and techniques can facilitate clinical software development for the benefit of individuals who lack software engineering expertise; and (iii) to provide a clinical software development case report that can be used as a basis for discussion at the start of future projects. Results We developed the BOADICEA Web Application using an evolutionary software process. Our approach to Web implementation was conservative and we used conventional software engineering tools and techniques. The principal software development activities were: requirements, design, implementation, testing, documentation and maintenance. The BOADICEA Web Application has now been widely adopted by clinical geneticists and researchers. BOADICEA Web Application version 1 was released for general use in November 2007. By May 2010, we had > 1200 registered users based in the UK, USA, Canada, South America, Europe, Africa, Middle East, SE Asia, Australia and New Zealand. Conclusions We found that an evolutionary software process was effective when we developed the BOADICEA Web Application. The key clinical software development issues identified during the BOADICEA Web Application project were: software reliability, Web security, clinical data protection and user feedback. PMID:22490389

Clinical software development for the Web: lessons learned from the BOADICEA project.

PubMed

Cunningham, Alex P; Antoniou, Antonis C; Easton, Douglas F

2012-04-10

In the past 20 years, society has witnessed the following landmark scientific advances: (i) the sequencing of the human genome, (ii) the distribution of software by the open source movement, and (iii) the invention of the World Wide Web. Together, these advances have provided a new impetus for clinical software development: developers now translate the products of human genomic research into clinical software tools; they use open-source programs to build them; and they use the Web to deliver them. Whilst this open-source component-based approach has undoubtedly made clinical software development easier, clinical software projects are still hampered by problems that traditionally accompany the software process. This study describes the development of the BOADICEA Web Application, a computer program used by clinical geneticists to assess risks to patients with a family history of breast and ovarian cancer. The key challenge of the BOADICEA Web Application project was to deliver a program that was safe, secure and easy for healthcare professionals to use. We focus on the software process, problems faced, and lessons learned. Our key objectives are: (i) to highlight key clinical software development issues; (ii) to demonstrate how software engineering tools and techniques can facilitate clinical software development for the benefit of individuals who lack software engineering expertise; and (iii) to provide a clinical software development case report that can be used as a basis for discussion at the start of future projects. We developed the BOADICEA Web Application using an evolutionary software process. Our approach to Web implementation was conservative and we used conventional software engineering tools and techniques. The principal software development activities were: requirements, design, implementation, testing, documentation and maintenance. The BOADICEA Web Application has now been widely adopted by clinical geneticists and researchers. BOADICEA Web Application version 1 was released for general use in November 2007. By May 2010, we had > 1200 registered users based in the UK, USA, Canada, South America, Europe, Africa, Middle East, SE Asia, Australia and New Zealand. We found that an evolutionary software process was effective when we developed the BOADICEA Web Application. The key clinical software development issues identified during the BOADICEA Web Application project were: software reliability, Web security, clinical data protection and user feedback.

Secure electronic commerce communication system based on CA

NASA Astrophysics Data System (ADS)

Chen, Deyun; Zhang, Junfeng; Pei, Shujun

2001-07-01

In this paper, we introduce the situation of electronic commercial security, then we analyze the working process and security for SSL protocol. At last, we propose a secure electronic commerce communication system based on CA. The system provide secure services such as encryption, integer, peer authentication and non-repudiation for application layer communication software of browser clients' and web server. The system can implement automatic allocation and united management of key through setting up the CA in the network.

A Security Architecture for Grid-enabling OGC Web Services

NASA Astrophysics Data System (ADS)

Angelini, Valerio; Petronzio, Luca

2010-05-01

In the proposed presentation we describe an architectural solution for enabling a secure access to Grids and possibly other large scale on-demand processing infrastructures through OGC (Open Geospatial Consortium) Web Services (OWS). This work has been carried out in the context of the security thread of the G-OWS Working Group. G-OWS (gLite enablement of OGC Web Services) is an international open initiative started in 2008 by the European CYCLOPS , GENESI-DR, and DORII Project Consortia in order to collect/coordinate experiences in the enablement of OWS's on top of the gLite Grid middleware. G-OWS investigates the problem of the development of Spatial Data and Information Infrastructures (SDI and SII) based on the Grid/Cloud capacity in order to enable Earth Science applications and tools. Concerning security issues, the integration of OWS compliant infrastructures and gLite Grids needs to address relevant challenges, due to their respective design principles. In fact OWS's are part of a Web based architecture that demands security aspects to other specifications, whereas the gLite middleware implements the Grid paradigm with a strong security model (the gLite Grid Security Infrastructure: GSI). In our work we propose a Security Architectural Framework allowing the seamless use of Grid-enabled OGC Web Services through the federation of existing security systems (mostly web based) with the gLite GSI. This is made possible mediating between different security realms, whose mutual trust is established in advance during the deployment of the system itself. Our architecture is composed of three different security tiers: the user's security system, a specific G-OWS security system, and the gLite Grid Security Infrastructure. Applying the separation-of-concerns principle, each of these tiers is responsible for controlling the access to a well-defined resource set, respectively: the user's organization resources, the geospatial resources and services, and the Grid resources. While the gLite middleware is tied to a consolidated security approach based on X.509 certificates, our system is able to support different kinds of user's security infrastructures. Our central component, the G-OWS Security Framework, is based on the OASIS WS-Trust specifications and on the OGC GeoRM architectural framework. This allows to satisfy advanced requirements such as the enforcement of specific geospatial policies and complex secure web service chained requests. The typical use case is represented by a scientist belonging to a given organization who issues a request to a G-OWS Grid-enabled Web Service. The system initially asks the user to authenticate to his/her organization's security system and, after verification of the user's security credentials, it translates the user's digital identity into a G-OWS identity. This identity is linked to a set of attributes describing the user's access rights to the G-OWS services and resources. Inside the G-OWS Security system, access restrictions are applied making use of the enhanced Geospatial capabilities specified by the OGC GeoXACML. If the required action needs to make use of the Grid environment the system checks if the user is entitled to access a Grid infrastructure. In that case his/her identity is translated to a temporary Grid security token using the Short Lived Credential Services (IGTF Standard). In our case, for the specific gLite Grid infrastructure, some information (VOMS Attributes) is plugged into the Grid Security Token to grant the access to the user's Virtual Organization Grid resources. The resulting token is used to submit the request to the Grid and also by the various gLite middleware elements to verify the user's grants. Basing on the presented framework, the G-OWS Security Working Group developed a prototype, enabling the execution of OGC Web Services on the EGEE Production Grid through the federation with a Shibboleth based security infrastructure. Future plans aim to integrate other Web authentication services such as OpenID, Kerberos and WS-Federation.

Technical Considerations in Remote LIMS Access via the World Wide Web

PubMed Central

Schlabach, David M.

2005-01-01

The increased dependency on the World Wide Web by both laboratories and their customers has led LIMS developers to take advantage of thin-client web applications that provide both remote data entry and manipulation, along with remote reporting functionality. Use of an LIMS through a web browser allows a person to interact with a distant application, providing both remote administration and real-time analytical result delivery from virtually anywhere in the world. While there are many benefits of web-based LIMS applications, some concern must be given to these new methods of system architecture before justifying them as a suitable replacement for their traditional client-server systems. Developers and consumers alike must consider the security aspects of introducing a wide area network capable system into a production environment, as well as the concerns of data integrity and usability. PMID:18924736

WebTag: Web browsing into sensor tags over NFC.

PubMed

Echevarria, Juan Jose; Ruiz-de-Garibay, Jonathan; Legarda, Jon; Alvarez, Maite; Ayerbe, Ana; Vazquez, Juan Ignacio

2012-01-01

Information and Communication Technologies (ICTs) continue to overcome many of the challenges related to wireless sensor monitoring, such as for example the design of smarter embedded processors, the improvement of the network architectures, the development of efficient communication protocols or the maximization of the life cycle autonomy. This work tries to improve the communication link of the data transmission in wireless sensor monitoring. The upstream communication link is usually based on standard IP technologies, but the downstream side is always masked with the proprietary protocols used for the wireless link (like ZigBee, Bluetooth, RFID, etc.). This work presents a novel solution (WebTag) for a direct IP based access to a sensor tag over the Near Field Communication (NFC) technology for secure applications. WebTag allows a direct web access to the sensor tag by means of a standard web browser, it reads the sensor data, configures the sampling rate and implements IP based security policies. It is, definitely, a new step towards the evolution of the Internet of Things paradigm.

WebTag: Web Browsing into Sensor Tags over NFC

PubMed Central

Echevarria, Juan Jose; Ruiz-de-Garibay, Jonathan; Legarda, Jon; Álvarez, Maite; Ayerbe, Ana; Vazquez, Juan Ignacio

2012-01-01

Information and Communication Technologies (ICTs) continue to overcome many of the challenges related to wireless sensor monitoring, such as for example the design of smarter embedded processors, the improvement of the network architectures, the development of efficient communication protocols or the maximization of the life cycle autonomy. This work tries to improve the communication link of the data transmission in wireless sensor monitoring. The upstream communication link is usually based on standard IP technologies, but the downstream side is always masked with the proprietary protocols used for the wireless link (like ZigBee, Bluetooth, RFID, etc.). This work presents a novel solution (WebTag) for a direct IP based access to a sensor tag over the Near Field Communication (NFC) technology for secure applications. WebTag allows a direct web access to the sensor tag by means of a standard web browser, it reads the sensor data, configures the sampling rate and implements IP based security policies. It is, definitely, a new step towards the evolution of the Internet of Things paradigm. PMID:23012511

OGC and Grid Interoperability in enviroGRIDS Project

NASA Astrophysics Data System (ADS)

Gorgan, Dorian; Rodila, Denisa; Bacu, Victor; Giuliani, Gregory; Ray, Nicolas

2010-05-01

EnviroGRIDS (Black Sea Catchment Observation and Assessment System supporting Sustainable Development) [1] is a 4-years FP7 Project aiming to address the subjects of ecologically unsustainable development and inadequate resource management. The project develops a Spatial Data Infrastructure of the Black Sea Catchment region. The geospatial technologies offer very specialized functionality for Earth Science oriented applications as well as the Grid oriented technology that is able to support distributed and parallel processing. One challenge of the enviroGRIDS project is the interoperability between geospatial and Grid infrastructures by providing the basic and the extended features of the both technologies. The geospatial interoperability technology has been promoted as a way of dealing with large volumes of geospatial data in distributed environments through the development of interoperable Web service specifications proposed by the Open Geospatial Consortium (OGC), with applications spread across multiple fields but especially in Earth observation research. Due to the huge volumes of data available in the geospatial domain and the additional introduced issues (data management, secure data transfer, data distribution and data computation), the need for an infrastructure capable to manage all those problems becomes an important aspect. The Grid promotes and facilitates the secure interoperations of geospatial heterogeneous distributed data within a distributed environment, the creation and management of large distributed computational jobs and assures a security level for communication and transfer of messages based on certificates. This presentation analysis and discusses the most significant use cases for enabling the OGC Web services interoperability with the Grid environment and focuses on the description and implementation of the most promising one. In these use cases we give a special attention to issues such as: the relations between computational grid and the OGC Web service protocols, the advantages offered by the Grid technology - such as providing a secure interoperability between the distributed geospatial resource -and the issues introduced by the integration of distributed geospatial data in a secure environment: data and service discovery, management, access and computation. enviroGRIDS project proposes a new architecture which allows a flexible and scalable approach for integrating the geospatial domain represented by the OGC Web services with the Grid domain represented by the gLite middleware. The parallelism offered by the Grid technology is discussed and explored at the data level, management level and computation level. The analysis is carried out for OGC Web service interoperability in general but specific details are emphasized for Web Map Service (WMS), Web Feature Service (WFS), Web Coverage Service (WCS), Web Processing Service (WPS) and Catalog Service for Web (CSW). Issues regarding the mapping and the interoperability between the OGC and the Grid standards and protocols are analyzed as they are the base in solving the communication problems between the two environments: grid and geospatial. The presetation mainly highlights how the Grid environment and Grid applications capabilities can be extended and utilized in geospatial interoperability. Interoperability between geospatial and Grid infrastructures provides features such as the specific geospatial complex functionality and the high power computation and security of the Grid, high spatial model resolution and geographical area covering, flexible combination and interoperability of the geographical models. According with the Service Oriented Architecture concepts and requirements of interoperability between geospatial and Grid infrastructures each of the main functionality is visible from enviroGRIDS Portal and consequently, by the end user applications such as Decision Maker/Citizen oriented Applications. The enviroGRIDS portal is the single way of the user to get into the system and the portal faces a unique style of the graphical user interface. Main reference for further information: [1] enviroGRIDS Project, http://www.envirogrids.net/

17 CFR Appendix A to Subpart A of... - Forms

Code of Federal Regulations, 2011 CFR

2011-04-01

... information that the institution collects and shares. All institutions must use the term “Social Security... the applicable opt-out methods described: telephone, such as by a toll-free number; a Web site; or use... appropriate. An institution that allows consumers to opt out online must provide either a specific Web address...

12 CFR Appendix A to Part 332 - Model Privacy Form

Code of Federal Regulations, 2011 CFR

2011-01-01

... information that the institution collects and shares. All institutions must use the term “Social Security... the applicable opt-out methods described: Telephone, such as by a toll-free number; a Web site; or use... appropriate. An institution that allows consumers to opt out online must provide either a specific Web address...

KernPaeP - a web-based pediatric palliative documentation system for home care.

PubMed

Hartz, Tobias; Verst, Hendrik; Ueckert, Frank

2009-01-01

KernPaeP is a new web-based on- and offline documentation system, which has been developed for pediatric palliative care-teams supporting patient documentation and communication among health care professionals. It provides a reliable system making fast and secure home care documentation possible. KernPaeP is accessible online by registered users using any web-browser. Home care teams use an offline version of KernPaeP running on a netbook for patient documentation on site. Identifying and medical patient data are strictly separated and stored on two database servers. The system offers a stable, enhanced two-way algorithm for synchronization between the offline component and the central database servers. KernPaeP is implemented meeting highest security standards while still maintaining high usability. The web-based documentation system allows ubiquitous and immediate access to patient data. Sumptuous paper work is replaced by secure and comprehensive electronic documentation. KernPaeP helps saving time and improving the quality of documentation. Due to development in close cooperation with pediatric palliative professionals, KernPaeP fulfils the broad needs of home-care documentation. The technique of web-based online and offline documentation is in general applicable for arbitrary home care scenarios.

Network Computing Infrastructure to Share Tools and Data in Global Nuclear Energy Partnership

NASA Astrophysics Data System (ADS)

Kim, Guehee; Suzuki, Yoshio; Teshima, Naoya

CCSE/JAEA (Center for Computational Science and e-Systems/Japan Atomic Energy Agency) integrated a prototype system of a network computing infrastructure for sharing tools and data to support the U.S. and Japan collaboration in GNEP (Global Nuclear Energy Partnership). We focused on three technical issues to apply our information process infrastructure, which are accessibility, security, and usability. In designing the prototype system, we integrated and improved both network and Web technologies. For the accessibility issue, we adopted SSL-VPN (Security Socket Layer-Virtual Private Network) technology for the access beyond firewalls. For the security issue, we developed an authentication gateway based on the PKI (Public Key Infrastructure) authentication mechanism to strengthen the security. Also, we set fine access control policy to shared tools and data and used shared key based encryption method to protect tools and data against leakage to third parties. For the usability issue, we chose Web browsers as user interface and developed Web application to provide functions to support sharing tools and data. By using WebDAV (Web-based Distributed Authoring and Versioning) function, users can manipulate shared tools and data through the Windows-like folder environment. We implemented the prototype system in Grid infrastructure for atomic energy research: AEGIS (Atomic Energy Grid Infrastructure) developed by CCSE/JAEA. The prototype system was applied for the trial use in the first period of GNEP.

Method of Performance-Aware Security of Unicast Communication in Hybrid Satellite Networks

NASA Technical Reports Server (NTRS)

Baras, John S. (Inventor); Roy-Chowdhury, Ayan (Inventor)

2014-01-01

A method and apparatus utilizes Layered IPSEC (LES) protocol as an alternative to IPSEC for network-layer security including a modification to the Internet Key Exchange protocol. For application-level security of web browsing with acceptable end-to-end delay, the Dual-mode SSL protocol (DSSL) is used instead of SSL. The LES and DSSL protocols achieve desired end-to-end communication security while allowing the TCP and HTTP proxy servers to function correctly.

77 FR 71201 - Order Extending Temporary Conditional Exemption for Nationally Recognized Statistical Rating...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-11-29

... following conflict of interest: Issuing or maintaining a credit rating for a security or money market... that was paid for by the issuer, sponsor, or underwriter of the security or money market instrument. 17...; Provide free and unlimited access to such password- protected Internet Web site during the applicable...

Genesis: A Framework for Achieving Software Component Diversity

DTIC Science & Technology

2007-01-01

correctly—the initial filters develop to fix the Hotmail vulnerability could be circumvented by using alternate character encodings4. Hence, we focus on...Remotely Exploitable Cross-Site Scripting in Hotmail and Yahoo, (March 2004); http://www.greymagic.com/security/advisories/gm005-mc/. 4...EyeonSecurity, Microsoft Passport Account Hijack Attack: Hacking Hotmail and More, Hacker’s Digest. 5. Y.-W. Huang et al., Web Application Security Assessment by

Assuring the privacy and security of transmitting sensitive electronic health information.

PubMed

Peng, Charlie; Kesarinath, Gautam; Brinks, Tom; Young, James; Groves, David

2009-11-14

The interchange of electronic health records between healthcare providers and public health organizations has become an increasingly desirable tool in reducing healthcare costs, improving healthcare quality, and protecting population health. Assuring privacy and security in nationwide sharing of Electronic Health Records (EHR) in an environment such as GRID has become a top challenge and concern. The Centers for Disease Control and Prevention's (CDC) and The Science Application International Corporation (SAIC) have jointly conducted a proof of concept study to find and build a common secure and reliable messaging platform (the SRM Platform) to handle this challenge. The SRM Platform is built on the open standards of OASIS, World Wide Web Consortium (W3C) web-services standards, and Web Services Interoperability (WS-I) specifications to provide the secure transport of sensitive EHR or electronic medical records (EMR). Transmitted data may be in any digital form including text, data, and binary files, such as images. This paper identifies the business use cases, architecture, test results, and new connectivity options for disparate health networks among PHIN, NHIN, Grid, and others.

16 CFR Appendix A to Part 313 - Model Privacy Form

Code of Federal Regulations, 2011 CFR

2011-01-01

... “Social Security number” in the first bullet. (2) Institutions must use five (5) of the following terms to... the applicable opt-out methods described: telephone, such as by a toll-free number; a Web site; or use... appropriate. An institution that allows consumers to opt out online must provide either a specific Web address...

LCS Content Document Application

NASA Technical Reports Server (NTRS)

Hochstadt, Jake

2011-01-01

My project at KSC during my spring 2011 internship was to develop a Ruby on Rails application to manage Content Documents..A Content Document is a collection of documents and information that describes what software is installed on a Launch Control System Computer. It's important for us to make sure the tools we use everyday are secure, up-to-date, and properly licensed. Previously, keeping track of the information was done by Excel and Word files between different personnel. The goal of the new application is to be able to manage and access the Content Documents through a single database backed web application. Our LCS team will benefit greatly with this app. Admin's will be able to login securely to keep track and update the software installed on each computer in a timely manner. We also included exportability such as attaching additional documents that can be downloaded from the web application. The finished application will ease the process of managing Content Documents while streamlining the procedure. Ruby on Rails is a very powerful programming language and I am grateful to have the opportunity to build this application.

JPARSS: A Java Parallel Network Package for Grid Computing

DOE Office of Scientific and Technical Information (OSTI.GOV)

Chen, Jie; Akers, Walter; Chen, Ying

2002-03-01

The emergence of high speed wide area networks makes grid computinga reality. However grid applications that need reliable data transfer still have difficulties to achieve optimal TCP performance due to network tuning of TCP window size to improve bandwidth and to reduce latency on a high speed wide area network. This paper presents a Java package called JPARSS (Java Parallel Secure Stream (Socket)) that divides data into partitions that are sent over several parallel Java streams simultaneously and allows Java or Web applications to achieve optimal TCP performance in a grid environment without the necessity of tuning TCP window size.more » This package enables single sign-on, certificate delegation and secure or plain-text data transfer using several security components based on X.509 certificate and SSL. Several experiments will be presented to show that using Java parallelstreams is more effective than tuning TCP window size. In addition a simple architecture using Web services« less

Applying World Wide Web technology to the study of patients with rare diseases.

PubMed

de Groen, P C; Barry, J A; Schaller, W J

1998-07-15

Randomized, controlled trials of sporadic diseases are rarely conducted. Recent developments in communication technology, particularly the World Wide Web, allow efficient dissemination and exchange of information. However, software for the identification of patients with a rare disease and subsequent data entry and analysis in a secure Web database are currently not available. To study cholangiocarcinoma, a rare cancer of the bile ducts, we developed a computerized disease tracing system coupled with a database accessible on the Web. The tracing system scans computerized information systems on a daily basis and forwards demographic information on patients with bile duct abnormalities to an electronic mailbox. If informed consent is given, the patient's demographic and preexisting medical information available in medical database servers are electronically forwarded to a UNIX research database. Information from further patient-physician interactions and procedures is also entered into this database. The database is equipped with a Web user interface that allows data entry from various platforms (PC-compatible, Macintosh, and UNIX workstations) anywhere inside or outside our institution. To ensure patient confidentiality and data security, the database includes all security measures required for electronic medical records. The combination of a Web-based disease tracing system and a database has broad applications, particularly for the integration of clinical research within clinical practice and for the coordination of multicenter trials.

Information security threats and an easy-to-implement attack detection framework for wireless sensor network-based smart grid applications

NASA Astrophysics Data System (ADS)

Tuna, G.; Örenbaş, H.; Daş, R.; Kogias, D.; Baykara, M.; K, K.

2016-03-01

Wireless Sensor Networks (WSNs) when combined with various energy harvesting solutions managing to prolong the overall lifetime of the system and enhanced capabilities of the communication protocols used by modern sensor nodes are efficiently used in are efficiently used in Smart Grid (SG), an evolutionary system for the modernization of existing power grids. However, wireless communication technology brings various types of security threats. In this study, firstly the use of WSNs for SG applications is presented. Second, the security related issues and challenges as well as the security threats are presented. In addition, proposed security mechanisms for WSN-based SG applications are discussed. Finally, an easy- to-implement and simple attack detection framework to prevent attacks directed to sink and gateway nodes with web interfaces is proposed and its efficiency is proved using a case study.

T-Check in Technologies for Interoperability: Web Services and Security--Single Sign-On

DTIC Science & Technology

2007-12-01

following tools: • Apache Tomcat 6.0—a Java Servlet container to host the Web services and a simple Web client application [Apache 2007a] • Apache Axis...Eclipse. Eclipse – an open development platform. http://www.eclipse.org/ (2007) [Hunter 2001] Hunter, Jason. Java Servlet Programming, 2nd Edition...Citation SAML 1.1 Java Toolkit SAML Ping Identity’s SAML-1.1 implementation [SourceID 2006] OpenSAML SAML An open source implementation of SAML 1.1

41 CFR 102-33.400 - How must we report to FAIRS?

Code of Federal Regulations, 2013 CFR

2013-07-01

... a secure Web interface to the FAIRS application on the Internet. For information on becoming a FAIRS... GOVERNMENT AIRCRAFT Reporting Information on Government Aircraft Federal Aviation Interactive Reporting...

41 CFR 102-33.400 - How must we report to FAIRS?

Code of Federal Regulations, 2012 CFR

2012-01-01

... a secure Web interface to the FAIRS application on the Internet. For information on becoming a FAIRS... GOVERNMENT AIRCRAFT Reporting Information on Government Aircraft Federal Aviation Interactive Reporting...

41 CFR 102-33.400 - How must we report to FAIRS?

Code of Federal Regulations, 2014 CFR

2014-01-01

... a secure Web interface to the FAIRS application on the Internet. For information on becoming a FAIRS... GOVERNMENT AIRCRAFT Reporting Information on Government Aircraft Federal Aviation Interactive Reporting...

41 CFR 102-33.400 - How must we report to FAIRS?

Code of Federal Regulations, 2011 CFR

2011-01-01

... a secure Web interface to the FAIRS application on the Internet. For information on becoming a FAIRS... GOVERNMENT AIRCRAFT Reporting Information on Government Aircraft Federal Aviation Interactive Reporting...

Current experiences with internet telepathology and possible evolution in the next generation of Internet services.

PubMed

Della Mea, V; Beltrami, C A

2000-01-01

The last five years experience has definitely demonstrated the possible applications of the Internet for telepathology. They may be listed as follows: (a) teleconsultation via multimedia e-mail; (b) teleconsultation via web-based tools; (c) distant education by means of World Wide Web; (d) virtual microscope management through Web and Java interfaces; (e) real-time consultations through Internet-based videoconferencing. Such applications have led to the recognition of some important limits of the Internet, when dealing with telemedicine: (i) no guarantees on the quality of service (QoS); (ii) inadequate security and privacy; (iii) for some countries, low bandwidth and thus low responsiveness for real-time applications. Currently, there are several innovations in the world of the Internet. Different initiatives have been aimed at an amelioration of the Internet protocols, in order to have quality of service, multimedia support, security and other advanced services, together with greater bandwidth. The forthcoming Internet improvements, although induced by electronic commerce, video on demand, and other commercial needs, are of real interest also for telemedicine, because they solve the limits currently slowing down the use of Internet. When such new services will be available, telepathology applications may switch from research to daily practice in a fast way.

Web Server Security on Open Source Environments

NASA Astrophysics Data System (ADS)

Gkoutzelis, Dimitrios X.; Sardis, Manolis S.

Administering critical resources has never been more difficult that it is today. In a changing world of software innovation where major changes occur on a daily basis, it is crucial for the webmasters and server administrators to shield their data against an unknown arsenal of attacks in the hands of their attackers. Up until now this kind of defense was a privilege of the few, out-budgeted and low cost solutions let the defender vulnerable to the uprising of innovating attacking methods. Luckily, the digital revolution of the past decade left its mark, changing the way we face security forever: open source infrastructure today covers all the prerequisites for a secure web environment in a way we could never imagine fifteen years ago. Online security of large corporations, military and government bodies is more and more handled by open source application thus driving the technological trend of the 21st century in adopting open solutions to E-Commerce and privacy issues. This paper describes substantial security precautions in facing privacy and authentication issues in a totally open source web environment. Our goal is to state and face the most known problems in data handling and consequently propose the most appealing techniques to face these challenges through an open solution.

Identification and Illustration of Insecure Direct Object References and their Countermeasures

NASA Astrophysics Data System (ADS)

KumarShrestha, Ajay; Singh Maharjan, Pradip; Paudel, Santosh

2015-03-01

The insecure direct object reference simply represents the flaws in the system design without the full protection mechanism for the sensitive system resources or data. It basically occurs when the web application developer provides direct access to objects in accordance with the user input. So any attacker can exploit this web vulnerability and gain access to privileged information by bypassing the authorization. The main aim of this paper is to demonstrate the real effect and the identification of the insecure direct object references and then to provide the feasible preventive solutions such that the web applications do not allow direct object references to be manipulated by attackers. The experiment of the insecure direct object referencing is carried out using the insecure J2EE web application called WebGoat and its security testing is being performed using another JAVA based tool called BURP SUITE. The experimental result shows that the access control check for gaining access to privileged information is a very simple problem but at the same time its correct implementation is a tricky task. The paper finally presents some ways to overcome this web vulnerability.

Interleaving Semantic Web Reasoning and Service Discovery to Enforce Context-Sensitive Security and Privacy Policies

DTIC Science & Technology

2005-07-01

policies in pervasive computing environments. In this context, the owner of information sources (e.g. user, sensor, application, or organization...work in decentralized trust management and semantic web technologies . Section 3 introduces an Information Disclosure Agent architecture for...Norman Sadeh July 2005 CMU-ISRI-05-113 School of Computer Science, Carnegie Mellon University 5000 Forbes Avenue, Pittsburgh, PA, 15213

Symmetric Key Services Markup Language (SKSML)

NASA Astrophysics Data System (ADS)

Noor, Arshad

Symmetric Key Services Markup Language (SKSML) is the eXtensible Markup Language (XML) being standardized by the OASIS Enterprise Key Management Infrastructure Technical Committee for requesting and receiving symmetric encryption cryptographic keys within a Symmetric Key Management System (SKMS). This protocol is designed to be used between clients and servers within an Enterprise Key Management Infrastructure (EKMI) to secure data, independent of the application and platform. Building on many security standards such as XML Signature, XML Encryption, Web Services Security and PKI, SKSML provides standards-based capability to allow any application to use symmetric encryption keys, while maintaining centralized control. This article describes the SKSML protocol and its capabilities.

77 FR 26585 - Steel Partners Holdings L.P.; Notice of Application

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-04

... SECURITIES AND EXCHANGE COMMISSION [Investment Company Act Release No. 30056; 812-13793] Steel... of 1940 (``Act''). Summary of Application: Steel Partners Holdings L.P. (``SPH'') requests an order... WebBank in 1998 until July 14, 2009. 2. Prior to December 2008, Steel Partners II was a private...

Ruby on Rails Applications

NASA Technical Reports Server (NTRS)

Hochstadt, Jake

2011-01-01

Ruby on Rails is an open source web application framework for the Ruby programming language. The first application I built was a web application to manage and authenticate other applications. One of the main requirements for this application was a single sign-on service. This allowed authentication to be built in one location and be implemented in many different applications. For example, users would be able to login using their existing credentials, and be able to access other NASA applications without authenticating again. The second application I worked on was an internal qualification plan app. Previously, the viewing of employee qualifications was managed through Excel spread sheets. I built a database driven application to streamline the process of managing qualifications. Employees would be able to login securely to view, edit and update their personal qualifications.

FASH: A web application for nucleotides sequence search.

PubMed

Veksler-Lublinksy, Isana; Barash, Danny; Avisar, Chai; Troim, Einav; Chew, Paul; Kedem, Klara

2008-05-27

: FASH (Fourier Alignment Sequence Heuristics) is a web application, based on the Fast Fourier Transform, for finding remote homologs within a long nucleic acid sequence. Given a query sequence and a long text-sequence (e.g, the human genome), FASH detects subsequences within the text that are remotely-similar to the query. FASH offers an alternative approach to Blast/Fasta for querying long RNA/DNA sequences. FASH differs from these other approaches in that it does not depend on the existence of contiguous seed-sequences in its initial detection phase. The FASH web server is user friendly and very easy to operate. FASH can be accessed athttps://fash.bgu.ac.il:8443/fash/default.jsp (secured website).

Remote Sensing Information Gateway: A free application and web service for fast, convenient, interoperable access to large repositories of atmospheric data

NASA Astrophysics Data System (ADS)

Plessel, T.; Szykman, J.; Freeman, M.

2012-12-01

EPA's Remote Sensing Information Gateway (RSIG) is a widely used free applet and web service for quickly and easily retrieving, visualizing and saving user-specified subsets of atmospheric data - by variable, geographic domain and time range. Petabytes of available data include thousands of variables from a set of NASA and NOAA satellites, aircraft, ground stations and EPA air-quality models. The RSIG applet is used by atmospheric researchers and uses the rsigserver web service to obtain data and images. The rsigserver web service is compliant with the Open Geospatial Consortium Web Coverage Service (OGC-WCS) standard to facilitate data discovery and interoperability. Since rsigserver is publicly accessible, it can be (and is) used by other applications. This presentation describes the architecture and technical implementation details of this successful system with an emphasis on achieving convenience, high-performance, data integrity and security.

Security and Efficiency Concerns With Distributed Collaborative Networking Environments

DTIC Science & Technology

2003-09-01

have the ability to access Web communications services of the WebEx MediaTone Network from a single login. [24] WebEx provides a range of secure...Web. WebEx services enable secure data, voice and video communications through the browser and are supported by the WebEx MediaTone Network, a global...designed to host large-scale, structured events and conferences, featuring a Q&A Manager that allows multiple moderators to handle questions while

RxPATROL: a Web-based tool for combating pharmacy theft.

PubMed

Smith, Meredith Y; Graham, J Aaron; Haddox, J David; Steffey, Amy

2009-01-01

To report the incidence of pharmacy-related burglaries and robberies and characteristics of pharmacies where such crimes have occurred using recent data from Rx Pattern Analysis Tracking Robberies & Other Losses (RxPATROL), a national Web-based information clearinghouse on pharmacy-related theft of prescription medications and over-the-counter products. Descriptive, nonexperimental study. United States between 2005 and 2006. Not applicable. Not applicable. Number of pharmacy theft reports received; incident type, date, and location; point of entry; and pharmacy security features. Between 2005 and 2006, 202 pharmacy burglary and 299 pharmacy robbery reports from 45 different states were filed with RxPATROL. More than 70% of pharmacies reporting such crimes lacked a security camera. Among those reporting a burglary, 60% lacked dead bolt locks, a solid exterior door, a motion detector device, or a safe or vault for storage of controlled substances. Burglars most often obtained access to the pharmacy via the front door. RxPATROL is a Web-based tool that can assist pharmacies and law enforcement in collaborating more effectively to combat and prevent pharmacy-related crimes.

Implementing a low-cost web-based clinical trial management system for community studies: a case study.

PubMed

Geyer, John; Myers, Kathleen; Vander Stoep, Ann; McCarty, Carolyn; Palmer, Nancy; DeSalvo, Amy

2011-10-01

Clinical trials with multiple intervention locations and a single research coordinating center can be logistically difficult to implement. Increasingly, web-based systems are used to provide clinical trial support with many commercial, open source, and proprietary systems in use. New web-based tools are available which can be customized without programming expertise to deliver web-based clinical trial management and data collection functions. To demonstrate the feasibility of utilizing low-cost configurable applications to create a customized web-based data collection and study management system for a five intervention site randomized clinical trial establishing the efficacy of providing evidence-based treatment via teleconferencing to children with attention-deficit hyperactivity disorder. The sites are small communities that would not usually be included in traditional randomized trials. A major goal was to develop database that participants could access from computers in their home communities for direct data entry. Discussed is the selection process leading to the identification and utilization of a cost-effective and user-friendly set of tools capable of customization for data collection and study management tasks. An online assessment collection application, template-based web portal creation application, and web-accessible Access 2007 database were selected and customized to provide the following features: schedule appointments, administer and monitor online secure assessments, issue subject incentives, and securely transmit electronic documents between sites. Each tool was configured by users with limited programming expertise. As of June 2011, the system has successfully been used with 125 participants in 5 communities, who have completed 536 sets of assessment questionnaires, 8 community therapists, and 11 research staff at the research coordinating center. Total automation of processes is not possible with the current set of tools as each is loosely affiliated, creating some inefficiency. This system is best suited to investigations with a single data source e.g., psychosocial questionnaires. New web-based applications can be used by investigators with limited programming experience to implement user-friendly, efficient, and cost-effective tools for multi-site clinical trials with small distant communities. Such systems allow the inclusion in research of populations that are not usually involved in clinical trials.

20 CFR 418.3230 - When will we use your subsidy inquiry as your filing date?

Code of Federal Regulations, 2012 CFR

2012-04-01

... filing date? 418.3230 Section 418.3230 Employees' Benefits SOCIAL SECURITY ADMINISTRATION MEDICARE... oral or written inquiry about the subsidy, or partially complete an Internet subsidy application on our Web site, we will use the date of the inquiry or the date the partial Internet application was started...

20 CFR 418.3230 - When will we use your subsidy inquiry as your filing date?

Code of Federal Regulations, 2014 CFR

2014-04-01

... filing date? 418.3230 Section 418.3230 Employees' Benefits SOCIAL SECURITY ADMINISTRATION MEDICARE... oral or written inquiry about the subsidy, or partially complete an Internet subsidy application on our Web site, we will use the date of the inquiry or the date the partial Internet application was started...

20 CFR 418.3230 - When will we use your subsidy inquiry as your filing date?

Code of Federal Regulations, 2013 CFR

2013-04-01

... filing date? 418.3230 Section 418.3230 Employees' Benefits SOCIAL SECURITY ADMINISTRATION MEDICARE... oral or written inquiry about the subsidy, or partially complete an Internet subsidy application on our Web site, we will use the date of the inquiry or the date the partial Internet application was started...

A Security-façade Library for Virtual-observatory Software

NASA Astrophysics Data System (ADS)

Rixon, G.

2009-09-01

The security-façade library implements, for Java, IVOA's security standards. It supports the authentication mechanisms for SOAP and REST web-services, the sign-on mechanisms (with MyProxy, AstroGrid Accounts protocol or local credential-caches), the delegation protocol, and RFC3820-enabled HTTPS for Apache Tomcat. Using the façade, a developer who is not a security specialist can easily add access control to a virtual-observatory service and call secured services from an application. The library has been an internal part of AstroGrid software for some time and it is now offered for use by other developers.

Combining Domain-driven Design and Mashups for Service Development

NASA Astrophysics Data System (ADS)

Iglesias, Carlos A.; Fernández-Villamor, José Ignacio; Del Pozo, David; Garulli, Luca; García, Boni

This chapter presents the Romulus project approach to Service Development using Java-based web technologies. Romulus aims at improving productivity of service development by providing a tool-supported model to conceive Java-based web applications. This model follows a Domain Driven Design approach, which states that the primary focus of software projects should be the core domain and domain logic. Romulus proposes a tool-supported model, Roma Metaframework, that provides an abstraction layer on top of existing web frameworks and automates the application generation from the domain model. This metaframework follows an object centric approach, and complements Domain Driven Design by identifying the most common cross-cutting concerns (security, service, view, ...) of web applications. The metaframework uses annotations for enriching the domain model with these cross-cutting concerns, so-called aspects. In addition, the chapter presents the usage of mashup technology in the metaframework for service composition, using the web mashup editor MyCocktail. This approach is applied to a scenario of the Mobile Phone Service Portability case study for the development of a new service.

Design and implementation of website information disclosure assessment system.

PubMed

Cho, Ying-Chiang; Pan, Jen-Yi

2015-01-01

Internet application technologies, such as cloud computing and cloud storage, have increasingly changed people's lives. Websites contain vast amounts of personal privacy information. In order to protect this information, network security technologies, such as database protection and data encryption, attract many researchers. The most serious problems concerning web vulnerability are e-mail address and network database leakages. These leakages have many causes. For example, malicious users can steal database contents, taking advantage of mistakes made by programmers and administrators. In order to mitigate this type of abuse, a website information disclosure assessment system is proposed in this study. This system utilizes a series of technologies, such as web crawler algorithms, SQL injection attack detection, and web vulnerability mining, to assess a website's information disclosure. Thirty websites, randomly sampled from the top 50 world colleges, were used to collect leakage information. This testing showed the importance of increasing the security and privacy of website information for academic websites.

Attitudes toward Web application supporting pharmacist-clinician comanagement of postexposure prophylaxis patients.

PubMed

Fuller, Crystal M; Turner, Alezandria K; Hernández, Diana; Rivera, Alexis V; Amesty, Silvia; Lewis, Michael D; Feldman, Stuart

2013-01-01

To qualitatively explore clinician and pharmacist attitudes toward using a Web application virtual pharmacist-clinician partnership (VPCP) to assist with comanaged care of illicit drug-using patients prescribed postexposure prophylaxis (PEP). Qualitative, descriptive, nonexperimental study. New York City (NYC) from February 2011 to March 2012. Four pharmacists and nine clinicians. In-depth interviews. Potential impact of the VPCP on pharmacist-clinician communication and potential barriers to use of the VPCP when comanaging PEP patients among pharmacists and clinicians. Pharmacists and clinicians were supportive of an interactive Web application that would expand the role of pharmacists to include assistance with PEP access and patient management. Participants noted that the VPCP would facilitate communication between pharmacists and clinicians and have potential to support adherence among patients. Pharmacists and clinicians were concerned about not having time to use the VPCP and security of patient information on the site. Pharmacist and clinician concerns informed final development of the VPCP, including creation of a user-friendly interface, linkage to users' e-mail accounts for timeline notification, and attention to security. Use of Web-based technology to support communication between pharmacists and clinicians was seen as being a potentially feasible method for improving patient care, particularly in the delivery of PEP to drug users and other high-risk groups. These findings highlight the need for further study of a technology-supported partnership, particularly for comanagement of patients who face challenges with adherence.

Vipie: web pipeline for parallel characterization of viral populations from multiple NGS samples.

PubMed

Lin, Jake; Kramna, Lenka; Autio, Reija; Hyöty, Heikki; Nykter, Matti; Cinek, Ondrej

2017-05-15

Next generation sequencing (NGS) technology allows laboratories to investigate virome composition in clinical and environmental samples in a culture-independent way. There is a need for bioinformatic tools capable of parallel processing of virome sequencing data by exactly identical methods: this is especially important in studies of multifactorial diseases, or in parallel comparison of laboratory protocols. We have developed a web-based application allowing direct upload of sequences from multiple virome samples using custom parameters. The samples are then processed in parallel using an identical protocol, and can be easily reanalyzed. The pipeline performs de-novo assembly, taxonomic classification of viruses as well as sample analyses based on user-defined grouping categories. Tables of virus abundance are produced from cross-validation by remapping the sequencing reads to a union of all observed reference viruses. In addition, read sets and reports are created after processing unmapped reads against known human and bacterial ribosome references. Secured interactive results are dynamically plotted with population and diversity charts, clustered heatmaps and a sortable and searchable abundance table. The Vipie web application is a unique tool for multi-sample metagenomic analysis of viral data, producing searchable hits tables, interactive population maps, alpha diversity measures and clustered heatmaps that are grouped in applicable custom sample categories. Known references such as human genome and bacterial ribosomal genes are optionally removed from unmapped ('dark matter') reads. Secured results are accessible and shareable on modern browsers. Vipie is a freely available web-based tool whose code is open source.

Development of a Web-Based Clinical Decision Support System for Drug Prescription: Non-Interventional Naturalistic Description of the Antipsychotic Prescription Patterns in 4345 Outpatients and Future Applications.

PubMed

Berrouiguet, Sofian; Barrigón, Maria Luisa; Brandt, Sara A; Ovejero-García, Santiago; Álvarez-García, Raquel; Carballo, Juan Jose; Lenca, Philippe; Courtet, Philippe; Baca-García, Enrique

2016-01-01

The emergence of electronic prescribing devices with clinical decision support systems (CDSS) is able to significantly improve management pharmacological treatments. We developed a web application available on smartphones in order to help clinicians monitor prescription and further propose CDSS. A web application (www.MEmind.net) was developed to assess patients and collect data regarding gender, age, diagnosis and treatment. We analyzed antipsychotic prescriptions in 4345 patients attended in five Psychiatric Community Mental Health Centers from June 2014 to October 2014. The web-application reported average daily dose prescribed for antipsychotics, prescribed daily dose (PDD), and the PDD to defined daily dose (DDD) ratio. The MEmind web-application reported that antipsychotics were used in 1116 patients out of the total sample, mostly in 486 (44%) patients with schizophrenia related disorders but also in other diagnoses. Second generation antipsychotics (quetiapine, aripiprazole and long-acting paliperidone) were preferably employed. Low doses were more frequently used than high doses. Long acting paliperidone and ziprasidone however, were the only two antipsychotics used at excessive dosing. Antipsychotic polypharmacy was used in 287 (26%) patients with classic depot drugs, clotiapine, amisulpride and clozapine. In this study we describe the first step of the development of a web application that is able to make polypharmacy, high dose usage and off label usage of antipsychotics visible to clinicians. Current development of the MEmind web application may help to improve prescription security via momentary feedback of prescription and clinical decision support system.

Development of a Web-Based Clinical Decision Support System for Drug Prescription: Non-Interventional Naturalistic Description of the Antipsychotic Prescription Patterns in 4345 Outpatients and Future Applications

PubMed Central

Berrouiguet, Sofian; Barrigón, Maria Luisa; Brandt, Sara A.; Ovejero-García, Santiago; Álvarez-García, Raquel; Carballo, Juan Jose; Lenca, Philippe; Courtet, Philippe; Baca-García, Enrique

2016-01-01

Purpose The emergence of electronic prescribing devices with clinical decision support systems (CDSS) is able to significantly improve management pharmacological treatments. We developed a web application available on smartphones in order to help clinicians monitor prescription and further propose CDSS. Method A web application (www.MEmind.net) was developed to assess patients and collect data regarding gender, age, diagnosis and treatment. We analyzed antipsychotic prescriptions in 4345 patients attended in five Psychiatric Community Mental Health Centers from June 2014 to October 2014. The web-application reported average daily dose prescribed for antipsychotics, prescribed daily dose (PDD), and the PDD to defined daily dose (DDD) ratio. Results The MEmind web-application reported that antipsychotics were used in 1116 patients out of the total sample, mostly in 486 (44%) patients with schizophrenia related disorders but also in other diagnoses. Second generation antipsychotics (quetiapine, aripiprazole and long-acting paliperidone) were preferably employed. Low doses were more frequently used than high doses. Long acting paliperidone and ziprasidone however, were the only two antipsychotics used at excessive dosing. Antipsychotic polypharmacy was used in 287 (26%) patients with classic depot drugs, clotiapine, amisulpride and clozapine. Conclusions In this study we describe the first step of the development of a web application that is able to make polypharmacy, high dose usage and off label usage of antipsychotics visible to clinicians. Current development of the MEmind web application may help to improve prescription security via momentary feedback of prescription and clinical decision support system. PMID:27764107

TOKEN: Trustable Keystroke-Based Authentication for Web-Based Applications on Smartphones

NASA Astrophysics Data System (ADS)

Nauman, Mohammad; Ali, Tamleek

Smartphones are increasingly being used to store personal information as well as to access sensitive data from the Internet and the cloud. Establishment of the identity of a user requesting information from smartphones is a prerequisite for secure systems in such scenarios. In the past, keystroke-based user identification has been successfully deployed on production-level mobile devices to mitigate the risks associated with naïve username/password based authentication. However, these approaches have two major limitations: they are not applicable to services where authentication occurs outside the domain of the mobile device - such as web-based services; and they often overly tax the limited computational capabilities of mobile devices. In this paper, we propose a protocol for keystroke dynamics analysis which allows web-based applications to make use of remote attestation and delegated keystroke analysis. The end result is an efficient keystroke-based user identification mechanism that strengthens traditional password protected services while mitigating the risks of user profiling by collaborating malicious web services.

48 CFR 19.1501 - Definition.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 1 2013-10-01 2013-10-01 false Definition. 19.1501 Section 19.1501 Federal Acquisition Regulations System FEDERAL ACQUISITION REGULATION SOCIOECONOMIC... Repository means a secure, Web-based application that collects, stores, and disseminates documents to the...

48 CFR 19.1501 - Definition.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 1 2011-10-01 2011-10-01 false Definition. 19.1501 Section 19.1501 Federal Acquisition Regulations System FEDERAL ACQUISITION REGULATION SOCIOECONOMIC... Repository means a secure, Web-based application that collects, stores, and disseminates documents to the...

48 CFR 19.1501 - Definition.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 1 2014-10-01 2014-10-01 false Definition. 19.1501 Section 19.1501 Federal Acquisition Regulations System FEDERAL ACQUISITION REGULATION SOCIOECONOMIC... Repository means a secure, Web-based application that collects, stores, and disseminates documents to the...

48 CFR 19.1501 - Definition.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 48 Federal Acquisition Regulations System 1 2012-10-01 2012-10-01 false Definition. 19.1501 Section 19.1501 Federal Acquisition Regulations System FEDERAL ACQUISITION REGULATION SOCIOECONOMIC... Repository means a secure, Web-based application that collects, stores, and disseminates documents to the...

Toward Exposing Timing-Based Probing Attacks in Web Applications †

PubMed Central

Mao, Jian; Chen, Yue; Shi, Futian; Jia, Yaoqi; Liang, Zhenkai

2017-01-01

Web applications have become the foundation of many types of systems, ranging from cloud services to Internet of Things (IoT) systems. Due to the large amount of sensitive data processed by web applications, user privacy emerges as a major concern in web security. Existing protection mechanisms in modern browsers, e.g., the same origin policy, prevent the users’ browsing information on one website from being directly accessed by another website. However, web applications executed in the same browser share the same runtime environment. Such shared states provide side channels for malicious websites to indirectly figure out the information of other origins. Timing is a classic side channel and the root cause of many recent attacks, which rely on the variations in the time taken by the systems to process different inputs. In this paper, we propose an approach to expose the timing-based probing attacks in web applications. It monitors the browser behaviors and identifies anomalous timing behaviors to detect browser probing attacks. We have prototyped our system in the Google Chrome browser and evaluated the effectiveness of our approach by using known probing techniques. We have applied our approach on a large number of top Alexa sites and reported the suspicious behavior patterns with corresponding analysis results. Our theoretical analysis illustrates that the effectiveness of the timing-based probing attacks is dramatically limited by our approach. PMID:28245610

Toward Exposing Timing-Based Probing Attacks in Web Applications.

PubMed

Mao, Jian; Chen, Yue; Shi, Futian; Jia, Yaoqi; Liang, Zhenkai

2017-02-25

Web applications have become the foundation of many types of systems, ranging from cloud services to Internet of Things (IoT) systems. Due to the large amount of sensitive data processed by web applications, user privacy emerges as a major concern in web security. Existing protection mechanisms in modern browsers, e.g., the same origin policy, prevent the users' browsing information on one website from being directly accessed by another website. However, web applications executed in the same browser share the same runtime environment. Such shared states provide side channels for malicious websites to indirectly figure out the information of other origins. Timing is a classic side channel and the root cause of many recent attacks, which rely on the variations in the time taken by the systems to process different inputs. In this paper, we propose an approach to expose the timing-based probing attacks in web applications. It monitors the browser behaviors and identifies anomalous timing behaviors to detect browser probing attacks. We have prototyped our system in the Google Chrome browser and evaluated the effectiveness of our approach by using known probing techniques. We have applied our approach on a large number of top Alexa sites and reported the suspicious behavior patterns with corresponding analysis results. Our theoretical analysis illustrates that the effectiveness of the timing-based probing attacks is dramatically limited by our approach.

A transmission security framework for email-based telemedicine.

PubMed

Caffery, Liam J; Smith, Anthony C

2010-01-01

Encryption is used to convert an email message to an unreadable format thereby securing patient privacy during the transmission of the message across the Internet. Two available means of encryption are: public key infrastructure (PKI) used in conjunction with ordinary email and secure hypertext transfer protocol (HTTPS) used by secure web-mail applications. Both of these approaches have advantages and disadvantages in terms of viability, cost, usability and compliance. The aim of this study was develop an instrument to identify the most appropriate means of encrypting email communication for telemedicine. A multi-method approach was used to construct the instrument. Technical assessment and existing bodies of knowledge regarding the utility of PKI were analyzed, along with survey results from users of Queensland Health's Child and Youth Mental Health Service secure web-mail service. The resultant decision support model identified that the following conditions affect the choice of encryption technology: correspondent's risk perception, correspondent's identification to the security afforded by encryption, email-client used by correspondents, the tolerance to human error and the availability of technical resources. A decision support model is presented as a flow chart to identify the most appropriate encryption for a specific email-based telemedicine service.

A demanding web-based PACS supported by web services technology

NASA Astrophysics Data System (ADS)

Costa, Carlos M. A.; Silva, Augusto; Oliveira, José L.; Ribeiro, Vasco G.; Ribeiro, José

2006-03-01

During the last years, the ubiquity of web interfaces have pushed practically all PACS suppliers to develop client applications in which clinical practitioners can receive and analyze medical images, using conventional personal computers and Web browsers. However, due to security and performance issues, the utilization of these software packages has been restricted to Intranets. Paradigmatically, one of the most important advantages of digital image systems is to simplify the widespread sharing and remote access of medical data between healthcare institutions. This paper analyses the traditional PACS drawbacks that contribute to their reduced usage in the Internet and describes a PACS based on Web Services technology that supports a customized DICOM encoding syntax and a specific compression scheme providing all historical patient data in a unique Web interface.

76 FR 33306 - Medicare Program; Pioneer Accountable Care Organization Model, Request for Applications; Correction

Federal Register 2010, 2011, 2012, 2013, 2014

2011-06-08

... information posted on our Center for Medicare and Medicaid Innovation (CMMI) Web site and in the Pioneer ACO Application. (For more information see http://innovations.cms.gov/areas-of-focus/seamless-and-coordinated-care... postmarked on or before July 18, 2011.'' Authority: Section 1115A of the Social Security Act. Dated: June 2...

EntrezAJAX: direct web browser access to the Entrez Programming Utilities.

PubMed

Loman, Nicholas J; Pallen, Mark J

2010-06-21

Web applications for biology and medicine often need to integrate data from Entrez services provided by the National Center for Biotechnology Information. However, direct access to Entrez from a web browser is not possible due to 'same-origin' security restrictions. The use of "Asynchronous JavaScript and XML" (AJAX) to create rich, interactive web applications is now commonplace. The ability to access Entrez via AJAX would be advantageous in the creation of integrated biomedical web resources. We describe EntrezAJAX, which provides access to Entrez eUtils and is able to circumvent same-origin browser restrictions. EntrezAJAX is easily implemented by JavaScript developers and provides identical functionality as Entrez eUtils as well as enhanced functionality to ease development. We provide easy-to-understand developer examples written in JavaScript to illustrate potential uses of this service. For the purposes of speed, reliability and scalability, EntrezAJAX has been deployed on Google App Engine, a freely available cloud service. The EntrezAJAX webpage is located at http://entrezajax.appspot.com/

Implementation of clinical research trials using web-based and mobile devices: challenges and solutions.

PubMed

Eagleson, Roy; Altamirano-Diaz, Luis; McInnis, Alex; Welisch, Eva; De Jesus, Stefanie; Prapavessis, Harry; Rombeek, Meghan; Seabrook, Jamie A; Park, Teresa; Norozi, Kambiz

2017-03-17

With the increasing implementation of web-based, mobile health interventions in clinical trials, it is crucial for researchers to address the security and privacy concerns of patient information according to high ethical standards. The full process of meeting these standards is often made more complicated due to the use of internet-based technology and smartphones for treatment, telecommunication, and data collection; however, this process is not well-documented in the literature. The Smart Heart Trial is a single-arm feasibility study that is currently assessing the effects of a web-based, mobile lifestyle intervention for overweight and obese children and youth with congenital heart disease in Southwestern Ontario. Participants receive telephone counseling regarding nutrition and fitness; and complete goal-setting activities on a web-based application. This paper provides a detailed overview of the challenges the study faced in meeting the high standards of our Research Ethics Board, specifically regarding patient privacy. We outline our solutions, successes, limitations, and lessons learned to inform future similar studies; and model much needed transparency in ensuring high quality security and protection of patient privacy when using web-based and mobile devices for telecommunication and data collection in clinical research.

Security for Web-Based Tests.

ERIC Educational Resources Information Center

Shermis, Mark D.; Averitt, Jason

The purpose of this paper is to enumerate a series of security steps that might be taken by those researchers or organizations that are contemplating Web-based tests and performance assessments. From a security viewpoint, much of what goes on with Web-based transactions is similar to other general computer activity, but the recommendations here…

Adopting and adapting a commercial view of web services for the Navy

NASA Astrophysics Data System (ADS)

Warner, Elizabeth; Ladner, Roy; Katikaneni, Uday; Petry, Fred

2005-05-01

Web Services are being adopted as the enabling technology to provide net-centric capabilities for many Department of Defense operations. The Navy Enterprise Portal, for example, is Web Services-based, and the Department of the Navy is promulgating guidance for developing Web Services. Web Services, however, only constitute a baseline specification that provides the foundation on which users, under current approaches, write specialized applications in order to retrieve data over the Internet. Application development may increase dramatically as the number of different available Web Services increases. Reasons for specialized application development include XML schema versioning differences, adoption/use of diverse business rules, security access issues, and time/parameter naming constraints, among others. We are currently developing for the US Navy a system which will improve delivery of timely and relevant meteorological and oceanographic (MetOc) data to the warfighter. Our objective is to develop an Advanced MetOc Broker (AMB) that leverages Web Services technology to identify, retrieve and integrate relevant MetOc data in an automated manner. The AMB will utilize a Mediator, which will be developed by applying ontological research and schema matching techniques to MetOc forms of data. The AMB, using the Mediator, will support a new, advanced approach to the use of Web Services; namely, the automated identification, retrieval and integration of MetOc data. Systems based on this approach will then not require extensive end-user application development for each Web Service from which data can be retrieved. Users anywhere on the globe will be able to receive timely environmental data that fits their particular needs.

Towards an Approach of Semantic Access Control for Cloud Computing

NASA Astrophysics Data System (ADS)

Hu, Luokai; Ying, Shi; Jia, Xiangyang; Zhao, Kai

With the development of cloud computing, the mutual understandability among distributed Access Control Policies (ACPs) has become an important issue in the security field of cloud computing. Semantic Web technology provides the solution to semantic interoperability of heterogeneous applications. In this paper, we analysis existing access control methods and present a new Semantic Access Control Policy Language (SACPL) for describing ACPs in cloud computing environment. Access Control Oriented Ontology System (ACOOS) is designed as the semantic basis of SACPL. Ontology-based SACPL language can effectively solve the interoperability issue of distributed ACPs. This study enriches the research that the semantic web technology is applied in the field of security, and provides a new way of thinking of access control in cloud computing.

17 CFR 240.15c2-12 - Municipal securities disclosure.

Code of Federal Regulations, 2014 CFR

2014-04-01

... Internet Web site or filed with the Commission. (4) The term issuer of municipal securities means the... the public on the Municipal Securities Rulemaking Board's Internet Web site or filed with the... 17 Commodity and Securities Exchanges 4 2014-04-01 2014-04-01 false Municipal securities...

17 CFR 240.15c2-12 - Municipal securities disclosure.

Code of Federal Regulations, 2013 CFR

2013-04-01

... Internet Web site or filed with the Commission. (4) The term issuer of municipal securities means the... the public on the Municipal Securities Rulemaking Board's Internet Web site or filed with the... 17 Commodity and Securities Exchanges 3 2013-04-01 2013-04-01 false Municipal securities...

17 CFR 240.15c2-12 - Municipal securities disclosure.

Code of Federal Regulations, 2011 CFR

2011-04-01

... Internet Web site or filed with the Commission. (4) The term issuer of municipal securities means the... the public on the Municipal Securities Rulemaking Board's Internet Web site or filed with the... 17 Commodity and Securities Exchanges 3 2011-04-01 2011-04-01 false Municipal securities...

17 CFR 240.15c2-12 - Municipal securities disclosure.

Code of Federal Regulations, 2012 CFR

2012-04-01

... Internet Web site or filed with the Commission. (4) The term issuer of municipal securities means the... the public on the Municipal Securities Rulemaking Board's Internet Web site or filed with the... 17 Commodity and Securities Exchanges 3 2012-04-01 2012-04-01 false Municipal securities...

Farm Mapping to Assist, Protect, and Prepare Emergency Responders: Farm MAPPER.

PubMed

Reyes, Iris; Rollins, Tami; Mahnke, Andrea; Kadolph, Christopher; Minor, Gerald; Keifer, Matthew

2014-01-01

Responders such as firefighters and emergency medical technicians who respond to farm emergencies often face complex and unknown environments. They may encounter hazards such as fuels, solvents, pesticides, caustics, and exploding gas storage cylinders. Responders may be unaware of dirt roads within the farm that can expedite their arrival at critical sites or snow-covered manure pits that act as hidden hazards. A response to a farm, unless guided by someone familiar with the operation, may present a risk to responders and post a challenge in locating the victim. This project explored the use of a Web-based farm-mapping application optimized for tablets and accessible via easily accessible on-site matrix barcodes, or quick response codes (QR codes), to provide emergency responders with hazard and resource information to agricultural operations. Secured portals were developed for both farmers and responders, allowing both parties to populate and customize farm maps with icons. Data were stored online and linked to QR codes attached to mailbox posts where emergency responders may read them with a mobile device. Mock responses were conducted on dairy farms to test QR code linking efficacy, Web site security, and field usability. Findings from farmer usability tests showed willingness to enter data as well as ease of Web site navigation and data entry even with farmers who had limited computer knowledge. Usability tests with emergency responders showed ease of QR code connectivity to the farm maps and ease of Web site navigation. Further research is needed to improve data security as well as assess the program's applicability to nonfarm environments and integration with existing emergency response systems. The next phases of this project will expand the program for regional and national use, develop QR code-linked, Web-based extrication guidance for farm machinery for victim entrapment rescue, and create QR code-linked online training videos and materials for limited English proficient immigrant farm workers.

Immune Inspired Security Approach for Manets: a Case Study

NASA Astrophysics Data System (ADS)

Mohamed, Yasir Abdelgadir

2011-06-01

This paper extends the work that has earlier been established. Immune inspired approach for securing mobile ad hoc networks is specified there. Although it is clearly indicated there that the research scope is the wireless networks in general and hybrid mobile ad hoc networks in particular, we have seen that specifying the security system in one of the communications applications that need further security approach may help to understand how effectively the system can contribute to this vital and important networks sector. Security in this type of networks is important and controversial as it plays a key role in users' eagerness or reluctance for the services provided by these networks. In this paper, the immune inspired security system is specified to secure web services in converged networks.

76 FR 31366 - Notice of Funding Opportunity and Solicitation for Grant Applications (SGA) for Cooperative...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-05-31

... disabilities who are unemployed, underemployed, and/or receiving Social Security disability benefits; and (2... performance. The complete SGA and any subsequent SGA amendments are described in further detail on ETA's Web site at http:// [[Page 31367

Cloud Computing in Support of Synchronized Disaster Response Operations

DTIC Science & Technology

2010-09-01

scalable, Web application based on cloud computing technologies to facilitate communication between a broad range of public and private entities without...requiring them to compromise security or competitive advantage. The proposed design applies the unique benefits of cloud computing architectures such as

Security concept in 'MyAngelWeb' a website for the individual patient at risk of emergency.

PubMed

Pinciroli, F; Nahaissi, D; Boschini, M; Ferrari, R; Meloni, G; Camnasio, M; Spaggiari, P; Carnerone, G

2000-11-01

We describe the Security Plan for the 'MyAngelWeb' service. The different actors involved in the service are subject to different security procedures. The core of the security system is implemented at the host site by means of a DBMS and standard Information Technology tools. Hardware requirements for sustainable security are needed at the web-site construction sites. They are not needed at the emergency physician's site. At the emergency physician's site, a two-way authentication system (password and test phrase method) is implemented.

Security concept in 'MyAngelWeb((R))' a website for the individual patient at risk of emergency.

PubMed

Pinciroli; Nahaissi; Boschini; Ferrari; Meloni; Camnasio; Spaggiari; Carnerone

2000-11-01

We describe the Security Plan for the 'MyAngelWeb' service. The different actors involved in the service are subject to different security procedures. The core of the security system is implemented at the host site by means of a DBMS and standard Information Technology tools. Hardware requirements for sustainable security are needed at the web-site construction sites. They are not needed at the emergency physician's site. At the emergency physician's site, a two-way authentication system (password and test phrase method) is implemented.

A Web-Based Database for Nurse Led Outreach Teams (NLOT) in Toronto.

PubMed

Li, Shirley; Kuo, Mu-Hsing; Ryan, David

2016-01-01

A web-based system can provide access to real-time data and information. Healthcare is moving towards digitizing patients' medical information and securely exchanging it through web-based systems. In one of Ontario's health regions, Nurse Led Outreach Teams (NLOT) provide emergency mobile nursing services to help reduce unnecessary transfers from long-term care homes to emergency departments. Currently the NLOT team uses a Microsoft Access database to keep track of the health information on the residents that they serve. The Access database lacks scalability, portability, and interoperability. The objective of this study is the development of a web-based database using Oracle Application Express that is easily accessible from mobile devices. The web-based database will allow NLOT nurses to enter and access resident information anytime and from anywhere.

Designing, Implementing, and Evaluating Secure Web Browsers

ERIC Educational Resources Information Center

Grier, Christopher L.

2009-01-01

Web browsers are plagued with vulnerabilities, providing hackers with easy access to computer systems using browser-based attacks. Efforts that retrofit existing browsers have had limited success since modern browsers are not designed to withstand attack. To enable more secure web browsing, we design and implement new web browsers from the ground…

How Secure Is Your Radiology Department? Mapping Digital Radiology Adoption and Security Worldwide.

PubMed

Stites, Mark; Pianykh, Oleg S

2016-04-01

Despite the long history of digital radiology, one of its most critical aspects--information security--still remains extremely underdeveloped and poorly standardized. To study the current state of radiology security, we explored the worldwide security of medical image archives. Using the DICOM data-transmitting standard, we implemented a highly parallel application to scan the entire World Wide Web of networked computers and devices, locating open and unprotected radiology servers. We used only legal and radiology-compliant tools. Our security-probing application initiated a standard DICOM handshake to remote computer or device addresses, and then assessed their security posture on the basis of handshake replies. The scan discovered a total of 2774 unprotected radiology or DICOM servers worldwide. Of those, 719 were fully open to patient data communications. Geolocation was used to analyze and rank our findings according to country utilization. As a result, we built maps and world ranking of clinical security, suggesting that even the most radiology-advanced countries have hospitals with serious security gaps. Despite more than two decades of active development and implementation, our radiology data still remains insecure. The results provided should be applied to raise awareness and begin an earnest dialogue toward elimination of the problem. The application we designed and the novel scanning approach we developed can be used to identify security breaches and to eliminate them before they are compromised.

Secure, Autonomous, Intelligent Controller for Integrating Distributed Sensor Webs

NASA Technical Reports Server (NTRS)

Ivancic, William D.

2007-01-01

This paper describes the infrastructure and protocols necessary to enable near-real-time commanding, access to space-based assets, and the secure interoperation between sensor webs owned and controlled by various entities. Select terrestrial and aeronautics-base sensor webs will be used to demonstrate time-critical interoperability between integrated, intelligent sensor webs both terrestrial and between terrestrial and space-based assets. For this work, a Secure, Autonomous, Intelligent Controller and knowledge generation unit is implemented using Virtual Mission Operation Center technology.

76 FR 11433 - Federal Transition To Secure Hash Algorithm (SHA)-256

Federal Register 2010, 2011, 2012, 2013, 2014

2011-03-02

... generating digital signatures. Current information systems, Web servers, applications and workstation operating systems were designed to process, and use SHA-1 generated signatures. National Institute of... cryptographic keys, and more robust algorithms by December 2013. Government systems may begin to encounter...

NNDC Stand: Activities and Services of the National Nuclear Data Center

NASA Astrophysics Data System (ADS)

Pritychenko, B.; Arcilla, R.; Burrows, T. W.; Dunford, C. L.; Herman, M. W.; McLane, V.; Obložinský, P.; Sonzogni, A. A.; Tuli, J. K.; Winchell, D. F.

2005-05-01

The National Nuclear Data Center (NNDC) collects, evaluates, and disseminates nuclear physics data for basic nuclear research, applied nuclear technologies including energy, shielding, medical and homeland security. In 2004, to answer the needs of nuclear data users community, NNDC completed a project to modernize data storage and management of its databases and began offering new nuclear data Web services. The principles of database and Web application development as well as related nuclear reaction and structure database services are briefly described.

Design and Implementation of Website Information Disclosure Assessment System

PubMed Central

Cho, Ying-Chiang; Pan, Jen-Yi

2015-01-01

Internet application technologies, such as cloud computing and cloud storage, have increasingly changed people’s lives. Websites contain vast amounts of personal privacy information. In order to protect this information, network security technologies, such as database protection and data encryption, attract many researchers. The most serious problems concerning web vulnerability are e-mail address and network database leakages. These leakages have many causes. For example, malicious users can steal database contents, taking advantage of mistakes made by programmers and administrators. In order to mitigate this type of abuse, a website information disclosure assessment system is proposed in this study. This system utilizes a series of technologies, such as web crawler algorithms, SQL injection attack detection, and web vulnerability mining, to assess a website’s information disclosure. Thirty websites, randomly sampled from the top 50 world colleges, were used to collect leakage information. This testing showed the importance of increasing the security and privacy of website information for academic websites. PMID:25768434

Remote monitoring and security alert based on motion detection using mobile

NASA Astrophysics Data System (ADS)

Suganya Devi, K.; Srinivasan, P.

2016-03-01

Background model does not have any robust solution and constitutes one of the main problems in surveillance systems. The aim of the paper is to provide a mobile based security to a remote monitoring system through a WAP using GSM modem. It is most designed to provide durability and versatility for a wide variety of indoor and outdoor applications. It is compatible with both narrow and band networks and provides simultaneous image detection. The communicator provides remote control, event driven recording, including pre-alarm and post-alarm and image motion detection. The web cam allowing them to be mounted either to a ceiling or wall without requiring bracket, with the use of web cam. We could continuously monitoring status in the client system through the web. If any intruder arrives in the client system, server will provide an alert to the mobile (what we are set in the message that message send to the authorized person) and the client can view the image using WAP.

20 CFR 418.3220 - When is your application considered filed?

Code of Federal Regulations, 2014 CFR

2014-04-01

...? 418.3220 Section 418.3220 Employees' Benefits SOCIAL SECURITY ADMINISTRATION MEDICARE SUBSIDIES... the day it is submitted electronically through our Internet Web site. If a State Medicaid agency... inquiry about your subsidy eligibility is made, or the date we receive a partially completed Internet...

20 CFR 418.3220 - When is your application considered filed?

Code of Federal Regulations, 2013 CFR

2013-04-01

...? 418.3220 Section 418.3220 Employees' Benefits SOCIAL SECURITY ADMINISTRATION MEDICARE SUBSIDIES... the day it is submitted electronically through our Internet Web site. If a State Medicaid agency... inquiry about your subsidy eligibility is made, or the date we receive a partially completed Internet...

20 CFR 418.3220 - When is your application considered filed?

Code of Federal Regulations, 2012 CFR

2012-04-01

...? 418.3220 Section 418.3220 Employees' Benefits SOCIAL SECURITY ADMINISTRATION MEDICARE SUBSIDIES... the day it is submitted electronically through our Internet Web site. If a State Medicaid agency... inquiry about your subsidy eligibility is made, or the date we receive a partially completed Internet...

Supporting secure programming in web applications through interactive static analysis.

PubMed

Zhu, Jun; Xie, Jing; Lipford, Heather Richter; Chu, Bill

2014-07-01

Many security incidents are caused by software developers' failure to adhere to secure programming practices. Static analysis tools have been used to detect software vulnerabilities. However, their wide usage by developers is limited by the special training required to write rules customized to application-specific logic. Our approach is interactive static analysis, to integrate static analysis into Integrated Development Environment (IDE) and provide in-situ secure programming support to help developers prevent vulnerabilities during code construction. No additional training is required nor are there any assumptions on ways programs are built. Our work is motivated in part by the observation that many vulnerabilities are introduced due to failure to practice secure programming by knowledgeable developers. We implemented a prototype interactive static analysis tool as a plug-in for Java in Eclipse. Our technical evaluation of our prototype detected multiple zero-day vulnerabilities in a large open source project. Our evaluations also suggest that false positives may be limited to a very small class of use cases.

Supporting secure programming in web applications through interactive static analysis

PubMed Central

Zhu, Jun; Xie, Jing; Lipford, Heather Richter; Chu, Bill

2013-01-01

Many security incidents are caused by software developers’ failure to adhere to secure programming practices. Static analysis tools have been used to detect software vulnerabilities. However, their wide usage by developers is limited by the special training required to write rules customized to application-specific logic. Our approach is interactive static analysis, to integrate static analysis into Integrated Development Environment (IDE) and provide in-situ secure programming support to help developers prevent vulnerabilities during code construction. No additional training is required nor are there any assumptions on ways programs are built. Our work is motivated in part by the observation that many vulnerabilities are introduced due to failure to practice secure programming by knowledgeable developers. We implemented a prototype interactive static analysis tool as a plug-in for Java in Eclipse. Our technical evaluation of our prototype detected multiple zero-day vulnerabilities in a large open source project. Our evaluations also suggest that false positives may be limited to a very small class of use cases. PMID:25685513

A web implementation: the good and the not-so-good.

PubMed

Bergsneider, C; Piraino, D; Fuerst, M

2001-06-01

E-commerce, e-mail, e-greeting, e-this, and e-that everywhere you turn there is a new "e" word for an internet or Web application. We, at the Cleveland Clinic Foundation, have been "e-nlightened" and will discuss in this report the implementation of a web-based radiology information system (RIS) in our radiology division or "e-radiology" division. The application, IDXRad Version 10.0 from IDX Corp, Burlington, VT, is in use at the Cleveland Clinic Foundation and has both intranet (for use in Radiology) and internet (referring physician viewing) modules. We will concentrate on the features of using a web browser for the application's front-end, including easy prototyping for screen review, easier mock-ups of demonstrations by vendors and developers, and easier training as more people become web-addicted. Project communication can be facilitated with an internal project web page, and use of the web browser can accommodate quicker turnaround of software upgrades as the software code is centrally located. Compared with other technologies, including client/server, there is a smaller roll out cost when using a standard web browser. However, the new technology requires a change and changes are never implemented without challenges. A seasoned technologist using a legacy system can enter data quicker using function keys than using a graphical user interface and pointing and clicking through a series of pop-up windows. Also, effective use of a web browser depends on intuitive design for it to be easily implemented and accepted by the user. Some software packages will not work on both of the popular web browsers and then are tailored to specific release levels. As computer-based patient records become a standard, patient confidentiality must be enforced. The technical design and application security features that support the web-based software package will be discussed. Also web technologies have their own implementation issues.

An Ontology for Insider Threat Indicators Development and Applications

DTIC Science & Technology

2014-11-01

An Ontology for Insider Threat Indicators Development and Applications Daniel L. Costa , Matthew L. Collins, Samuel J. Perl, Michael J. Albrethsen...services, commit fraud against an organization, steal intellectual property, or conduct national security espionage, sabotaging systems and data, as...engineering plans from the victim organization’s computer systems to his new employer.  The insider accessed a web server with an administrator account

EntrezAJAX: direct web browser access to the Entrez Programming Utilities

PubMed Central

2010-01-01

Web applications for biology and medicine often need to integrate data from Entrez services provided by the National Center for Biotechnology Information. However, direct access to Entrez from a web browser is not possible due to 'same-origin' security restrictions. The use of "Asynchronous JavaScript and XML" (AJAX) to create rich, interactive web applications is now commonplace. The ability to access Entrez via AJAX would be advantageous in the creation of integrated biomedical web resources. We describe EntrezAJAX, which provides access to Entrez eUtils and is able to circumvent same-origin browser restrictions. EntrezAJAX is easily implemented by JavaScript developers and provides identical functionality as Entrez eUtils as well as enhanced functionality to ease development. We provide easy-to-understand developer examples written in JavaScript to illustrate potential uses of this service. For the purposes of speed, reliability and scalability, EntrezAJAX has been deployed on Google App Engine, a freely available cloud service. The EntrezAJAX webpage is located at http://entrezajax.appspot.com/ PMID:20565938

Web application for detailed real-time database transaction monitoring for CMS condition data

NASA Astrophysics Data System (ADS)

de Gruttola, Michele; Di Guida, Salvatore; Innocente, Vincenzo; Pierro, Antonio

2012-12-01

In the upcoming LHC era, database have become an essential part for the experiments collecting data from LHC, in order to safely store, and consistently retrieve, a wide amount of data, which are produced by different sources. In the CMS experiment at CERN, all this information is stored in ORACLE databases, allocated in several servers, both inside and outside the CERN network. In this scenario, the task of monitoring different databases is a crucial database administration issue, since different information may be required depending on different users' tasks such as data transfer, inspection, planning and security issues. We present here a web application based on Python web framework and Python modules for data mining purposes. To customize the GUI we record traces of user interactions that are used to build use case models. In addition the application detects errors in database transactions (for example identify any mistake made by user, application failure, unexpected network shutdown or Structured Query Language (SQL) statement error) and provides warning messages from the different users' perspectives. Finally, in order to fullfill the requirements of the CMS experiment community, and to meet the new development in many Web client tools, our application was further developed, and new features were deployed.

Interactive, Secure Web-enabled Aircraft Engine Simulation Using XML Databinding Integration

NASA Technical Reports Server (NTRS)

Lin, Risheng; Afjeh, Abdollah A.

2003-01-01

This paper discusses the detailed design of an XML databinding framework for aircraft engine simulation. The framework provides an object interface to access and use engine data. while at the same time preserving the meaning of the original data. The Language independent representation of engine component data enables users to move around XML data using HTTP through disparate networks. The application of this framework is demonstrated via a web-based turbofan propulsion system simulation using the World Wide Web (WWW). A Java Servlet based web component architecture is used for rendering XML engine data into HTML format and dealing with input events from the user, which allows users to interact with simulation data from a web browser. The simulation data can also be saved to a local disk for archiving or to restart the simulation at a later time.

Social Web mining and exploitation for serious applications: Technosocial Predictive Analytics and related technologies for public health, environmental and national security surveillance.

PubMed

Kamel Boulos, Maged N; Sanfilippo, Antonio P; Corley, Courtney D; Wheeler, Steve

2010-10-01

This paper explores Technosocial Predictive Analytics (TPA) and related methods for Web "data mining" where users' posts and queries are garnered from Social Web ("Web 2.0") tools such as blogs, micro-blogging and social networking sites to form coherent representations of real-time health events. The paper includes a brief introduction to commonly used Social Web tools such as mashups and aggregators, and maps their exponential growth as an open architecture of participation for the masses and an emerging way to gain insight about people's collective health status of whole populations. Several health related tool examples are described and demonstrated as practical means through which health professionals might create clear location specific pictures of epidemiological data such as flu outbreaks. Copyright 2010 Elsevier Ireland Ltd. All rights reserved.

Verification Tools Secure Online Shopping, Banking

NASA Technical Reports Server (NTRS)

2010-01-01

Just like rover or rocket technology sent into space, the software that controls these technologies must be extensively tested to ensure reliability and effectiveness. Ames Research Center invented the open-source Java Pathfinder (JPF) toolset for the deep testing of Java-based programs. Fujitsu Labs of America Inc., based in Sunnyvale, California, improved the capabilities of the JPF Symbolic Pathfinder tool, establishing the tool as a means of thoroughly testing the functionality and security of Web-based Java applications such as those used for Internet shopping and banking.

Construction and validation of a web-based epidemiological database for inflammatory bowel diseases in Europe An EpiCom study.

PubMed

Burisch, Johan; Cukovic-Cavka, Silvija; Kaimakliotis, Ioannis; Shonová, Olga; Andersen, Vibeke; Dahlerup, Jens F; Elkjaer, Margarita; Langholz, Ebbe; Pedersen, Natalia; Salupere, Riina; Kolho, Kaija-Leena; Manninen, Pia; Lakatos, Peter Laszlo; Shuhaibar, Mary; Odes, Selwyn; Martinato, Matteo; Mihu, Ion; Magro, Fernando; Belousova, Elena; Fernandez, Alberto; Almer, Sven; Halfvarson, Jonas; Hart, Ailsa; Munkholm, Pia

2011-08-01

The EpiCom-study investigates a possible East-West-gradient in Europe in the incidence of IBD and the association with environmental factors. A secured web-based database is used to facilitate and centralize data registration. To construct and validate a web-based inception cohort database available in both English and Russian language. The EpiCom database has been constructed in collaboration with all 34 participating centers. The database was translated into Russian using forward translation, patient questionnaires were translated by simplified forward-backward translation. Data insertion implies fulfillment of international diagnostic criteria, disease activity, medical therapy, quality of life, work productivity and activity impairment, outcome of pregnancy, surgery, cancer and death. Data is secured by the WinLog3 System, developed in cooperation with the Danish Data Protection Agency. Validation of the database has been performed in two consecutive rounds, each followed by corrections in accordance with comments. The EpiCom database fulfills the requirements of the participating countries' local data security agencies by being stored at a single location. The database was found overall to be "good" or "very good" by 81% of the participants after the second validation round and the general applicability of the database was evaluated as "good" or "very good" by 77%. In the inclusion period January 1st -December 31st 2010 1336 IBD patients have been included in the database. A user-friendly, tailor-made and secure web-based inception cohort database has been successfully constructed, facilitating remote data input. The incidence of IBD in 23 European countries can be found at www.epicom-ecco.eu. Copyright © 2011 European Crohn's and Colitis Organisation. All rights reserved.

Security Encryption Scheme for Communication of Web Based Control Systems

NASA Astrophysics Data System (ADS)

Robles, Rosslin John; Kim, Tai-Hoon

A control system is a device or set of devices to manage, command, direct or regulate the behavior of other devices or systems. The trend in most systems is that they are connected through the Internet. Traditional Supervisory Control and Data Acquisition Systems (SCADA) is connected only in a limited private network Since the internet Supervisory Control and Data Acquisition Systems (SCADA) facility has brought a lot of advantages in terms of control, data viewing and generation. Along with these advantages, are security issues regarding web SCADA, operators are pushed to connect Control Systems through the internet. Because of this, many issues regarding security surfaced. In this paper, we discuss web SCADA and the issues regarding security. As a countermeasure, a web SCADA security solution using crossed-crypto-scheme is proposed to be used in the communication of SCADA components.

Use of a secure Internet Web site for collaborative medical research.

PubMed

Marshall, W W; Haley, R W

2000-10-11

Researchers who collaborate on clinical research studies from diffuse locations need a convenient, inexpensive, secure way to record and manage data. The Internet, with its World Wide Web, provides a vast network that enables researchers with diverse types of computers and operating systems anywhere in the world to log data through a common interface. Development of a Web site for scientific data collection can be organized into 10 steps, including planning the scientific database, choosing a database management software system, setting up database tables for each collaborator's variables, developing the Web site's screen layout, choosing a middleware software system to tie the database software to the Web site interface, embedding data editing and calculation routines, setting up the database on the central server computer, obtaining a unique Internet address and name for the Web site, applying security measures to the site, and training staff who enter data. Ensuring the security of an Internet database requires limiting the number of people who have access to the server, setting up the server on a stand-alone computer, requiring user-name and password authentication for server and Web site access, installing a firewall computer to prevent break-ins and block bogus information from reaching the server, verifying the identity of the server and client computers with certification from a certificate authority, encrypting information sent between server and client computers to avoid eavesdropping, establishing audit trails to record all accesses into the Web site, and educating Web site users about security techniques. When these measures are carefully undertaken, in our experience, information for scientific studies can be collected and maintained on Internet databases more efficiently and securely than through conventional systems of paper records protected by filing cabinets and locked doors. JAMA. 2000;284:1843-1849.

Smartphone Application Enabling Global Graph Exploitation and Proactive Dissemination Service (DSPro) Integration (Revised Fiscal Year 2015)

DTIC Science & Technology

2015-09-01

interface. 15. SUBJECT TERMS smartphone, HDPT, global graph, DSPro, ozone widget framework, distributed common ground system, web service 16. SECURITY...Lee M. Lessons learned with a global graph and ozone widget framework (OWF) testbed. Aberdeen Proving Ground (MD): Army Research Laboratory (US); 2013

41 CFR 102-33.400 - How must we report to FAIRS?

Code of Federal Regulations, 2010 CFR

2010-07-01

... Management Regulations System (Continued) FEDERAL MANAGEMENT REGULATION PERSONAL PROPERTY 33-MANAGEMENT OF... System (fairs) § 102-33.400 How must we report to FAIRS? You must report to FAIRS electronically through a secure Web interface to the FAIRS application on the Internet. For information on becoming a FAIRS...

Intranet Implementation as an HR Communication Strategy.

ERIC Educational Resources Information Center

Murphy, Daniel J.; Andrews, Dianna M.

1996-01-01

Applications of World Wide Web-style institutional intranets and browsers to provide and manage information in college personnel administration are examined. The intranet can facilitate use of more complex data structures, protect data security, allow tracking of information and forms, eliminate hard-copy manuals, maintain up-to-date schedules,…

Health Statistics NSW: getting the right balance between privacy and small numbers in a web-based reporting system.

PubMed

Scandol, James P; Moore, Helen A

2012-01-01

Health Statistics NSW is a new web-based application developed by the Centre for Epidemiology and Research at the NSW Ministry of Health. The application is designed to be an efficient vehicle for the timely delivery of health statistics to a diverse audience including the general public, health planners, researchers, students and policy analysts. The development and implementation of this web application required the consideration of a series of competing demands such as: the public interest in providing health data while maintaining the privacy interests of the individuals whose health is being reported; reporting data at spatial scales of relevance to health planners while maintaining the statistical integrity of any inferences drawn; the use of hardware and software systems which are publicly accessible, scalable and robust, while ensuring high levels of security. These three competing demands and the relationships between them are discussed in the context of Health Statistics NSW.

Development Issues on Linked Data Weblog Enrichment

NASA Astrophysics Data System (ADS)

Ruiz-Rube, Iván; Cornejo, Carlos M.; Dodero, Juan Manuel; García, Vicente M.

In this paper, we describe the issues found during the development of LinkedBlog, a Linked Data extension for WordPress blogs. This extension enables to enrich text-based and video information contained in blog entries with RDF triples that are suitable to be stored, managed and exploited by other web-based applications. The issues have to do with the generality, usability, tracking, depth, security, trustiness and performance of the linked data enrichment process. The presented annotation approach aims at maintaining web-based contents independent from the underlying ontological model, by providing a loosely coupled RDFa-based approach in the linked data application. Finally, we detail how the performance of annotations can be improved through a semantic reasoner.

Security & Privacy Policy - Naval Oceanography Portal

Science.gov Websites

Notice: This is a U.S. Government Web Site 1. This is a World Wide Web site for official information information on this Web site are strictly prohibited and may be punishable under the Computer Fraud and Abuse Information Act (FOIA) | External Link Disclaimer This is an official U.S. Navy web site. Security &

Semantic-JSON: a lightweight web service interface for Semantic Web contents integrating multiple life science databases.

PubMed

Kobayashi, Norio; Ishii, Manabu; Takahashi, Satoshi; Mochizuki, Yoshiki; Matsushima, Akihiro; Toyoda, Tetsuro

2011-07-01

Global cloud frameworks for bioinformatics research databases become huge and heterogeneous; solutions face various diametric challenges comprising cross-integration, retrieval, security and openness. To address this, as of March 2011 organizations including RIKEN published 192 mammalian, plant and protein life sciences databases having 8.2 million data records, integrated as Linked Open or Private Data (LOD/LPD) using SciNetS.org, the Scientists' Networking System. The huge quantity of linked data this database integration framework covers is based on the Semantic Web, where researchers collaborate by managing metadata across public and private databases in a secured data space. This outstripped the data query capacity of existing interface tools like SPARQL. Actual research also requires specialized tools for data analysis using raw original data. To solve these challenges, in December 2009 we developed the lightweight Semantic-JSON interface to access each fragment of linked and raw life sciences data securely under the control of programming languages popularly used by bioinformaticians such as Perl and Ruby. Researchers successfully used the interface across 28 million semantic relationships for biological applications including genome design, sequence processing, inference over phenotype databases, full-text search indexing and human-readable contents like ontology and LOD tree viewers. Semantic-JSON services of SciNetS.org are provided at http://semanticjson.org.

Protecting clinical data on Web client computers: the PCASSO approach.

PubMed Central

Masys, D. R.; Baker, D. B.

1998-01-01

The ubiquity and ease of use of the Web have made it an increasingly popular medium for communication of health-related information. Web interfaces to commercially available clinical information systems are now available or under development by most major vendors. To the extent that such interfaces involve the use of unprotected operating systems, they are vulnerable to security limitations of Web client software environments. The Patient Centered Access to Secure Systems Online (PCASSO) project extends the protections for person-identifiable health data on Web client computers. PCASSO uses several approaches, including physical protection of authentication information, execution containment, graphical displays, and monitoring the client system for intrusions and co-existing programs that may compromise security. PMID:9929243

Method for secure electronic voting system: face recognition based approach

NASA Astrophysics Data System (ADS)

Alim, M. Affan; Baig, Misbah M.; Mehboob, Shahzain; Naseem, Imran

2017-06-01

In this paper, we propose a framework for low cost secure electronic voting system based on face recognition. Essentially Local Binary Pattern (LBP) is used for face feature characterization in texture format followed by chi-square distribution is used for image classification. Two parallel systems are developed based on smart phone and web applications for face learning and verification modules. The proposed system has two tire security levels by using person ID followed by face verification. Essentially class specific threshold is associated for controlling the security level of face verification. Our system is evaluated three standard databases and one real home based database and achieve the satisfactory recognition accuracies. Consequently our propose system provides secure, hassle free voting system and less intrusive compare with other biometrics.

Current Experiences with Internet Telepathology and Possible Evolution in the Next Generation of Internet Services

PubMed Central

Della Mea, V.; Beltrami, C. A.

2000-01-01

The last five years experience has definitely demonstrated the possible applications of the Internet for telepathology. They may be listed as follows: (a) teleconsultation via multimedia e‐mail; (b) teleconsultation via web‐based tools; (c) distant education by means of World Wide Web; (d) virtual microscope management through Web and Java interfaces; (e) real‐time consultations through Internet‐based videoconferencing. Such applications have led to the recognition of some important limits of the Internet, when dealing with telemedicine: (i) no guarantees on the quality of service (QoS); (ii) inadequate security and privacy; (iii) for some countries, low bandwidth and thus low responsiveness for real‐time applications. Currently, there are several innovations in the world of the Internet. Different initiatives have been aimed at an amelioration of the Internet protocols, in order to have quality of service, multimedia support, security and other advanced services, together with greater bandwidth. The forthcoming Internet improvements, although induced by electronic commerce, video on demand, and other commercial needs, are of real interest also for telemedicine, because they solve the limits currently slowing down the use of Internet. When such new services will be available, telepathology applications may switch from research to daily practice in a fast way. PMID:11339559

Secured web-based video repository for multicenter studies

PubMed Central

Yan, Ling; Hicks, Matt; Winslow, Korey; Comella, Cynthia; Ludlow, Christy; Jinnah, H. A; Rosen, Ami R; Wright, Laura; Galpern, Wendy R; Perlmutter, Joel S

2015-01-01

Background We developed a novel secured web-based dystonia video repository for the Dystonia Coalition, part of the Rare Disease Clinical Research network funded by the Office of Rare Diseases Research and the National Institute of Neurological Disorders and Stroke. A critical component of phenotypic data collection for all projects of the Dystonia Coalition includes a standardized video of each participant. We now describe our method for collecting, serving and securing these videos that is widely applicable to other studies. Methods Each recruiting site uploads standardized videos to a centralized secured server for processing to permit website posting. The streaming technology used to view the videos from the website does not allow downloading of video files. With appropriate institutional review board approval and agreement with the hosting institution, users can search and view selected videos on the website using customizable, permissions-based access that maintains security yet facilitates research and quality control. Results This approach provides a convenient platform for researchers across institutions to evaluate and analyze shared video data. We have applied this methodology for quality control, confirmation of diagnoses, validation of rating scales, and implementation of new research projects. Conclusions We believe our system can be a model for similar projects that require access to common video resources. PMID:25630890

Application of Multiprotocol Medical Imaging Communications and an Extended DICOM WADO Service in a Teleradiology Architecture

PubMed Central

Koutelakis, George V.; Anastassopoulos, George K.; Lymberopoulos, Dimitrios K.

2012-01-01

Multiprotocol medical imaging communication through the Internet is more flexible than the tight DICOM transfers. This paper introduces a modular multiprotocol teleradiology architecture that integrates DICOM and common Internet services (based on web, FTP, and E-mail) into a unique operational domain. The extended WADO service (a web extension of DICOM) and the other proposed services allow access to all levels of the DICOM information hierarchy as opposed to solely Object level. A lightweight client site is considered adequate, because the server site of the architecture provides clients with service interfaces through the web as well as invulnerable space for temporary storage, called as User Domains, so that users fulfill their applications' tasks. The proposed teleradiology architecture is pilot implemented using mainly Java-based technologies and is evaluated by engineers in collaboration with doctors. The new architecture ensures flexibility in access, user mobility, and enhanced data security. PMID:22489237

Applying the Earth System Grid Security System in a Heterogeneous Environment of Data Access Services

NASA Astrophysics Data System (ADS)

Kershaw, Philip; Lawrence, Bryan; Lowe, Dominic; Norton, Peter; Pascoe, Stephen

2010-05-01

CEDA (Centre for Environmental Data Archival) based at STFC Rutherford Appleton Laboratory is host to the BADC (British Atmospheric Data Centre) and NEODC (NERC Earth Observation Data Centre) with data holdings of over half a Petabyte. In the coming months this figure is set to increase by over one Petabyte through the BADC's role as one of three data centres to host the CMIP5 (Coupled Model Intercomparison Project Phase 5) core archive of climate model data. Quite apart from the problem of managing the storage of such large volumes there is the challenge of collating the data together from the modelling centres around the world and enabling access to these data for the user community. An infrastructure to support this is being developed under the US Earth System Grid (ESG) and related projects bringing together participating organisations together in a federation. The ESG architecture defines Gateways, the web interfaces that enable users to access data and data serving applications organised into Data Nodes. The BADC has been working in collaboration with US Earth System Grid team and other partners to develop a security system to restrict access to data. This provides single sign-on via both OpenID and PKI based means and uses role based authorisation facilitated by SAML and OpenID based interfaces for attribute retrieval. This presentation will provide an overview of the access control architecture and look at how this has been implemented for CEDA. CEDA has developed an expertise in data access and information services over several years through a number of projects to develop and enhance these capabilities. Participation in CMIP5 comes at a time when a number of other software development activities are coming to fruition. New services are in the process of being deployed alongside services making up the system for ESG. The security system must apply access control across this heterogeneous environment of different data services and technologies. One strand of the development efforts within CEDA has been the NDG (NERC Datagrid) Security system. This system has been extended to interoperate with ESG, greatly assisted by the standards based approach adopted for the ESG security architecture. Drawing from experience from previous projects the decision was taken to refactor the NDG Security software into a component based architecture to enable a separation of concerns between access control and the functionality of a given application being protected. Such an approach is only possible through a generic interface. At CEDA, this has been realised in the Python programming language using the WSGI (Web Server Gateway Interface) specification. A parallel Java filter based implementation is also under development with our US partners for use with the THREDDS Data Server. Using such technologies applications and middleware can be assembled into custom configurations to meet different requirements. In the case of access control, NDG Security middleware can be layered over the top of existing applications without the need to modify them. A RESTful approach to the application of authorisation policy has been key in this approach. We explore the practical implementation of such a scheme alongside the application of the ESG security architecture to CEDA's OGC web services implementation COWS.

Theft of Virtual Property — Towards Security Requirements for Virtual Worlds

NASA Astrophysics Data System (ADS)

Beyer, Anja

The article is focused to introduce the topic of information technology security for Virtual Worlds to a security experts’ audience. Virtual Worlds are Web 2.0 applications where the users cruise through the world with their individually shaped avatars to find either amusement, challenges or the next best business deal. People do invest a lot of time but beyond they invest in buying virtual assets like fantasy witcheries, wepaons, armour, houses, clothes,...etc with the power of real world money. Although it is called “virtual” (which is often put on the same level as “not existent”) there is a real value behind it. In November 2007 dutch police arrested a seventeen years old teenager who was suspicted to have stolen virtual items in a Virtual World called Habbo Hotel [Reuters07]. In order to successfully provide security mechanisms into Virtual Worlds it is necessarry to fully understand the domain for which the security mechansims are defined. As Virtual Worlds must be clasified into the domain of Social Software the article starts with an overview of how to understand Web 2.0 and gives a short introduction to Virtual Worlds. The article then provides a consideration of assets of Virtual Worlds participants, describes how these assets can be threatened and gives an overview of appopriate security requirements and completes with an outlook of possible countermeasures.

Implementation of an Enterprise Information Portal (EIP) in the Loyola University Health System

PubMed Central

Price, Ronald N.; Hernandez, Kim

2001-01-01

Loyola University Chicago Stritch School of Medicine and Loyola University Medical Center have long histories in the development of applications to support the institutions' missions of education, research and clinical care. In late 1998, the institutions' application development group undertook an ambitious program to re-architecture more than 10 years of legacy application development (30+ core applications) into a unified World Wide Web (WWW) environment. The primary project objectives were to construct an environment that would support the rapid development of n-tier, web-based applications while providing standard methods for user authentication/validation, security/access control and definition of a user's organizational context. The project's efforts resulted in Loyola's Enterprise Information Portal (EIP), which meets the aforementioned objectives. This environment: 1) allows access to other vertical Intranet portals (e.g., electronic medical record, patient satisfaction information and faculty effort); 2) supports end-user desktop customization; and 3) provides a means for standardized application “look and feel.” The portal was constructed utilizing readily available hardware and software. Server hardware consists of multiprocessor (Intel Pentium 500Mhz) Compaq 6500 servers with one gigabyte of random access memory and 75 gigabytes of hard disk storage. Microsoft SQL Server was selected to house the portal's internal or security data structures. Netscape Enterprise Server was selected for the web server component of the environment and Allaire's ColdFusion was chosen for access and application tiers. Total costs for the portal environment was less than $40,000. User data storage is accomplished through two Microsoft SQL Servers and an existing SUN Microsystems enterprise server with eight processors, 750 gigabytes of disk storage operating Sybase relational database manager. Total storage capacity for all system exceeds one terabyte. In the past 12 months, the EIP has supported development of more than 88 applications and is utilized by more than 2,200 users.

Globus Identity, Access, and Data Management: Platform Services for Collaborative Science

NASA Astrophysics Data System (ADS)

Ananthakrishnan, R.; Foster, I.; Wagner, R.

2016-12-01

Globus is software-as-a-service for research data management, developed at, and operated by, the University of Chicago. Globus, accessible at www.globus.org, provides high speed, secure file transfer; file sharing directly from existing storage systems; and data publication to institutional repositories. 40,000 registered users have used Globus to transfer tens of billions of files totaling hundreds of petabytes between more than 10,000 storage systems within campuses and national laboratories in the US and internationally. Web, command line, and REST interfaces support both interactive use and integration into applications and infrastructures. An important component of the Globus system is its foundational identity and access management (IAM) platform service, Globus Auth. Both Globus research data management and other applications use Globus Auth for brokering authentication and authorization interactions between end-users, identity providers, resource servers (services), and a range of clients, including web, mobile, and desktop applications, and other services. Compliant with important standards such as OAuth, OpenID, and SAML, Globus Auth provides mechanisms required for an extensible, integrated ecosystem of services and clients for the research and education community. It underpins projects such as the US National Science Foundation's XSEDE system, NCAR's Research Data Archive, and the DOE Systems Biology Knowledge Base. Current work is extending Globus services to be compliant with FEDRAMP standards for security assessment, authorization, and monitoring for cloud services. We will present Globus IAM solutions and give examples of Globus use in various projects for federated access to resources. We will also describe how Globus Auth and Globus research data management capabilities enable rapid development and low-cost operations of secure data sharing platforms that leverage Globus services and integrate them with local policy and security.

Social Web mining and exploitation for serious applications: Technosocial Predictive Analytics and related technologies for public health, environmental and national security surveillance

DOE Office of Scientific and Technical Information (OSTI.GOV)

Kamel Boulos, Maged; Sanfilippo, Antonio P.; Corley, Courtney D.

2010-03-17

This paper explores techno-social predictive analytics (TPA) and related methods for Web “data mining” where users’ posts and queries are garnered from Social Web (“Web 2.0”) tools such as blogs, microblogging and social networking sites to form coherent representations of real-time health events. The paper includes a brief introduction to commonly used Social Web tools such as mashups and aggregators, and maps their exponential growth as an open architecture of participation for the masses and an emerging way to gain insight about people’s collective health status of whole populations. Several health related tool examples are described and demonstrated as practicalmore » means through which health professionals might create clear location specific pictures of epidemiological data such as flu outbreaks.« less

Enhancing Web applications in radiology with Java: estimating MR imaging relaxation times.

PubMed

Dagher, A P; Fitzpatrick, M; Flanders, A E; Eng, J

1998-01-01

Java is a relatively new programming language that has been used to develop a World Wide Web-based tool for estimating magnetic resonance (MR) imaging relaxation times, thereby demonstrating how Java may be used for Web-based radiology applications beyond improving the user interface of teaching files. A standard processing algorithm coded with Java is downloaded along with the hypertext markup language (HTML) document. The user (client) selects the desired pulse sequence and inputs data obtained from a region of interest on the MR images. The algorithm is used to modify selected MR imaging parameters in an equation that models the phenomenon being evaluated. MR imaging relaxation times are estimated, and confidence intervals and a P value expressing the accuracy of the final results are calculated. Design features such as simplicity, object-oriented programming, and security restrictions allow Java to expand the capabilities of HTML by offering a more versatile user interface that includes dynamic annotations and graphics. Java also allows the client to perform more sophisticated information processing and computation than is usually associated with Web applications. Java is likely to become a standard programming option, and the development of stand-alone Java applications may become more common as Java is integrated into future versions of computer operating systems.

Android Based Area Web Monitoring

NASA Astrophysics Data System (ADS)

Kanigoro, Bayu; Galih Salman, Afan; Moniaga, Jurike V.; Chandra, Eric; Rezky Chandra, Zein

2014-03-01

The research objective is to develop an application that can be used in the monitoring of an area by using a webcam. It aims to create a sense of security on the user's application because it can monitor an area using mobile phone anywhere. The results obtained in this study is to create an area with a webcam monitoring application that can be accessed anywhere as long as the monitoring results have internet access and can also be accessed through Android Based Mobile Phone.

Virtualization of open-source secure web services to support data exchange in a pediatric critical care research network

PubMed Central

Sward, Katherine A; Newth, Christopher JL; Khemani, Robinder G; Cryer, Martin E; Thelen, Julie L; Enriquez, Rene; Shaoyu, Su; Pollack, Murray M; Harrison, Rick E; Meert, Kathleen L; Berg, Robert A; Wessel, David L; Shanley, Thomas P; Dalton, Heidi; Carcillo, Joseph; Jenkins, Tammara L; Dean, J Michael

2015-01-01

Objectives To examine the feasibility of deploying a virtual web service for sharing data within a research network, and to evaluate the impact on data consistency and quality. Material and Methods Virtual machines (VMs) encapsulated an open-source, semantically and syntactically interoperable secure web service infrastructure along with a shadow database. The VMs were deployed to 8 Collaborative Pediatric Critical Care Research Network Clinical Centers. Results Virtual web services could be deployed in hours. The interoperability of the web services reduced format misalignment from 56% to 1% and demonstrated that 99% of the data consistently transferred using the data dictionary and 1% needed human curation. Conclusions Use of virtualized open-source secure web service technology could enable direct electronic abstraction of data from hospital databases for research purposes. PMID:25796596

OLMS: Online Learning Management System for E-Learning

ERIC Educational Resources Information Center

Ippakayala, Vinay Kumar; El-Ocla, Hosam

2017-01-01

In this paper we introduce a learning management system that provides a management system for centralized control of course content. A secure system to record lectures is implemented as a key feature of this application. This feature would be accessed through web camera and mobile recording. These features are mainly designed for e-learning…

Transformative Rendering of Internet Resources

DTIC Science & Technology

2012-10-01

4 Securing WiFi Connections...comes from legitimate web sites that have themselves been hacked . There is no way of anticipating which of these sites have been hacked and therefore...pose a security threat to visitors. The purpose of most of this web page hacking is to plant malicious code on the web site that will attack any

Reliability, Compliance, and Security in Web-Based Course Assessments

ERIC Educational Resources Information Center

Bonham, Scott

2008-01-01

Pre- and postcourse assessment has become a very important tool for education research in physics and other areas. The web offers an attractive alternative to in-class paper administration, but concerns about web-based administration include reliability due to changes in medium, student compliance rates, and test security, both question leakage…

Secure Service Invocation in a Peer-to-Peer Environment Using JXTA-SOAP

NASA Astrophysics Data System (ADS)

Laghi, Maria Chiara; Amoretti, Michele; Conte, Gianni

The effective convergence of service-oriented architectures (SOA) and peer-to-peer (P2P) is an urgent task, with many important applications ranging from e-business to ambient intelligence. A considerable standardization effort is being carried out from both SOA and P2P communities, but a complete platform for the development of secure, distributed applications is still missing. In this context, the result of our research and development activity is JXTA-SOAP, an official extension for JXTA enabling Web Service sharing in peer-to-peer networks. Recently we focused on security aspects, providing JXTA-SOAP with a general security management system, and specialized policies that target both J2SE and J2ME versions of the component. Among others, we implemented a policy based on Multimedia Internet KEYing (MIKEY), which can be used to create a key pair and all the required parameters for encryption and decryption of service messages in consumer and provider peers running on resource-constrained devices.

A User-centered Model for Web Site Design

PubMed Central

Kinzie, Mable B.; Cohn, Wendy F.; Julian, Marti F.; Knaus, William A.

2002-01-01

As the Internet continues to grow as a delivery medium for health information, the design of effective Web sites becomes increasingly important. In this paper, the authors provide an overview of one effective model for Web site design, a user-centered process that includes techniques for needs assessment, goal/task analysis, user interface design, and rapid prototyping. They detail how this approach was employed to design a family health history Web site, Health Heritage . This Web site helps patients record and maintain their family health histories in a secure, confidential manner. It also supports primary care physicians through analysis of health histories, identification of potential risks, and provision of health care recommendations. Visual examples of the design process are provided to show how the use of this model resulted in an easy-to-use Web site that is likely to meet user needs. The model is effective across diverse content arenas and is appropriate for applications in varied media. PMID:12087113

Secure password-based authenticated key exchange for web services

DOE Office of Scientific and Technical Information (OSTI.GOV)

Liang, Fang; Meder, Samuel; Chevassut, Olivier

This paper discusses an implementation of an authenticated key-exchange method rendered on message primitives defined in the WS-Trust and WS-SecureConversation specifications. This IEEE-specified cryptographic method (AuthA) is proven-secure for password-based authentication and key exchange, while the WS-Trust and WS-Secure Conversation are emerging Web Services Security specifications that extend the WS-Security specification. A prototype of the presented protocol is integrated in the WSRF-compliant Globus Toolkit V4. Further hardening of the implementation is expected to result in a version that will be shipped with future Globus Toolkit releases. This could help to address the current unavailability of decent shared-secret-based authentication options inmore » the Web Services and Grid world. Future work will be to integrate One-Time-Password (OTP) features in the authentication protocol.« less

A Connection Model between the Positioning Mechanism and Ultrasonic Measurement System via a Web Browser to Assess Acoustic Target Strength

NASA Astrophysics Data System (ADS)

Ishii, Ken; Imaizumi, Tomohito; Abe, Koki; Takao, Yoshimi; Tamura, Shuko

This paper details a network-controlled measurement system for use in fisheries engineering. The target strength (TS) of fish is important in order to convert acoustic integration values obtained during acoustic surveys into estimates of fish abundance. The target strength pattern is measured with the combination of the rotation system for the aspect of the sample and the echo data acquisition system using the underwater supersonic wave. The user interface of the network architecture is designed for collaborative use with researchers in other organizations. The flexible network architecture is based on the web direct-access model for the rotation mechanism. The user interface is available for monitoring and controlling via a web browser that is installed in any terminal PC (personal computer). Previously the combination of two applications was performed not by a web browser but by the exclusive interface program. So a connection model is proposed between two applications by indirect communication via the DCOM (Distributed Component Object Model) server and added in the web direct-access model. A prompt report system in the TS measurement system and a positioning and measurement system using an electric flatcar via a web browser are developed. By a secure network architecture, DCOM communications via both Intranet and LAN are successfully certificated.

WebViz:A Web-based Collaborative Interactive Visualization System for large-Scale Data Sets

NASA Astrophysics Data System (ADS)

Yuen, D. A.; McArthur, E.; Weiss, R. M.; Zhou, J.; Yao, B.

2010-12-01

WebViz is a web-based application designed to conduct collaborative, interactive visualizations of large data sets for multiple users, allowing researchers situated all over the world to utilize the visualization services offered by the University of Minnesota’s Laboratory for Computational Sciences and Engineering (LCSE). This ongoing project has been built upon over the last 3 1/2 years .The motivation behind WebViz lies primarily with the need to parse through an increasing amount of data produced by the scientific community as a result of larger and faster multicore and massively parallel computers coming to the market, including the use of general purpose GPU computing. WebViz allows these large data sets to be visualized online by anyone with an account. The application allows users to save time and resources by visualizing data ‘on the fly’, wherever he or she may be located. By leveraging AJAX via the Google Web Toolkit (http://code.google.com/webtoolkit/), we are able to provide users with a remote, web portal to LCSE's (http://www.lcse.umn.edu) large-scale interactive visualization system already in place at the University of Minnesota. LCSE’s custom hierarchical volume rendering software provides high resolution visualizations on the order of 15 million pixels and has been employed for visualizing data primarily from simulations in astrophysics to geophysical fluid dynamics . In the current version of WebViz, we have implemented a highly extensible back-end framework built around HTTP "server push" technology. The web application is accessible via a variety of devices including netbooks, iPhones, and other web and javascript-enabled cell phones. Features in the current version include the ability for users to (1) securely login (2) launch multiple visualizations (3) conduct collaborative visualization sessions (4) delegate control aspects of a visualization to others and (5) engage in collaborative chats with other users within the user interface of the web application. These features are all in addition to a full range of essential visualization functions including 3-D camera and object orientation, position manipulation, time-stepping control, and custom color/alpha mapping.

Practice improvement, part II: update on patient communication technologies.

PubMed

Roett, Michelle A; Coleman, Mary Thoesen

2013-11-01

Patient portals (ie, secure web-based services for patient health record access) and secure messaging to health care professionals are gaining popularity slowly. Advantages of web portals include timely communication and instruction, access to appointments and other services, and high patient satisfaction. Limitations include inappropriate use, security considerations, organizational costs, and exclusion of patients who are uncomfortable with or unable to use computers. Attention to the organization's strategic plan and office policies, patient and staff expectations, workflow and communication integration, training, marketing, and enrollment can facilitate optimal use of this technology. Other communication technologies that can enhance patient care include automated voice or text reminders and brief electronic communications. Social media provide another method of patient outreach, but privacy and access are concerns. Incorporating telehealthcare (health care provided via telephone or Internet), providing health coaching, and using interactive health communication applications can improve patient knowledge and clinical outcomes and provide social support. Written permission from the American Academy of Family Physicians is required for reproduction of this material in whole or in part in any form or medium.

Terrorism preparedness: Web-based resource management and the TOPOFF 3 exercise.

PubMed

Jacobs, Lenworth M; Burns, Karyl J

2006-03-01

The bombings of London on July 7, 2005 highlight the need for continued vigilance and readiness to respond to terrorist attacks. Trauma centers need to be at the core of preparedness activities. The State of Connecticut has taken a lead in preparedness and was selected as a site for the US Department of Homeland Security's Top Officials Three Exercise (TOPOFF 3), the largest and most extensive antiterrorism drill ever conducted. All 32 acute care hospitals in Connecticut took part in the drill. The simulated attacks were designed to test all aspects of emergency preparedness including the ability of hospitals to treat large numbers of victims and effectively monitor and implement mechanisms for surge capacity. In Connecticut, TOPOFF 3 tested the Bioterrorism Preparedness Web Application that was designed to be the primary communication and resource management tool during a terrorist event or public health emergency. This paper describes: 1) the impetus for the State of Connecticut Department of Public Health's Bioterrorism Preparedness Web Application; 2) the strategies used to ensure its readiness and appropriate utilization during a public health emergency; and 3) its use for communication and resource management by the Department of Public Health and the acute care hospitals during TOPOFF 3. The Bioterrorism Preparedness Web Application was successfully implemented and used during TOPOFF 3 to assess surge capacity and other resources. Careful development and implementation of the Web application, or any communication system, as well as training and regular practice are required to ensure effective use during a public health emergency.

CernVM WebAPI - Controlling Virtual Machines from the Web

NASA Astrophysics Data System (ADS)

Charalampidis, I.; Berzano, D.; Blomer, J.; Buncic, P.; Ganis, G.; Meusel, R.; Segal, B.

2015-12-01

Lately, there is a trend in scientific projects to look for computing resources in the volunteering community. In addition, to reduce the development effort required to port the scientific software stack to all the known platforms, the use of Virtual Machines (VMs)u is becoming increasingly popular. Unfortunately their use further complicates the software installation and operation, restricting the volunteer audience to sufficiently expert people. CernVM WebAPI is a software solution addressing this specific case in a way that opens wide new application opportunities. It offers a very simple API for setting-up, controlling and interfacing with a VM instance in the users computer, while in the same time offloading the user from all the burden of downloading, installing and configuring the hypervisor. WebAPI comes with a lightweight javascript library that guides the user through the application installation process. Malicious usage is prohibited by offering a per-domain PKI validation mechanism. In this contribution we will overview this new technology, discuss its security features and examine some test cases where it is already in use.

Middleware and Web Services for the Collaborative Information Portal of NASA's Mars Exploration Rovers Mission

NASA Technical Reports Server (NTRS)

Sinderson, Elias; Magapu, Vish; Mak, Ronald

2004-01-01

We describe the design and deployment of the middleware for the Collaborative Information Portal (CIP), a mission critical J2EE application developed for NASA's 2003 Mars Exploration Rover mission. CIP enabled mission personnel to access data and images sent back from Mars, staff and event schedules, broadcast messages and clocks displaying various Earth and Mars time zones. We developed the CIP middleware in less than two years time usins cutting-edge technologies, including EJBs, servlets, JDBC, JNDI and JMS. The middleware was designed as a collection of independent, hot-deployable web services, providing secure access to back end file systems and databases. Throughout the middleware we enabled crosscutting capabilities such as runtime service configuration, security, logging and remote monitoring. This paper presents our approach to mitigating the challenges we faced, concluding with a review of the lessons we learned from this project and noting what we'd do differently and why.

Automated generation of a World Wide Web-based data entry and check program for medical applications.

PubMed

Kiuchi, T; Kaihara, S

1997-02-01

The World Wide Web-based form is a promising method for the construction of an on-line data collection system for clinical and epidemiological research. It is, however, laborious to prepare a common gateway interface (CGI) program for each project, which the World Wide Web server needs to handle the submitted data. In medicine, it is even more laborious because the CGI program must check deficits, type, ranges, and logical errors (bad combination of data) of entered data for quality assurance as well as data length and meta-characters of the entered data to enhance the security of the server. We have extended the specification of the hypertext markup language (HTML) form to accommodate information necessary for such data checking and we have developed software named AUTOFORM for this purpose. The software automatically analyzes the extended HTML form and generates the corresponding ordinary HTML form, 'Makefile', and C source of CGI programs. The resultant CGI program checks the entered data through the HTML form, records them in a computer, and returns them to the end-user. AUTOFORM drastically reduces the burden of development of the World Wide Web-based data entry system and allows the CGI programs to be more securely and reliably prepared than had they been written from scratch.

Security Risks of Cloud Computing and Its Emergence as 5th Utility Service

NASA Astrophysics Data System (ADS)

Ahmad, Mushtaq

Cloud Computing is being projected by the major cloud services provider IT companies such as IBM, Google, Yahoo, Amazon and others as fifth utility where clients will have access for processing those applications and or software projects which need very high processing speed for compute intensive and huge data capacity for scientific, engineering research problems and also e- business and data content network applications. These services for different types of clients are provided under DASM-Direct Access Service Management based on virtualization of hardware, software and very high bandwidth Internet (Web 2.0) communication. The paper reviews these developments for Cloud Computing and Hardware/Software configuration of the cloud paradigm. The paper also examines the vital aspects of security risks projected by IT Industry experts, cloud clients. The paper also highlights the cloud provider's response to cloud security risks.

Semantic-JSON: a lightweight web service interface for Semantic Web contents integrating multiple life science databases

PubMed Central

Kobayashi, Norio; Ishii, Manabu; Takahashi, Satoshi; Mochizuki, Yoshiki; Matsushima, Akihiro; Toyoda, Tetsuro

2011-01-01

Global cloud frameworks for bioinformatics research databases become huge and heterogeneous; solutions face various diametric challenges comprising cross-integration, retrieval, security and openness. To address this, as of March 2011 organizations including RIKEN published 192 mammalian, plant and protein life sciences databases having 8.2 million data records, integrated as Linked Open or Private Data (LOD/LPD) using SciNetS.org, the Scientists' Networking System. The huge quantity of linked data this database integration framework covers is based on the Semantic Web, where researchers collaborate by managing metadata across public and private databases in a secured data space. This outstripped the data query capacity of existing interface tools like SPARQL. Actual research also requires specialized tools for data analysis using raw original data. To solve these challenges, in December 2009 we developed the lightweight Semantic-JSON interface to access each fragment of linked and raw life sciences data securely under the control of programming languages popularly used by bioinformaticians such as Perl and Ruby. Researchers successfully used the interface across 28 million semantic relationships for biological applications including genome design, sequence processing, inference over phenotype databases, full-text search indexing and human-readable contents like ontology and LOD tree viewers. Semantic-JSON services of SciNetS.org are provided at http://semanticjson.org. PMID:21632604

EZStream: Distributing Live ISS Experiment Telemetry via Internet

NASA Technical Reports Server (NTRS)

Myers, Gerry; Welch, Clara L. (Technical Monitor)

2002-01-01

This paper will present the high-level architecture and components of the current version of EZStream as well as the product direction & enhancements to be incorporated through a Phase II grant. Security will be addressed such as data encryption and user login. Remote user devices will be discussed including web browsers on PC's and displays on PDA's and smart cell phones. The interaction between EZStream and TReK will be covered as well as the eventuality of EZStream to receive and parse binary data streams directly. This makes EZStream beneficial to both the International Partners and non-NASA applications. The options of developing client-side display web pages will be addressed and the development of new tools to allow creation of display web pages by non-programmers.

Making Spatial Statistics Service Accessible On Cloud Platform

NASA Astrophysics Data System (ADS)

Mu, X.; Wu, J.; Li, T.; Zhong, Y.; Gao, X.

2014-04-01

Web service can bring together applications running on diverse platforms, users can access and share various data, information and models more effectively and conveniently from certain web service platform. Cloud computing emerges as a paradigm of Internet computing in which dynamical, scalable and often virtualized resources are provided as services. With the rampant growth of massive data and restriction of net, traditional web services platforms have some prominent problems existing in development such as calculation efficiency, maintenance cost and data security. In this paper, we offer a spatial statistics service based on Microsoft cloud. An experiment was carried out to evaluate the availability and efficiency of this service. The results show that this spatial statistics service is accessible for the public conveniently with high processing efficiency.

20 CFR 418.3230 - When will we use your subsidy inquiry as your filing date?

Code of Federal Regulations, 2010 CFR

2010-04-01

... 20 Employees' Benefits 2 2010-04-01 2010-04-01 false When will we use your subsidy inquiry as your filing date? 418.3230 Section 418.3230 Employees' Benefits SOCIAL SECURITY ADMINISTRATION MEDICARE... Web site, we will use the date of the inquiry or the date the partial Internet application was started...

20 CFR 418.3230 - When will we use your subsidy inquiry as your filing date?

Code of Federal Regulations, 2011 CFR

2011-04-01

... 20 Employees' Benefits 2 2011-04-01 2011-04-01 false When will we use your subsidy inquiry as your filing date? 418.3230 Section 418.3230 Employees' Benefits SOCIAL SECURITY ADMINISTRATION MEDICARE... Web site, we will use the date of the inquiry or the date the partial Internet application was started...

Protocol Programmability

DTIC Science & Technology

2013-12-01

First, any subproject that involved an implementation shared some implementation infrastructure with other subprojects. For example, the Plaid backend ...very same language. We followed this advice in Plaid, and we therefore implemented the compiler backend in Plaid (code generation, type checker, Æminim...programming language aimed at enforcing security properties in web and mobile applications [Nistor et al., 2013]. Wyvern therefore provides an excellent

77 FR 30021 - Agency Information Collection Activities: Application To Use the Automated Commercial Environment...

Federal Register 2010, 2011, 2012, 2013, 2014

2012-05-21

... no change to the burden hours. This document is published to obtain comments from the public and affected agencies. This information collection was previously published in the Federal Register (77 FR... ACE began in October 2003 with the launch of the ACE Secure Data Portal, a customized web page that...

Beyond grid security

NASA Astrophysics Data System (ADS)

Hoeft, B.; Epting, U.; Koenig, T.

2008-07-01

While many fields relevant to Grid security are already covered by existing working groups, their remit rarely goes beyond the scope of the Grid infrastructure itself. However, security issues pertaining to the internal set-up of compute centres have at least as much impact on Grid security. Thus, this talk will present briefly the EU ISSeG project (Integrated Site Security for Grids). In contrast to groups such as OSCT (Operational Security Coordination Team) and JSPG (Joint Security Policy Group), the purpose of ISSeG is to provide a holistic approach to security for Grid computer centres, from strategic considerations to an implementation plan and its deployment. The generalised methodology of Integrated Site Security (ISS) is based on the knowledge gained during its implementation at several sites as well as through security audits, and this will be briefly discussed. Several examples of ISS implementation tasks at the Forschungszentrum Karlsruhe will be presented, including segregation of the network for administration and maintenance and the implementation of Application Gateways. Furthermore, the web-based ISSeG training material will be introduced. This aims to offer ISS implementation guidance to other Grid installations in order to help avoid common pitfalls.

Smart Grid Information Clearinghouse (SGIC)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Rahman, Saifur

Since the Energy Independence and Security Act of 2007 was enacted, there has been a large number of websites that discusses smart grid and relevant information, including those from government, academia, industry, private sector and regulatory. These websites collect information independently. Therefore, smart grid information was quite scattered and dispersed. The objective of this work was to develop, populate, manage and maintain the public Smart Grid Information Clearinghouse (SGIC) web portal. The information in the SGIC website is comprehensive that includes smart grid information, research & development, demonstration projects, technical standards, costs & benefit analyses, business cases, legislation, policy &more » regulation, and other information on lesson learned and best practices. The content in the SGIC website is logically grouped to allow easily browse, search and sort. In addition to providing the browse and search feature, the SGIC web portal also allow users to share their smart grid information with others though our online content submission platform. The Clearinghouse web portal, therefore, serves as the first stop shop for smart grid information that collects smart grid information in a non-bias, non-promotional manner and can provide a missing link from information sources to end users and better serve users’ needs. The web portal is available at www.sgiclearinghouse.org. This report summarizes the work performed during the course of the project (September 2009 – August 2014). Section 2.0 lists SGIC Advisory Committee and User Group members. Section 3.0 discusses SGIC information architecture and web-based database application functionalities. Section 4.0 summarizes SGIC features and functionalities, including its search, browse and sort capabilities, web portal social networking, online content submission platform and security measures implemented. Section 5.0 discusses SGIC web portal contents, including smart grid 101, smart grid projects, deployment experience (i.e., use cases, lessons learned, cost-benefit analyses and business cases), in-depth information (i.e., standards, technology, cyber security, legislation, education and training and demand response), as well as international information. Section 6.0 summarizes SGIC statistics from the launch of the portal on July 07, 2010 to August 31, 2014. Section 7.0 summarizes publicly available information as a result of this work.« less

The Technical Work Plan Tracking Tool

NASA Technical Reports Server (NTRS)

Chullen, Cinda; Leighton, Adele; Weller, Richard A.; Woodfill, Jared; Parkman, William E.; Ellis, Glenn L.; Wilson, Marilyn M.

2003-01-01

The Technical Work Plan Tracking Tool is a web-based application that enables interactive communication and approval of contract requirements that pertain to the administration of the Science, Engineering, Analysis, and Test (SEAT) contract at Johnson Space Center. The implementation of the application has (1) shortened the Technical Work Plan approval process, (2) facilitated writing and documenting requirements in a performance-based environment with associated surveillance plans, (3) simplified the contractor s estimate of the cost for the required work, and (4) allowed for the contractor to document how they plan to accomplish the work. The application is accessible to over 300 designated NASA and contractor employees via two Web sites. For each employee, the application regulates access according to the employee s authority to enter, view, and/or print out diverse information, including reports, work plans, purchase orders, and financial data. Advanced features of this application include on-line approval capability, automatic e-mail notifications requesting review by subsequent approvers, and security inside and outside the firewall.

Marketing and reputation aspects of neonatal safeguards and hospital-security systems.

PubMed

Smith, Alan D

2009-01-01

Technological advancements have migrated from personal-use electronics into the healthcare setting for security enhancements. Within maternity wards and nurseries, technology was seen as one of best way to protect newborns from abduction. The present study is a focus on what systems and methods are used in neonatal security, the security arrangements, staff training, and impacts outside the control of the hospital, customer satisfaction and customer relations management. Through hypothesis-testing and exploratory analysis, gender biases and extremely high levels of security were found within a web-enabled and professional sample of 200 respondents. The factor-based constructs were found to be, in order of the greatest explained variance: security concerns, personal technology usage, work technology applications, and demographic maturity concerns, resulting in four factor-based scores with significant combined variance of 61.5%. It was found that through a better understanding on the importance and vital need for hospitals to continue to improve on their technology-based security policies significantly enhanced their reputation in the highly competitive local healthcare industry.

Tethys: A Platform for Water Resources Modeling and Decision Support Apps

NASA Astrophysics Data System (ADS)

Nelson, J.; Swain, N. R.

2015-12-01

The interactive nature of web applications or "web apps" makes it an excellent medium for conveying complex scientific concepts to lay audiences and creating decision support tools that harness cutting edge modeling techniques. However, the technical expertise required to develop web apps represents a barrier for would-be developers. This barrier can be characterized by the following hurdles that developers must overcome: (1) identify, select, and install software that meet the spatial and computational capabilities commonly required for water resources modeling; (2) orchestrate the use of multiple free and open source (FOSS) projects and navigate their differing application programming interfaces; (3) learn the multi-language programming skills required for modern web development; and (4) develop a web-secure and fully featured web portal to host the app. Tethys Platform has been developed to lower the technical barrier and minimize the initial development investment that prohibits many scientists and engineers from making use of the web app medium. It includes (1) a suite of FOSS that address the unique data and computational needs common to water resources web app development, (2) a Python software development kit that streamlines development, and (3) a customizable web portal that is used to deploy the completed web apps. Tethys synthesizes several software projects including PostGIS, 52°North WPS, GeoServer, Google Maps™, OpenLayers, and Highcharts. It has been used to develop a broad array of web apps for water resources modeling and decision support for several projects including CI-WATER, HydroShare, and the National Flood Interoperability Experiment. The presentation will include live demos of some of the apps that have been developed using Tethys to demonstrate its capabilities.

Server-Based and Server-Less Byod Solutions to Support Electronic Learning

DTIC Science & Technology

2016-06-01

Knowledge Online NSD National Security Directive OS operating system OWA Outlook Web Access PC personal computer PED personal electronic device PDA...mobile devices, institute mobile device policies and standards, and promote the development and use of DOD mobile and web -enabled applications” (DOD...with an isolated BYOD web server, properly educated system administrators must carry out and execute the necessary, pre-defined network security

Virtualization of open-source secure web services to support data exchange in a pediatric critical care research network.

PubMed

Frey, Lewis J; Sward, Katherine A; Newth, Christopher J L; Khemani, Robinder G; Cryer, Martin E; Thelen, Julie L; Enriquez, Rene; Shaoyu, Su; Pollack, Murray M; Harrison, Rick E; Meert, Kathleen L; Berg, Robert A; Wessel, David L; Shanley, Thomas P; Dalton, Heidi; Carcillo, Joseph; Jenkins, Tammara L; Dean, J Michael

2015-11-01

To examine the feasibility of deploying a virtual web service for sharing data within a research network, and to evaluate the impact on data consistency and quality. Virtual machines (VMs) encapsulated an open-source, semantically and syntactically interoperable secure web service infrastructure along with a shadow database. The VMs were deployed to 8 Collaborative Pediatric Critical Care Research Network Clinical Centers. Virtual web services could be deployed in hours. The interoperability of the web services reduced format misalignment from 56% to 1% and demonstrated that 99% of the data consistently transferred using the data dictionary and 1% needed human curation. Use of virtualized open-source secure web service technology could enable direct electronic abstraction of data from hospital databases for research purposes. © The Author 2015. Published by Oxford University Press on behalf of the American Medical Informatics Association. All rights reserved. For Permissions, please email: journals.permissions@oup.com.

An object-oriented approach to deploying highly configurable Web interfaces for the ATLAS experiment

NASA Astrophysics Data System (ADS)

Lange, Bruno; Maidantchik, Carmen; Pommes, Kathy; Pavani, Varlen; Arosa, Breno; Abreu, Igor

2015-12-01

The ATLAS Technical Coordination disposes of 17 Web systems to support its operation. These applications, whilst ranging from managing the process of publishing scientific papers to monitoring radiation levels in the equipment in the experimental cavern, are constantly prone to changes in requirements due to the collaborative nature of the experiment and its management. In this context, a Web framework is proposed to unify the generation of the supporting interfaces. FENCE assembles classes to build applications by making extensive use of JSON configuration files. It relies heavily on Glance, a technology that was set forth in 2003 to create an abstraction layer on top of the heterogeneous sources that store the technical coordination data. Once Glance maps out the database modeling, records can be referenced in the configuration files by wrapping unique identifiers around double enclosing brackets. The deployed content can be individually secured by attaching clearance attributes to their description thus ensuring that view/edit privileges are granted to eligible users only. The framework also provides tools for securely writing into a database. Fully HTML5-compliant multi-step forms can be generated from their JSON description to assure that the submitted data comply with a series of constraints. Input validation is carried out primarily on the server- side but, following progressive enhancement guidelines, verification might also be performed on the client-side by enabling specific markup data attributes which are then handed over to the jQuery validation plug-in. User monitoring is accomplished by thoroughly logging user requests along with any POST data. Documentation is built from the source code using the phpDocumentor tool and made readily available for developers online. Fence, therefore, speeds up the implementation of Web interfaces and reduces the response time to requirement changes by minimizing maintenance overhead.

Enhancing the AliEn Web Service Authentication

NASA Astrophysics Data System (ADS)

Zhu, Jianlin; Saiz, Pablo; Carminati, Federico; Betev, Latchezar; Zhou, Daicui; Mendez Lorenzo, Patricia; Grigoras, Alina Gabriela; Grigoras, Costin; Furano, Fabrizio; Schreiner, Steffen; Vladimirovna Datskova, Olga; Sankar Banerjee, Subho; Zhang, Guoping

2011-12-01

Web Services are an XML based technology that allow applications to communicate with each other across disparate systems. Web Services are becoming the de facto standard that enable inter operability between heterogeneous processes and systems. AliEn2 is a grid environment based on web services. The AliEn2 services can be divided in three categories: Central services, deployed once per organization; Site services, deployed on each of the participating centers; Job Agents running on the worker nodes automatically. A security model to protect these services is essential for the whole system. Current implementations of web server, such as Apache, are not suitable to be used within the grid environment. Apache with the mod_ssl and OpenSSL only supports the X.509 certificates. But in the grid environment, the common credential is the proxy certificate for the purpose of providing restricted proxy and delegation. An Authentication framework was taken for AliEn2 web services to add the ability to accept X.509 certificates and proxy certificates from client-side to Apache Web Server. The authentication framework could also allow the generation of access control policies to limit access to the AliEn2 web services.

Safe and Secure Services Based on NGN

NASA Astrophysics Data System (ADS)

Fukazawa, Tomoo; Nisase, Takemi; Kawashima, Masahisa; Hariu, Takeo; Oshima, Yoshihito

Next Generation Network (NGN), which has been undergoing standardization as it has developed, is expected to create new services that converge the fixed and mobile networks. This paper introduces the basic requirements for NGN in terms of security and explains the standardization activities, in particular, the requirements for the security function described in Y.2701 discussed in ITU-T SG-13. In addition to the basic NGN security function, requirements for NGN authentication are also described from three aspects: security, deployability, and service. As examples of authentication implementation, three profiles-namely, fixed, nomadic, and mobile-are defined in this paper. That is, the “fixed profile” is typically for fixed-line subscribers, the “nomadic profile” basically utilizes WiFi access points, and the “mobile profile” provides ideal NGN mobility for mobile subscribers. All three of these profiles satisfy the requirements from security aspects. The three profiles are compared from the viewpoint of requirements for deployability and service. After showing that none of the three profiles can fulfill all of the requirements, we propose that multiple profiles should be used by NGN providers. As service and application examples, two promising NGN applications are proposed. The first is a strong authentication mechanism that makes Web applications more safe and secure even against password theft. It is based on NGN ID federation function. The second provides an easy peer-to-peer broadband virtual private network service aimed at safe and secure communication for personal/SOHO (small office, home office) users, based on NGN SIP (session initiation protocol) session control.

Reliability Information Analysis Center 1st Quarter 2007, Technical Area Task (TAT) Report

DTIC Science & Technology

2007-02-05

34* Created new SQL server database for "PC Configuration" web application. Added roles for security closed 4235 and posted application to production. "e Wrote...and ran SQL Server scripts to migrate production databases to new server . "e Created backup jobs for new SQL Server databases. "* Continued...second phase of the TENA demo. Extensive tasking was established and assigned. A TENA interface to EW Server was reaffirmed after some uncertainty about

Synchronisation of chaos and its applications

NASA Astrophysics Data System (ADS)

Eroglu, Deniz; Lamb, Jeroen S. W.; Pereira, Tiago

2017-07-01

Dynamical networks are important models for the behaviour of complex systems, modelling physical, biological and societal systems, including the brain, food webs, epidemic disease in populations, power grids and many other. Such dynamical networks can exhibit behaviour in which deterministic chaos, exhibiting unpredictability and disorder, coexists with synchronisation, a classical paradigm of order. We survey the main theory behind complete, generalised and phase synchronisation phenomena in simple as well as complex networks and discuss applications to secure communications, parameter estimation and the anticipation of chaos.

Using secure web services to visualize poison center data for nationwide biosurveillance: a case study.

PubMed

Savel, Thomas G; Bronstein, Alvin; Duck, William; Rhodes, M Barry; Lee, Brian; Stinn, John; Worthen, Katherine

2010-01-01

Real-time surveillance systems are valuable for timely response to public health emergencies. It has been challenging to leverage existing surveillance systems in state and local communities, and, using a centralized architecture, add new data sources and analytical capacity. Because this centralized model has proven to be difficult to maintain and enhance, the US Centers for Disease Control and Prevention (CDC) has been examining the ability to use a federated model based on secure web services architecture, with data stewardship remaining with the data provider. As a case study for this approach, the American Association of Poison Control Centers and the CDC extended an existing data warehouse via a secure web service, and shared aggregate clinical effects and case counts data by geographic region and time period. To visualize these data, CDC developed a web browser-based interface, Quicksilver, which leveraged the Google Maps API and Flot, a javascript plotting library. Two iterations of the NPDS web service were completed in 12 weeks. The visualization client, Quicksilver, was developed in four months. This implementation of web services combined with a visualization client represents incremental positive progress in transitioning national data sources like BioSense and NPDS to a federated data exchange model. Quicksilver effectively demonstrates how the use of secure web services in conjunction with a lightweight, rapidly deployed visualization client can easily integrate isolated data sources for biosurveillance.

Type-Based Access Control in Data-Centric Systems

NASA Astrophysics Data System (ADS)

Caires, Luís; Pérez, Jorge A.; Seco, João Costa; Vieira, Hugo Torres; Ferrão, Lúcio

Data-centric multi-user systems, such as web applications, require flexible yet fine-grained data security mechanisms. Such mechanisms are usually enforced by a specially crafted security layer, which adds extra complexity and often leads to error prone coding, easily causing severe security breaches. In this paper, we introduce a programming language approach for enforcing access control policies to data in data-centric programs by static typing. Our development is based on the general concept of refinement type, but extended so as to address realistic and challenging scenarios of permission-based data security, in which policies dynamically depend on the database state, and flexible combinations of column- and row-level protection of data are necessary. We state and prove soundness and safety of our type system, stating that well-typed programs never break the declared data access control policies.

Insecurity on the Net.

ERIC Educational Resources Information Center

Brandt, D. Scott

1998-01-01

Examines Internet security risks and how users can protect themselves. Discusses inadvertent bugs in software; programming problems with Common Gateway Interface (CGI); viruses; tracking of Web users; and preventing access to selected Web pages and filtering software. A glossary of Internet security-related terms is included. (AEF)

Automatic public access to documents and maps stored on and internal secure system.

NASA Astrophysics Data System (ADS)

Trench, James; Carter, Mary

2013-04-01

The Geological Survey of Ireland operates a Document Management System for providing documents and maps stored internally in high resolution and in a high level secure environment, to an external service where the documents are automatically presented in a lower resolution to members of the public. Security is devised through roles and Individual Users where role level and folder level can be set. The application is an electronic document/data management (EDM) system which has a Geographical Information System (GIS) component integrated to allow users to query an interactive map of Ireland for data that relates to a particular area of interest. The data stored in the database consists of Bedrock Field Sheets, Bedrock Notebooks, Bedrock Maps, Geophysical Surveys, Geotechnical Maps & Reports, Groundwater, GSI Publications, Marine, Mine Records, Mineral Localities, Open File, Quaternary and Unpublished Reports. The Konfig application Tool is both an internal and public facing application. It acts as a tool for high resolution data entry which are stored in a high resolution vault. The public facing application is a mirror of the internal application and differs only in that the application furnishes high resolution data into low resolution format which is stored in a low resolution vault thus, making the data web friendly to the end user for download.

Computer-aided diagnosis workstation and teleradiology network system for chest diagnosis using the web medical image conference system with a new information security solution

NASA Astrophysics Data System (ADS)

Satoh, Hitoshi; Niki, Noboru; Eguchi, Kenji; Ohmatsu, Hironobu; Kaneko, Masahiro; Kakinuma, Ryutaro; Moriyama, Noriyuki

2010-03-01

Diagnostic MDCT imaging requires a considerable number of images to be read. Moreover, the doctor who diagnoses a medical image is insufficient in Japan. Because of such a background, we have provided diagnostic assistance methods to medical screening specialists by developing a lung cancer screening algorithm that automatically detects suspected lung cancers in helical CT images, a coronary artery calcification screening algorithm that automatically detects suspected coronary artery calcification and a vertebra body analysis algorithm for quantitative evaluation of osteoporosis. We also have developed the teleradiology network system by using web medical image conference system. In the teleradiology network system, the security of information network is very important subjects. Our teleradiology network system can perform Web medical image conference in the medical institutions of a remote place using the web medical image conference system. We completed the basic proof experiment of the web medical image conference system with information security solution. We can share the screen of web medical image conference system from two or more web conference terminals at the same time. An opinion can be exchanged mutually by using a camera and a microphone that are connected with the workstation that builds in some diagnostic assistance methods. Biometric face authentication used on site of teleradiology makes "Encryption of file" and "Success in login" effective. Our Privacy and information security technology of information security solution ensures compliance with Japanese regulations. As a result, patients' private information is protected. Based on these diagnostic assistance methods, we have developed a new computer-aided workstation and a new teleradiology network that can display suspected lesions three-dimensionally in a short time. The results of this study indicate that our radiological information system without film by using computer-aided diagnosis workstation and our teleradiology network system can increase diagnostic speed, diagnostic accuracy and security improvement of medical information.

A New Cloud Architecture of Virtual Trusted Platform Modules

NASA Astrophysics Data System (ADS)

Liu, Dongxi; Lee, Jack; Jang, Julian; Nepal, Surya; Zic, John

We propose and implement a cloud architecture of virtual Trusted Platform Modules (TPMs) to improve the usability of TPMs. In this architecture, virtual TPMs can be obtained from the TPM cloud on demand. Hence, the TPM functionality is available for applications that do not have physical TPMs in their local platforms. Moreover, the TPM cloud allows users to access their keys and data in the same virtual TPM even if they move to untrusted platforms. The TPM cloud is easy to access for applications in different languages since cloud computing delivers services in standard protocols. The functionality of the TPM cloud is demonstrated by applying it to implement the Needham-Schroeder public-key protocol for web authentications, such that the strong security provided by TPMs is integrated into high level applications. The chain of trust based on the TPM cloud is discussed and the security properties of the virtual TPMs in the cloud is analyzed.

Using a Java Web-based Graphical User Interface to access the SOHO Data Arch ive

NASA Astrophysics Data System (ADS)

Scholl, I.; Girard, Y.; Bykowski, A.

This paper presents the architecture of a Java web-based graphical interface dedicated to the access of the SOHO Data archive. This application allows local and remote users to search in the SOHO data catalog and retrieve the SOHO data files from the archive. It has been developed at MEDOC (Multi-Experiment Data and Operations Centre), located at the Institut d'Astrophysique Spatiale (Orsay, France), which is one of the European Archives for the SOHO data. This development is part of a joint effort between ESA, NASA and IAS in order to implement long term archive systems for the SOHO data. The software architecture is built as a client-server application using Java language and SQL above a set of components such as an HTTP server, a JDBC gateway, a RDBMS server, a data server and a Web browser. Since HTML pages and CGI scripts are not powerful enough to allow user interaction during a multi-instrument catalog search, this type of requirement enforces the choice of Java as the main language. We also discuss performance issues, security problems and portability on different Web browsers and operating syste ms.

Hydrogeologic applications for historical records and images from rock samples collected at the Nevada National Security Site and vicinity, Nye County, Nevada - A supplement to Data Series 297

USGS Publications Warehouse

Wood, David B.

2018-03-14

Rock samples have been collected, analyzed, and interpreted from drilling and mining operations at the Nevada National Security Site for over one-half of a century. Records containing geologic and hydrologic analyses and interpretations have been compiled into a series of databases. Rock samples have been photographed and thin sections scanned. Records and images are preserved and available for public viewing and downloading at the U.S. Geological Survey ScienceBase, Mercury Core Library and Data Center Web site at https://www.sciencebase.gov/mercury/ and documented in U.S. Geological Survey Data Series 297. Example applications of these data and images are provided in this report.

Using Secure Web Services to Visualize Poison Center Data for Nationwide Biosurveillance: A Case Study

PubMed Central

Savel, Thomas G; Bronstein, Alvin; Duck, William; Rhodes, M. Barry; Lee, Brian; Stinn, John; Worthen, Katherine

2010-01-01

Objectives Real-time surveillance systems are valuable for timely response to public health emergencies. It has been challenging to leverage existing surveillance systems in state and local communities, and, using a centralized architecture, add new data sources and analytical capacity. Because this centralized model has proven to be difficult to maintain and enhance, the US Centers for Disease Control and Prevention (CDC) has been examining the ability to use a federated model based on secure web services architecture, with data stewardship remaining with the data provider. Methods As a case study for this approach, the American Association of Poison Control Centers and the CDC extended an existing data warehouse via a secure web service, and shared aggregate clinical effects and case counts data by geographic region and time period. To visualize these data, CDC developed a web browser-based interface, Quicksilver, which leveraged the Google Maps API and Flot, a javascript plotting library. Results Two iterations of the NPDS web service were completed in 12 weeks. The visualization client, Quicksilver, was developed in four months. Discussion This implementation of web services combined with a visualization client represents incremental positive progress in transitioning national data sources like BioSense and NPDS to a federated data exchange model. Conclusion Quicksilver effectively demonstrates how the use of secure web services in conjunction with a lightweight, rapidly deployed visualization client can easily integrate isolated data sources for biosurveillance. PMID:23569581

Globus | Informatics Technology for Cancer Research (ITCR)

Cancer.gov

Globus software services provide secure cancer research data transfer, synchronization, and sharing in distributed environments at large scale. These services can be integrated into applications and research data gateways, leveraging Globus identity management, single sign-on, search, and authorization capabilities. Globus Genomics integrates Globus with the Galaxy genomics workflow engine and Amazon Web Services to enable cancer genomics analysis that can elastically scale compute resources with demand.

Networking and Information Technology Research and Development. Supplement to the President’s Budget for FY 2002

DTIC Science & Technology

2001-07-01

Web-based applications to improve health data systems and quality of care; innovative strategies for data collection in clinical settings; approaches...research to increase interoperability and integration of software in distributed systems ; protocols and tools for data annotation and management; and...Generation National Defense and National Security Systems .......................... 27 Improved Health Care Systems for All Citizens

48 CFR 52.222-54 - Employment Eligibility Verification.

Code of Federal Regulations, 2011 CFR

2011-10-01

...) or the Social Security Administration (SSA) may terminate the Contractor's MOU and deny access to the... determines not to suspend or debar the Contractor, then the Contractor must reenroll in E-Verify. (c) Web... at the Department of Homeland Security Web site: http://www.dhs.gov/E-Verify. (d) Individuals...

48 CFR 52.222-54 - Employment Eligibility Verification.

Code of Federal Regulations, 2010 CFR

2010-10-01

...) or the Social Security Administration (SSA) may terminate the Contractor's MOU and deny access to the... determines not to suspend or debar the Contractor, then the Contractor must reenroll in E-Verify. (c) Web... at the Department of Homeland Security Web site: http://www.dhs.gov/E-Verify. (d) Individuals...

49 CFR 393.102 - What are the minimum performance criteria for cargo securement devices and systems?

Code of Federal Regulations, 2012 CFR

2012-10-01

... chains, wire rope, steel strapping, synthetic webbing, and cordage) and other attachment or fastening..., steel strapping, synthetic webbing, and cordage) and other attachment or fastening devices used to... contained within the structure of the vehicle. Securement systems must provide a downward force equivalent...

49 CFR 393.102 - What are the minimum performance criteria for cargo securement devices and systems?

Code of Federal Regulations, 2014 CFR

2014-10-01

... chains, wire rope, steel strapping, synthetic webbing, and cordage) and other attachment or fastening..., steel strapping, synthetic webbing, and cordage) and other attachment or fastening devices used to... contained within the structure of the vehicle. Securement systems must provide a downward force equivalent...

49 CFR 393.102 - What are the minimum performance criteria for cargo securement devices and systems?

Code of Federal Regulations, 2013 CFR

2013-10-01

... chains, wire rope, steel strapping, synthetic webbing, and cordage) and other attachment or fastening..., steel strapping, synthetic webbing, and cordage) and other attachment or fastening devices used to... contained within the structure of the vehicle. Securement systems must provide a downward force equivalent...

IT Security: Target: The Web

ERIC Educational Resources Information Center

Waters, John K.

2009-01-01

In December, Microsoft announced a major security flaw affecting its Internet Explorer web browser. The flaw allowed hackers to use hidden computer code they had already injected into legitimate websites to steal the passwords of visitors to those sites. Reportedly, more than 10,000 websites were infected with the destructive code by the time…

Grid Enabled Geospatial Catalogue Web Service

NASA Technical Reports Server (NTRS)

Chen, Ai-Jun; Di, Li-Ping; Wei, Ya-Xing; Liu, Yang; Bui, Yu-Qi; Hu, Chau-Min; Mehrotra, Piyush

2004-01-01

Geospatial Catalogue Web Service is a vital service for sharing and interoperating volumes of distributed heterogeneous geospatial resources, such as data, services, applications, and their replicas over the web. Based on the Grid technology and the Open Geospatial Consortium (0GC) s Catalogue Service - Web Information Model, this paper proposes a new information model for Geospatial Catalogue Web Service, named as GCWS which can securely provides Grid-based publishing, managing and querying geospatial data and services, and the transparent access to the replica data and related services under the Grid environment. This information model integrates the information model of the Grid Replica Location Service (RLS)/Monitoring & Discovery Service (MDS) with the information model of OGC Catalogue Service (CSW), and refers to the geospatial data metadata standards from IS0 19115, FGDC and NASA EOS Core System and service metadata standards from IS0 191 19 to extend itself for expressing geospatial resources. Using GCWS, any valid geospatial user, who belongs to an authorized Virtual Organization (VO), can securely publish and manage geospatial resources, especially query on-demand data in the virtual community and get back it through the data-related services which provide functions such as subsetting, reformatting, reprojection etc. This work facilitates the geospatial resources sharing and interoperating under the Grid environment, and implements geospatial resources Grid enabled and Grid technologies geospatial enabled. It 2!so makes researcher to focus on science, 2nd not cn issues with computing ability, data locztic, processir,g and management. GCWS also is a key component for workflow-based virtual geospatial data producing.

LigoDV-web: Providing easy, secure and universal access to a large distributed scientific data store for the LIGO scientific collaboration

NASA Astrophysics Data System (ADS)

Areeda, J. S.; Smith, J. R.; Lundgren, A. P.; Maros, E.; Macleod, D. M.; Zweizig, J.

2017-01-01

Gravitational-wave observatories around the world, including the Laser Interferometer Gravitational-Wave Observatory (LIGO), record a large volume of gravitational-wave output data and auxiliary data about the instruments and their environments. These data are stored at the observatory sites and distributed to computing clusters for data analysis. LigoDV-web is a web-based data viewer that provides access to data recorded at the LIGO Hanford, LIGO Livingston and GEO600 observatories, and the 40 m prototype interferometer at Caltech. The challenge addressed by this project is to provide meaningful visualizations of small data sets to anyone in the collaboration in a fast, secure and reliable manner with minimal software, hardware and training required of the end users. LigoDV-web is implemented as a Java Enterprise Application, with Shibboleth Single Sign On for authentication and authorization, and a proprietary network protocol used for data access on the back end. Collaboration members with proper credentials can request data be displayed in any of several general formats from any Internet appliance that supports a modern browser with Javascript and minimal HTML5 support, including personal computers, smartphones, and tablets. Since its inception in 2012, 634 unique users have visited the LigoDV-web website in a total of 33 , 861 sessions and generated a total of 139 , 875 plots. This infrastructure has been helpful in many analyses within the collaboration including follow-up of the data surrounding the first gravitational-wave events observed by LIGO in 2015.

LightWAVE: Waveform and Annotation Viewing and Editing in a Web Browser.

PubMed

Moody, George B

2013-09-01

This paper describes LightWAVE, recently-developed open-source software for viewing ECGs and other physiologic waveforms and associated annotations (event markers). It supports efficient interactive creation and modification of annotations, capabilities that are essential for building new collections of physiologic signals and time series for research. LightWAVE is constructed of components that interact in simple ways, making it straightforward to enhance or replace any of them. The back end (server) is a common gateway interface (CGI) application written in C for speed and efficiency. It retrieves data from its data repository (PhysioNet's open-access PhysioBank archives by default, or any set of files or web pages structured as in PhysioBank) and delivers them in response to requests generated by the front end. The front end (client) is a web application written in JavaScript. It runs within any modern web browser and does not require installation on the user's computer, tablet, or phone. Finally, LightWAVE's scribe is a tiny CGI application written in Perl, which records the user's edits in annotation files. LightWAVE's data repository, back end, and front end can be located on the same computer or on separate computers. The data repository may be split across multiple computers. For compatibility with the standard browser security model, the front end and the scribe must be loaded from the same domain.

Trusted computing strengthens cloud authentication.

PubMed

Ghazizadeh, Eghbal; Zamani, Mazdak; Ab Manan, Jamalul-lail; Alizadeh, Mojtaba

2014-01-01

Cloud computing is a new generation of technology which is designed to provide the commercial necessities, solve the IT management issues, and run the appropriate applications. Another entry on the list of cloud functions which has been handled internally is Identity Access Management (IAM). Companies encounter IAM as security challenges while adopting more technologies became apparent. Trust Multi-tenancy and trusted computing based on a Trusted Platform Module (TPM) are great technologies for solving the trust and security concerns in the cloud identity environment. Single sign-on (SSO) and OpenID have been released to solve security and privacy problems for cloud identity. This paper proposes the use of trusted computing, Federated Identity Management, and OpenID Web SSO to solve identity theft in the cloud. Besides, this proposed model has been simulated in .Net environment. Security analyzing, simulation, and BLP confidential model are three ways to evaluate and analyze our proposed model.

Trusted Computing Strengthens Cloud Authentication

PubMed Central

2014-01-01

Cloud computing is a new generation of technology which is designed to provide the commercial necessities, solve the IT management issues, and run the appropriate applications. Another entry on the list of cloud functions which has been handled internally is Identity Access Management (IAM). Companies encounter IAM as security challenges while adopting more technologies became apparent. Trust Multi-tenancy and trusted computing based on a Trusted Platform Module (TPM) are great technologies for solving the trust and security concerns in the cloud identity environment. Single sign-on (SSO) and OpenID have been released to solve security and privacy problems for cloud identity. This paper proposes the use of trusted computing, Federated Identity Management, and OpenID Web SSO to solve identity theft in the cloud. Besides, this proposed model has been simulated in .Net environment. Security analyzing, simulation, and BLP confidential model are three ways to evaluate and analyze our proposed model. PMID:24701149

Dcs Data Viewer, an Application that Accesses ATLAS DCS Historical Data

NASA Astrophysics Data System (ADS)

Tsarouchas, C.; Schlenker, S.; Dimitrov, G.; Jahn, G.

2014-06-01

The ATLAS experiment at CERN is one of the four Large Hadron Collider experiments. The Detector Control System (DCS) of ATLAS is responsible for the supervision of the detector equipment, the reading of operational parameters, the propagation of the alarms and the archiving of important operational data in a relational database (DB). DCS Data Viewer (DDV) is an application that provides access to the ATLAS DCS historical data through a web interface. Its design is structured using a client-server architecture. The pythonic server connects to the DB and fetches the data by using optimized SQL requests. It communicates with the outside world, by accepting HTTP requests and it can be used stand alone. The client is an AJAX (Asynchronous JavaScript and XML) interactive web application developed under the Google Web Toolkit (GWT) framework. Its web interface is user friendly, platform and browser independent. The selection of metadata is done via a column-tree view or with a powerful search engine. The final visualization of the data is done using java applets or java script applications as plugins. The default output is a value-over-time chart, but other types of outputs like tables, ascii or ROOT files are supported too. Excessive access or malicious use of the database is prevented by a dedicated protection mechanism, allowing the exposure of the tool to hundreds of inexperienced users. The current configuration of the client and of the outputs can be saved in an XML file. Protection against web security attacks is foreseen and authentication constrains have been taken into account, allowing the exposure of the tool to hundreds of users world wide. Due to its flexible interface and its generic and modular approach, DDV could be easily used for other experiment control systems.

Evolution of System Architectures: Where Do We Need to Fail Next?

NASA Astrophysics Data System (ADS)

Bermudez, Luis; Alameh, Nadine; Percivall, George

2013-04-01

Innovation requires testing and failing. Thomas Edison was right when he said "I have not failed. I've just found 10,000 ways that won't work". For innovation and improvement of standards to happen, service Architectures have to be tested and tested. Within the Open Geospatial Consortium (OGC), testing of service architectures has occurred for the last 15 years. This talk will present an evolution of these service architectures and a possible future path. OGC is a global forum for the collaboration of developers and users of spatial data products and services, and for the advancement and development of international standards for geospatial interoperability. The OGC Interoperability Program is a series of hands-on, fast paced, engineering initiatives to accelerate the development and acceptance of OGC standards. Each initiative is organized in threads that provide focus under a particular theme. The first testbed, OGC Web Services phase 1, completed in 2003 had four threads: Common Architecture, Web Mapping, Sensor Web and Web Imagery Enablement. The Common Architecture was a cross-thread theme, to ensure that the Web Mapping and Sensor Web experiments built on a base common architecture. The architecture was based on the three main SOA components: Broker, Requestor and Provider. It proposed a general service model defining service interactions and dependencies; categorization of service types; registries to allow discovery and access of services; data models and encodings; and common services (WMS, WFS, WCS). For the latter, there was a clear distinction on the different services: Data Services (e.g. WMS), Application services (e.g. Coordinate transformation) and server-side client applications (e.g. image exploitation). The latest testbed, OGC Web Service phase 9, completed in 2012 had 5 threads: Aviation, Cross-Community Interoperability (CCI), Security and Services Interoperability (SSI), OWS Innovations and Compliance & Interoperability Testing & Evaluation (CITE). Compared to the first testbed, OWS-9 did not have a separate common architecture thread. Instead the emphasis was on brokering information models, securing them and making data available efficiently on mobile devices. The outcome is an architecture based on usability and non-intrusiveness while leveraging mediation of information models from different communities. This talk will use lessons learned from the evolution from OGC Testbed phase 1 to phase 9 to better understand how global and complex infrastructures evolve to support many communities including the Earth System Science Community.

Molecule database framework: a framework for creating database applications with chemical structure search capability

PubMed Central

2013-01-01

Background Research in organic chemistry generates samples of novel chemicals together with their properties and other related data. The involved scientists must be able to store this data and search it by chemical structure. There are commercial solutions for common needs like chemical registration systems or electronic lab notebooks. However for specific requirements of in-house databases and processes no such solutions exist. Another issue is that commercial solutions have the risk of vendor lock-in and may require an expensive license of a proprietary relational database management system. To speed up and simplify the development for applications that require chemical structure search capabilities, I have developed Molecule Database Framework. The framework abstracts the storing and searching of chemical structures into method calls. Therefore software developers do not require extensive knowledge about chemistry and the underlying database cartridge. This decreases application development time. Results Molecule Database Framework is written in Java and I created it by integrating existing free and open-source tools and frameworks. The core functionality includes: • Support for multi-component compounds (mixtures) • Import and export of SD-files • Optional security (authorization) For chemical structure searching Molecule Database Framework leverages the capabilities of the Bingo Cartridge for PostgreSQL and provides type-safe searching, caching, transactions and optional method level security. Molecule Database Framework supports multi-component chemical compounds (mixtures). Furthermore the design of entity classes and the reasoning behind it are explained. By means of a simple web application I describe how the framework could be used. I then benchmarked this example application to create some basic performance expectations for chemical structure searches and import and export of SD-files. Conclusions By using a simple web application it was shown that Molecule Database Framework successfully abstracts chemical structure searches and SD-File import and export to simple method calls. The framework offers good search performance on a standard laptop without any database tuning. This is also due to the fact that chemical structure searches are paged and cached. Molecule Database Framework is available for download on the projects web page on bitbucket: https://bitbucket.org/kienerj/moleculedatabaseframework. PMID:24325762

Molecule database framework: a framework for creating database applications with chemical structure search capability.

PubMed

Kiener, Joos

2013-12-11

Research in organic chemistry generates samples of novel chemicals together with their properties and other related data. The involved scientists must be able to store this data and search it by chemical structure. There are commercial solutions for common needs like chemical registration systems or electronic lab notebooks. However for specific requirements of in-house databases and processes no such solutions exist. Another issue is that commercial solutions have the risk of vendor lock-in and may require an expensive license of a proprietary relational database management system. To speed up and simplify the development for applications that require chemical structure search capabilities, I have developed Molecule Database Framework. The framework abstracts the storing and searching of chemical structures into method calls. Therefore software developers do not require extensive knowledge about chemistry and the underlying database cartridge. This decreases application development time. Molecule Database Framework is written in Java and I created it by integrating existing free and open-source tools and frameworks. The core functionality includes:•Support for multi-component compounds (mixtures)•Import and export of SD-files•Optional security (authorization)For chemical structure searching Molecule Database Framework leverages the capabilities of the Bingo Cartridge for PostgreSQL and provides type-safe searching, caching, transactions and optional method level security. Molecule Database Framework supports multi-component chemical compounds (mixtures).Furthermore the design of entity classes and the reasoning behind it are explained. By means of a simple web application I describe how the framework could be used. I then benchmarked this example application to create some basic performance expectations for chemical structure searches and import and export of SD-files. By using a simple web application it was shown that Molecule Database Framework successfully abstracts chemical structure searches and SD-File import and export to simple method calls. The framework offers good search performance on a standard laptop without any database tuning. This is also due to the fact that chemical structure searches are paged and cached. Molecule Database Framework is available for download on the projects web page on bitbucket: https://bitbucket.org/kienerj/moleculedatabaseframework.

Empirical analysis of the effects of cyber security incidents.

PubMed

Davis, Ginger; Garcia, Alfredo; Zhang, Weide

2009-09-01

We analyze the time series associated with web traffic for a representative set of online businesses that have suffered widely reported cyber security incidents. Our working hypothesis is that cyber security incidents may prompt (security conscious) online customers to opt out and conduct their business elsewhere or, at the very least, to refrain from accessing online services. For companies relying almost exclusively on online channels, this presents an important business risk. We test for structural changes in these time series that may have been caused by these cyber security incidents. Our results consistently indicate that cyber security incidents do not affect the structure of web traffic for the set of online businesses studied. We discuss various public policy considerations stemming from our analysis.

Internet Roadside Cafe #6. [Videotape.

ERIC Educational Resources Information Center

American Library Association Video/Library Video Network, Towson, MD.

This 30-minute videotape takes an in-depth look at World Wide Web business transactions, potential risks, client privacy and security issues by asking businesses and consumers how they do business on the Internet. Also featured in the program is advice about choosing a secure password, the use of credit cards for Web purchasing and a review of…

Weaving a Secure Web around Education: A Guide to Technology Standards and Security.

ERIC Educational Resources Information Center

National Forum on Education Statistics (ED/OERI), Washington, DC.

The purpose of this guidebook is to assist education agencies and organizations--which include state education agencies or state departments of education, school districts, and schools--in the development, maintenance, and standardization of effective Web sites. Also included is a detailed examination of the procedures necessary to provide…

"Just Another Tool for Online Studies” (JATOS): An Easy Solution for Setup and Management of Web Servers Supporting Online Studies

PubMed Central

Lange, Kristian; Kühn, Simone; Filevich, Elisa

2015-01-01

We present here “Just Another Tool for Online Studies” (JATOS): an open source, cross-platform web application with a graphical user interface (GUI) that greatly simplifies setting up and communicating with a web server to host online studies that are written in JavaScript. JATOS is easy to install in all three major platforms (Microsoft Windows, Mac OS X, and Linux), and seamlessly pairs with a database for secure data storage. It can be installed on a server or locally, allowing researchers to try the application and feasibility of their studies within a browser environment, before engaging in setting up a server. All communication with the JATOS server takes place via a GUI (with no need to use a command line interface), making JATOS an especially accessible tool for researchers without a strong IT background. We describe JATOS’ main features and implementation and provide a detailed tutorial along with example studies to help interested researchers to set up their online studies. JATOS can be found under the Internet address: www.jatos.org. PMID:26114751

SCEAPI: A unified Restful Web API for High-Performance Computing

NASA Astrophysics Data System (ADS)

Rongqiang, Cao; Haili, Xiao; Shasha, Lu; Yining, Zhao; Xiaoning, Wang; Xuebin, Chi

2017-10-01

The development of scientific computing is increasingly moving to collaborative web and mobile applications. All these applications need high-quality programming interface for accessing heterogeneous computing resources consisting of clusters, grid computing or cloud computing. In this paper, we introduce our high-performance computing environment that integrates computing resources from 16 HPC centers across China. Then we present a bundle of web services called SCEAPI and describe how it can be used to access HPC resources with HTTP or HTTPs protocols. We discuss SCEAPI from several aspects including architecture, implementation and security, and address specific challenges in designing compatible interfaces and protecting sensitive data. We describe the functions of SCEAPI including authentication, file transfer and job management for creating, submitting and monitoring, and how to use SCEAPI in an easy-to-use way. Finally, we discuss how to exploit more HPC resources quickly for the ATLAS experiment by implementing the custom ARC compute element based on SCEAPI, and our work shows that SCEAPI is an easy-to-use and effective solution to extend opportunistic HPC resources.

Innovative technology for web-based data management during an outbreak

PubMed Central

Mukhi, Shamir N; Chester, Tammy L Stuart; Klaver-Kibria, Justine DA; Nowicki, Deborah L; Whitlock, Mandy L; Mahmud, Salah M; Louie, Marie; Lee, Bonita E

2011-01-01

Lack of automated and integrated data collection and management, and poor linkage of clinical, epidemiological and laboratory data during an outbreak can inhibit effective and timely outbreak investigation and response. This paper describes an innovative web-based technology, referred to as Web Data, developed for the rapid set-up and provision of interactive and adaptive data management during outbreak situations. We also describe the benefits and limitations of the Web Data technology identified through a questionnaire that was developed to evaluate the use of Web Data implementation and application during the 2009 H1N1 pandemic by Winnipeg Regional Health Authority and Provincial Laboratory for Public Health of Alberta. Some of the main benefits include: improved and secure data access, increased efficiency and reduced error, enhanced electronic collection and transfer of data, rapid creation and modification of the database, conversion of specimen-level to case-level data, and user-defined data extraction and query capabilities. Areas requiring improvement include: better understanding of privacy policies, increased capability for data sharing and linkages between jurisdictions to alleviate data entry duplication. PMID:23569597

Web Extensible Display Manager

DOE Office of Scientific and Technical Information (OSTI.GOV)

Slominski, Ryan; Larrieu, Theodore L.

Jefferson Lab's Web Extensible Display Manager (WEDM) allows staff to access EDM control system screens from a web browser in remote offices and from mobile devices. Native browser technologies are leveraged to avoid installing and managing software on remote clients such as browser plugins, tunnel applications, or an EDM environment. Since standard network ports are used firewall exceptions are minimized. To avoid security concerns from remote users modifying a control system, WEDM exposes read-only access and basic web authentication can be used to further restrict access. Updates of monitored EPICS channels are delivered via a Web Socket using a webmore » gateway. The software translates EDM description files (denoted with the edl suffix) to HTML with Scalable Vector Graphics (SVG) following the EDM's edl file vector drawing rules to create faithful screen renderings. The WEDM server parses edl files and creates the HTML equivalent in real-time allowing existing screens to work without modification. Alternatively, the familiar drag and drop EDM screen creation tool can be used to create optimized screens sized specifically for smart phones and then rendered by WEDM.« less

Web technology for emergency medicine and secure transmission of electronic patient records.

PubMed

Halamka, J D

1998-01-01

The American Heritage dictionary defines the word "web" as "something intricately contrived, especially something that ensnares or entangles." The wealth of medical resources on the World Wide Web is now so extensive, yet disorganized and unmonitored, that such a definition seems fitting. In emergency medicine, for example, a field in which accurate and complete information, including patients' records, is urgently needed, more than 5000 Web pages are available today, whereas fewer than 50 were available in December 1994. Most sites are static Web pages using the Internet to publish textbook material, but new technology is extending the scope of the Internet to include online medical education and secure exchange of clinical information. This article lists some of the best Web sites for use in emergency medicine and then describes a project in which the Web is used for transmission and protection of electronic medical records.

Cloud Forensics Issues

DTIC Science & Technology

2014-07-01

voluminous threat environment. Today we regularly construct seamless encrypted communications between machines through SSL or other TLS . These do not...return to the web application and the user, As a prerequisite to end-to-end communication an SSL , or other suitable TLS is set up between each of the...an TLS connection is established between the requestor and the service provider, within which a WS-Security package will be sent to the service

Toward an Integrated System for Command and Control Net-Centric Web Services and Sustainment: Application to Homland Security

DTIC Science & Technology

2010-08-01

the public and for first responders to access disaster information and services provided by government agencies and non- governmental organizations...thereby reducing the performance gap for a single federal disaster-management site. DMIS provides government and non- governmental organizations...NIMS) and Na- tional Response Framework (NRF): a. First responders b. Local governments and agencies c. Regional and federal agencies 2

Integrating Webtop Components with Thin-Client Web Applicators using WDK Tickets

NASA Technical Reports Server (NTRS)

Duley, Jason

2004-01-01

Contents include the folloving: Issues surrounding encryption/decryption of password strings when deploying on different machines and platforms. Security concerns when exposing docbases to internet users. Docbase Session management in Java Servlets. Customization of Webtop components. WDK Tickets as a silent login alternative. Encoding Tickets and Ticket syntax. Invoking Webtop components via an Action URL. Issues with accessing Webtop components on Mac OS X through SSL.

Secure Display of Space-Exploration Images

NASA Technical Reports Server (NTRS)

Cheng, Cecilia; Thornhill, Gillian; McAuley, Michael

2006-01-01

Java EDR Display Interface (JEDI) is software for either local display or secure Internet distribution, to authorized clients, of image data acquired from cameras aboard spacecraft engaged in exploration of remote planets. ( EDR signifies experimental data record, which, in effect, signifies image data.) Processed at NASA s Multimission Image Processing Laboratory (MIPL), the data can be from either near-realtime processing streams or stored files. JEDI uses the Java Advanced Imaging application program interface, plus input/output packages that are parts of the Video Image Communication and Retrieval software of the MIPL, to display images. JEDI can be run as either a standalone application program or within a Web browser as a servlet with an applet front end. In either operating mode, JEDI communicates using the HTTP(s) protocol(s). In the Web-browser case, the user must provide a password to gain access. For each user and/or image data type, there is a configuration file, called a "personality file," containing parameters that control the layout of the displays and the information to be included in them. Once JEDI has accepted the user s password, it processes the requested EDR (provided that user is authorized to receive the specific EDR) to create a display according to the user s personality file.

Integrating geo web services for a user driven exploratory analysis

NASA Astrophysics Data System (ADS)

Moncrieff, Simon; Turdukulov, Ulanbek; Gulland, Elizabeth-Kate

2016-04-01

In data exploration, several online data sources may need to be dynamically aggregated or summarised over spatial region, time interval, or set of attributes. With respect to thematic data, web services are mainly used to present results leading to a supplier driven service model limiting the exploration of the data. In this paper we propose a user need driven service model based on geo web processing services. The aim of the framework is to provide a method for the scalable and interactive access to various geographic data sources on the web. The architecture combines a data query, processing technique and visualisation methodology to rapidly integrate and visually summarise properties of a dataset. We illustrate the environment on a health related use case that derives Age Standardised Rate - a dynamic index that needs integration of the existing interoperable web services of demographic data in conjunction with standalone non-spatial secure database servers used in health research. Although the example is specific to the health field, the architecture and the proposed approach are relevant and applicable to other fields that require integration and visualisation of geo datasets from various web services and thus, we believe is generic in its approach.

An Encryption Scheme for Communication Internet SCADA Components

NASA Astrophysics Data System (ADS)

Robles, Rosslin John; Kim, Tai-Hoon

The trend in most systems is that they are connected through the Internet. Traditional Supervisory Control and Data Acquisition Systems (SCADA) is connected only in a limited private network. SCADA is considered a critical infrastructure, and connecting to the internet is putting the society on jeopardy, some operators hold back on connecting it to the internet. But since the internet Supervisory Control and Data Acquisition Systems (SCADA) facility has brought a lot of advantages in terms of control, data viewing and generation. Along with these advantages, are security issues regarding web SCADA, operators are pushed to connect Supervisory Control and Data Acquisition Systems (SCADA) through the internet. Because of this, many issues regarding security surfaced. In this paper, we discuss web SCADA and the issues regarding security. As a countermeasure, a web SCADA security solution using crossed-crypto-scheme is proposed to be used in the communication of SCADA components.

Efficient Data Transfer Rate and Speed of Secured Ethernet Interface System.

PubMed

Ghanti, Shaila; Naik, G M

2016-01-01

Embedded systems are extensively used in home automation systems, small office systems, vehicle communication systems, and health service systems. The services provided by these systems are available on the Internet and these services need to be protected. Security features like IP filtering, UDP protection, or TCP protection need to be implemented depending on the specific application used by the device. Every device on the Internet must have network interface. This paper proposes the design of the embedded Secured Ethernet Interface System to protect the service available on the Internet against the SYN flood attack. In this experimental study, Secured Ethernet Interface System is customized to protect the web service against the SYN flood attack. Secured Ethernet Interface System is implemented on ALTERA Stratix IV FPGA as a system on chip and uses the modified SYN flood attack protection method. The experimental results using Secured Ethernet Interface System indicate increase in number of genuine clients getting service from the server, considerable improvement in the data transfer rate, and better response time during the SYN flood attack.

Efficient Data Transfer Rate and Speed of Secured Ethernet Interface System

PubMed Central

Ghanti, Shaila

2016-01-01

Embedded systems are extensively used in home automation systems, small office systems, vehicle communication systems, and health service systems. The services provided by these systems are available on the Internet and these services need to be protected. Security features like IP filtering, UDP protection, or TCP protection need to be implemented depending on the specific application used by the device. Every device on the Internet must have network interface. This paper proposes the design of the embedded Secured Ethernet Interface System to protect the service available on the Internet against the SYN flood attack. In this experimental study, Secured Ethernet Interface System is customized to protect the web service against the SYN flood attack. Secured Ethernet Interface System is implemented on ALTERA Stratix IV FPGA as a system on chip and uses the modified SYN flood attack protection method. The experimental results using Secured Ethernet Interface System indicate increase in number of genuine clients getting service from the server, considerable improvement in the data transfer rate, and better response time during the SYN flood attack. PMID:28116350

17 CFR 232.314 - Accommodation for certain securitizers of asset-backed securities.

Code of Federal Regulations, 2014 CFR

2014-04-01

... Securities Rulemaking Board's Internet Web site. [76 FR 4511, Jan. 26, 2011] XBRL-Related Documents ... 17 Commodity and Securities Exchanges 3 2014-04-01 2014-04-01 false Accommodation for certain securitizers of asset-backed securities. 232.314 Section 232.314 Commodity and Securities Exchanges SECURITIES...

17 CFR 232.314 - Accommodation for certain securitizers of asset-backed securities.

Code of Federal Regulations, 2012 CFR

2012-04-01

... Securities Rulemaking Board's Internet Web site. [76 FR 4511, Jan. 26, 2011] XBRL-Related Documents ... 17 Commodity and Securities Exchanges 2 2012-04-01 2012-04-01 false Accommodation for certain securitizers of asset-backed securities. 232.314 Section 232.314 Commodity and Securities Exchanges SECURITIES...

17 CFR 232.314 - Accommodation for certain securitizers of asset-backed securities.

Code of Federal Regulations, 2013 CFR

2013-04-01

... Securities Rulemaking Board's Internet Web site. [76 FR 4511, Jan. 26, 2011] XBRL-Related Documents ... 17 Commodity and Securities Exchanges 2 2013-04-01 2013-04-01 false Accommodation for certain securitizers of asset-backed securities. 232.314 Section 232.314 Commodity and Securities Exchanges SECURITIES...

17 CFR 232.314 - Accommodation for certain securitizers of asset-backed securities.

Code of Federal Regulations, 2011 CFR

2011-04-01

... Securities Rulemaking Board's Internet Web site. [76 FR 4511, Jan. 26, 2011] XBRL-Related Documents ... 17 Commodity and Securities Exchanges 2 2011-04-01 2011-04-01 false Accommodation for certain securitizers of asset-backed securities. 232.314 Section 232.314 Commodity and Securities Exchanges SECURITIES...

Security techniques for prevention of rank manipulation in social tagging services including robotic domains.

PubMed

Choi, Okkyung; Jung, Hanyoung; Moon, Seungbin

2014-01-01

With smartphone distribution becoming common and robotic applications on the rise, social tagging services for various applications including robotic domains have advanced significantly. Though social tagging plays an important role when users are finding the exact information through web search, reliability and semantic relation between web contents and tags are not considered. Spams are making ill use of this aspect and put irrelevant tags deliberately on contents and induce users to advertise contents when they click items of search results. Therefore, this study proposes a detection method for tag-ranking manipulation to solve the problem of the existing methods which cannot guarantee the reliability of tagging. Similarity is measured for ranking the grade of registered tag on the contents, and weighted values of each tag are measured by means of synonym relevance, frequency, and semantic distances between tags. Lastly, experimental evaluation results are provided and its efficiency and accuracy are verified through them.

Medical Images Remote Consultation

NASA Astrophysics Data System (ADS)

Ferraris, Maurizio; Frixione, Paolo; Squarcia, Sandro

Teleconsultation of digital images among different medical centers is now a reality. The problem to be solved is how to interconnect all the clinical diagnostic devices in a hospital in order to allow physicians and health physicists, working in different places, to discuss on interesting clinical cases visualizing the same diagnostic images at the same time. Applying World Wide Web technologies, the proposed system can be easily used by people with no specific computer knowledge providing a verbose help to guide the user through the right steps of execution. Diagnostic images are retrieved from a relational database or from a standard DICOM-PACS through the DICOM-WWW gateway allowing connection of the usual Web browsers to DICOM applications via the HTTP protocol. The system, which is proposed for radiotherapy implementation, where radiographies play a fundamental role, can be easily converted to different field of medical applications where a remote access to secure data are compulsory.

Vulnerability Assessment of IPv6 Websites to SQL Injection and Other Application Level Attacks

PubMed Central

Cho, Ying-Chiang; Pan, Jen-Yi

2013-01-01

Given the proliferation of internet connected devices, IPv6 has been proposed to replace IPv4. Aside from providing a larger address space which can be assigned to internet enabled devices, it has been suggested that the IPv6 protocol offers increased security due to the fact that with the large number of addresses available, standard IP scanning attacks will no longer become feasible. However, given the interest in attacking organizations rather than individual devices, most initial points of entry onto an organization's network and their attendant devices are visible and reachable through web crawling techniques, and, therefore, attacks on the visible application layer may offer ways to compromise the overall network. In this evaluation, we provide a straightforward implementation of a web crawler in conjunction with a benign black box penetration testing system and analyze the ease at which SQL injection attacks can be carried out. PMID:24574863

Vulnerability assessment of IPv6 websites to SQL injection and other application level attacks.

PubMed

Cho, Ying-Chiang; Pan, Jen-Yi

2013-01-01

Given the proliferation of internet connected devices, IPv6 has been proposed to replace IPv4. Aside from providing a larger address space which can be assigned to internet enabled devices, it has been suggested that the IPv6 protocol offers increased security due to the fact that with the large number of addresses available, standard IP scanning attacks will no longer become feasible. However, given the interest in attacking organizations rather than individual devices, most initial points of entry onto an organization's network and their attendant devices are visible and reachable through web crawling techniques, and, therefore, attacks on the visible application layer may offer ways to compromise the overall network. In this evaluation, we provide a straightforward implementation of a web crawler in conjunction with a benign black box penetration testing system and analyze the ease at which SQL injection attacks can be carried out.

Rich internet application system for patient-centric healthcare data management using handheld devices.

PubMed

Constantinescu, L; Pradana, R; Kim, J; Gong, P; Fulham, Michael; Feng, D

2009-01-01

Rich Internet Applications (RIAs) are an emerging software platform that blurs the line between web service and native application, and is a powerful tool for handheld device deployment. By democratizing health data management and widening its availability, this software platform has the potential to revolutionize telemedicine, clinical practice, medical education and information distribution, particularly in rural areas, and to make patient-centric medical computing a reality. In this paper, we propose a telemedicine application that leverages the ability of a mobile RIA platform to transcode, organise and present textual and multimedia data, which are sourced from medical database software. We adopted a web-based approach to communicate, in real-time, with an established hospital information system via a custom RIA. The proposed solution allows communication between handheld devices and a hospital information system for media streaming with support for real-time encryption, on any RIA enabled platform. We demonstrate our prototype's ability to securely and rapidly access, without installation requirements, medical data ranging from simple textual records to multi-slice PET-CT images and maximum intensity (MIP) projections.

Evolving telemedicine/ehealth technology.

PubMed

Ferrante, Frank E

2005-06-01

This paper describes emerging technologies to support a rapidly changing and expanding scope of telemedicine/telehealth applications. Of primary interest here are wireless systems, emerging broadband, nanotechnology, intelligent agent applications, and grid computing. More specifically, the paper describes the changes underway in wireless designs aimed at enhancing security; some of the current work involving the development of nanotechnology applications and research into the use of intelligent agents/artificial intelligence technology to establish what are termed "Knowbots"; and a sampling of the use of Web services, such as grid computing capabilities, to support medical applications. In addition, the expansion of these technologies and the need for cost containment to sustain future health care for an increasingly mobile and aging population is discussed.

Design of a Web-tool for diagnostic clinical trials handling medical imaging research.

PubMed

Baltasar Sánchez, Alicia; González-Sistal, Angel

2011-04-01

New clinical studies in medicine are based on patients and controls using different imaging diagnostic modalities. Medical information systems are not designed for clinical trials employing clinical imaging. Although commercial software and communication systems focus on storage of image data, they are not suitable for storage and mining of new types of quantitative data. We sought to design a Web-tool to support diagnostic clinical trials involving different experts and hospitals or research centres. The image analysis of this project is based on skeletal X-ray imaging. It involves a computerised image method using quantitative analysis of regions of interest in healthy bone and skeletal metastases. The database is implemented with ASP.NET 3.5 and C# technologies for our Web-based application. For data storage, we chose MySQL v.5.0, one of the most popular open source databases. User logins were necessary, and access to patient data was logged for auditing. For security, all data transmissions were carried over encrypted connections. This Web-tool is available to users scattered at different locations; it allows an efficient organisation and storage of data (case report form) and images and allows each user to know precisely what his task is. The advantages of our Web-tool are as follows: (1) sustainability is guaranteed; (2) network locations for collection of data are secured; (3) all clinical information is stored together with the original images and the results derived from processed images and statistical analysis that enable us to perform retrospective studies; (4) changes are easily incorporated because of the modular architecture; and (5) assessment of trial data collected at different sites is centralised to reduce statistical variance.

An Offline-Online Android Application for Hazard Event Mapping Using WebGIS Open Source Technologies

NASA Astrophysics Data System (ADS)

Olyazadeh, Roya; Jaboyedoff, Michel; Sudmeier-Rieux, Karen; Derron, Marc-Henri; Devkota, Sanjaya

2016-04-01

Nowadays, Free and Open Source Software (FOSS) plays an important role in better understanding and managing disaster risk reduction around the world. National and local government, NGOs and other stakeholders are increasingly seeking and producing data on hazards. Most of the hazard event inventories and land use mapping are based on remote sensing data, with little ground truthing, creating difficulties depending on the terrain and accessibility. Open Source WebGIS tools offer an opportunity for quicker and easier ground truthing of critical areas in order to analyse hazard patterns and triggering factors. This study presents a secure mobile-map application for hazard event mapping using Open Source WebGIS technologies such as Postgres database, Postgis, Leaflet, Cordova and Phonegap. The objectives of this prototype are: 1. An Offline-Online android mobile application with advanced Geospatial visualisation; 2. Easy Collection and storage of events information applied services; 3. Centralized data storage with accessibility by all the service (smartphone, standard web browser); 4. Improving data management by using active participation in hazard event mapping and storage. This application has been implemented as a low-cost, rapid and participatory method for recording impacts from hazard events and includes geolocation (GPS data and Internet), visualizing maps with overlay of satellite images, viewing uploaded images and events as cluster points, drawing and adding event information. The data can be recorded in offline (Android device) or online version (all browsers) and consequently uploaded through the server whenever internet is available. All the events and records can be visualized by an administrator and made public after approval. Different user levels can be defined to access the data for communicating the information. This application was tested for landslides in post-earthquake Nepal but can be used for any other type of hazards such as flood, avalanche, etc. Keywords: Offline, Online, WebGIS Open source, Android, Hazard Event Mapping

Security protection of DICOM medical images using dual-layer reversible watermarking with tamper detection capability.

PubMed

Tan, Chun Kiat; Ng, Jason Changwei; Xu, Xiaotian; Poh, Chueh Loo; Guan, Yong Liang; Sheah, Kenneth

2011-06-01

Teleradiology applications and universal availability of patient records using web-based technology are rapidly gaining importance. Consequently, digital medical image security has become an important issue when images and their pertinent patient information are transmitted across public networks, such as the Internet. Health mandates such as the Health Insurance Portability and Accountability Act require healthcare providers to adhere to security measures in order to protect sensitive patient information. This paper presents a fully reversible, dual-layer watermarking scheme with tamper detection capability for medical images. The scheme utilizes concepts of public-key cryptography and reversible data-hiding technique. The scheme was tested using medical images in DICOM format. The results show that the scheme is able to ensure image authenticity and integrity, and to locate tampered regions in the images.

Using web technology and Java mobile software agents to manage outside referrals.

PubMed Central

Murphy, S. N.; Ng, T.; Sittig, D. F.; Barnett, G. O.

1998-01-01

A prototype, web-based referral application was created with the objective of providing outside primary care providers (PCP's) the means to refer patients to the Massachusetts General Hospital and the Brigham and Women's Hospital. The application was designed to achieve the two primary objectives of providing the consultant with enough data to make decisions even at the initial visit, and providing the PCP with a prompt response from the consultant. The system uses a web browser/server to initiate the referral and Java mobile software agents to support the workflow of the referral. This combination provides a light client implementation that can run on a wide variety of hardware and software platforms found in the office of the PCP. The implementation can guarantee a high degree of security for the computer of the PCP. Agents can be adapted to support the wide variety of data types that may be used in referral transactions, including reports with complex presentation needs and scanned (faxed) images Agents can be delivered to the PCP as running applications that can perform ongoing queries and alerts at the office of the PCP. Finally, the agent architecture is designed to scale in a natural and seamless manner for unforeseen future needs. PMID:9929190

Flush-mounting technique for composite beams

NASA Technical Reports Server (NTRS)

Harman, T. C.; Kay, B. F.

1980-01-01

Procedure permits mounting of heavy parts to surface of composite beams without appreciably weakening beam web. Web is split and held apart in region where attachment is to be made by lightweight precast foam filler. Bolt hole penetrates foam rather than web, and is secured by barrelnut in transverse bushing through web.

12 CFR 555.310 - How do I notify OTS?

Code of Federal Regulations, 2010 CFR

2010-01-01

...) Describe the transactional web site. (2) Indicate the date the transactional web site will become operational. (3) List a contact familiar with the deployment, operation, and security of the transactional web site. (b) Transition provision. If you established a transactional web site after the date of your last...

12 CFR 155.310 - How do I notify the OCC?

Code of Federal Regulations, 2014 CFR

2014-01-01

... least 30 days before you establish a transactional Web site. The notice must do three things: (a) Describe the transactional web site. (b) Indicate the date the transactional web site will become operational. (c) List a contact familiar with the deployment, operation, and security of the transactional web...

12 CFR 390.222 - How do I notify FDIC?

Code of Federal Regulations, 2013 CFR

2013-01-01

... 30 days before you establish a transactional Web site. The notice must do three things: (1) Describe the transactional Web site. (2) Indicate the date the transactional Web site will become operational. (3) List a contact familiar with the deployment, operation, and security of the transactional Web...

12 CFR 555.310 - How do I notify OTS?

Code of Federal Regulations, 2013 CFR

2013-01-01

...) Describe the transactional web site. (2) Indicate the date the transactional web site will become operational. (3) List a contact familiar with the deployment, operation, and security of the transactional web site. (b) Transition provision. If you established a transactional web site after the date of your last...

12 CFR 390.222 - How do I notify FDIC?

Code of Federal Regulations, 2012 CFR

2012-01-01

... 30 days before you establish a transactional Web site. The notice must do three things: (1) Describe the transactional Web site. (2) Indicate the date the transactional Web site will become operational. (3) List a contact familiar with the deployment, operation, and security of the transactional Web...

12 CFR 555.310 - How do I notify OTS?

Code of Federal Regulations, 2012 CFR

2012-01-01

...) Describe the transactional web site. (2) Indicate the date the transactional web site will become operational. (3) List a contact familiar with the deployment, operation, and security of the transactional web site. (b) Transition provision. If you established a transactional web site after the date of your last...

12 CFR 155.310 - How do I notify the OCC?

Code of Federal Regulations, 2013 CFR

2013-01-01

... least 30 days before you establish a transactional Web site. The notice must do three things: (a) Describe the transactional web site. (b) Indicate the date the transactional web site will become operational. (c) List a contact familiar with the deployment, operation, and security of the transactional web...

12 CFR 555.310 - How do I notify OTS?

Code of Federal Regulations, 2014 CFR

2014-01-01

...) Describe the transactional web site. (2) Indicate the date the transactional web site will become operational. (3) List a contact familiar with the deployment, operation, and security of the transactional web site. (b) Transition provision. If you established a transactional web site after the date of your last...

12 CFR 390.222 - How do I notify FDIC?

Code of Federal Regulations, 2014 CFR

2014-01-01

... 30 days before you establish a transactional Web site. The notice must do three things: (1) Describe the transactional Web site. (2) Indicate the date the transactional Web site will become operational. (3) List a contact familiar with the deployment, operation, and security of the transactional Web...

12 CFR 155.310 - How do I notify the OCC?

Code of Federal Regulations, 2012 CFR

2012-01-01

... least 30 days before you establish a transactional Web site. The notice must do three things: (a) Describe the transactional web site. (b) Indicate the date the transactional web site will become operational. (c) List a contact familiar with the deployment, operation, and security of the transactional web...

Secure Web-based Ground System User Interfaces over the Open Internet

NASA Technical Reports Server (NTRS)

Langston, James H.; Murray, Henry L.; Hunt, Gary R.

1998-01-01

A prototype has been developed which makes use of commercially available products in conjunction with the Java programming language to provide a secure user interface for command and control over the open Internet. This paper reports successful demonstration of: (1) Security over the Internet, including encryption and certification; (2) Integration of Java applets with a COTS command and control product; (3) Remote spacecraft commanding using the Internet. The Java-based Spacecraft Web Interface to Telemetry and Command Handling (Jswitch) ground system prototype provides these capabilities. This activity demonstrates the use and integration of current technologies to enable a spacecraft engineer or flight operator to monitor and control a spacecraft from a user interface communicating over the open Internet using standard World Wide Web (WWW) protocols and commercial off-the-shelf (COTS) products. The core command and control functions are provided by the COTS Epoch 2000 product. The standard WWW tools and browsers are used in conjunction with the Java programming technology. Security is provided with the current encryption and certification technology. This system prototype is a step in the direction of giving scientist and flight operators Web-based access to instrument, payload, and spacecraft data.

Effectiveness of home blood pressure monitoring, Web communication, and pharmacist care on hypertension control: a randomized controlled trial.

PubMed

Green, Beverly B; Cook, Andrea J; Ralston, James D; Fishman, Paul A; Catz, Sheryl L; Carlson, James; Carrell, David; Tyll, Lynda; Larson, Eric B; Thompson, Robert S

2008-06-25

Treating hypertension decreases mortality and disability from cardiovascular disease, but most hypertension remains inadequately controlled. To determine if a new model of care that uses patient Web services, home blood pressure (BP) monitoring, and pharmacist-assisted care improves BP control. A 3-group randomized controlled trial, the Electronic Communications and Home Blood Pressure Monitoring study was based on the Chronic Care Model. The trial was conducted at an integrated group practice in Washington state, enrolling 778 participants aged 25 to 75 years with uncontrolled essential hypertension and Internet access. Care was delivered over a secure patient Web site from June 2005 to December 2007. Participants were randomly assigned to usual care, home BP monitoring and secure patient Web site training only, or home BP monitoring and secure patient Web site training plus pharmacist care management delivered through Web communications. Percentage of patients with controlled BP (<140/90 mm Hg) and changes in systolic and diastolic BP at 12 months. Of 778 patients, 730 (94%) completed the 1-year follow-up visit. Patients assigned to the home BP monitoring and Web training only group had a nonsignificant increase in the percentage of patients with controlled BP (<140/90 mm Hg) compared with usual care (36% [95% confidence interval {CI}, 30%-42%] vs 31% [95% CI, 25%-37%]; P = .21). Adding Web-based pharmacist care to home BP monitoring and Web training significantly increased the percentage of patients with controlled BP (56%; 95% CI, 49%-62%) compared with usual care (P < .001) and home BP monitoring and Web training only (P < .001). Systolic BP was decreased stepwise from usual care to home BP monitoring and Web training only to home BP monitoring and Web training plus pharmacist care. Diastolic BP was decreased only in the pharmacist care group compared with both the usual care and home BP monitoring and Web training only groups. Compared with usual care, the patients who had baseline systolic BP of 160 mm Hg or higher and received home BP monitoring and Web training plus pharmacist care had a greater net reduction in systolic BP (-13.2 mm Hg [95% CI, -19.2 to -7.1]; P < .001) and diastolic BP (-4.6 mm Hg [95% CI, -8.0 to -1.2]; P < .001), and improved BP control (relative risk, 3.32 [95% CI, 1.86 to 5.94]; P<.001). Pharmacist care management delivered through secure patient Web communications improved BP control in patients with hypertension. Trial Registration clinicaltrials.gov Identifier: NCT00158639.

[Security specifications for electronic medical records on the Internet].

PubMed

Mocanu, Mihai; Mocanu, Carmen

2007-01-01

The extension for the Web applications of the Electronic Medical Record seems both interesting and promising. Correlated with the expansion of Internet in our country, it allows the interconnection of physicians of different specialties and their collaboration for better treatment of patients. In this respect, the ophthalmologic medical applications consider the increased possibilities for monitoring chronic ocular diseases and for the identification of some elements for early diagnosis and risk factors supervision. We emphasize in this survey some possible solutions to the problems of interconnecting medical information systems to the Internet: the achievement of interoperability within medical organizations through the use of open standards, the automated input and processing for ocular imaging, the use of data reduction techniques in order to increase the speed of image retrieval in large databases, and, last but not least, the resolution of security and confidentiality problems in medical databases.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Krishnamurthy, Dheepak

This paper is an overview of Power System Simulation Toolbox (psst). psst is an open-source Python application for the simulation and analysis of power system models. psst simulates the wholesale market operation by solving a DC Optimal Power Flow (DCOPF), Security Constrained Unit Commitment (SCUC) and a Security Constrained Economic Dispatch (SCED). psst also includes models for the various entities in a power system such as Generator Companies (GenCos), Load Serving Entities (LSEs) and an Independent System Operator (ISO). psst features an open modular object oriented architecture that will make it useful for researchers to customize, expand, experiment beyond solvingmore » traditional problems. psst also includes a web based Graphical User Interface (GUI) that allows for user friendly interaction and for implementation on remote High Performance Computing (HPCs) clusters for parallelized operations. This paper also provides an illustrative application of psst and benchmarks with standard IEEE test cases to show the advanced features and the performance of toolbox.« less

Efficient Web Services Policy Combination

NASA Technical Reports Server (NTRS)

Vatan, Farrokh; Harman, Joseph G.

2010-01-01

Large-scale Web security systems usually involve cooperation between domains with non-identical policies. The network management and Web communication software used by the different organizations presents a stumbling block. Many of the tools used by the various divisions do not have the ability to communicate network management data with each other. At best, this means that manual human intervention into the communication protocols used at various network routers and endpoints is required. Developing practical, sound, and automated ways to compose policies to bridge these differences is a long-standing problem. One of the key subtleties is the need to deal with inconsistencies and defaults where one organization proposes a rule on a particular feature, and another has a different rule or expresses no rule. A general approach is to assign priorities to rules and observe the rules with the highest priorities when there are conflicts. The present methods have inherent inefficiency, which heavily restrict their practical applications. A new, efficient algorithm combines policies utilized for Web services. The method is based on an algorithm that allows an automatic and scalable composition of security policies between multiple organizations. It is based on defeasible policy composition, a promising approach for finding conflicts and resolving priorities between rules. In the general case, policy negotiation is an intractable problem. A promising method, suggested in the literature, is when policies are represented in defeasible logic, and composition is based on rules for non-monotonic inference. In this system, policy writers construct metapolicies describing both the policy that they wish to enforce and annotations describing their composition preferences. These annotations can indicate whether certain policy assertions are required by the policy writer or, if not, under what circumstances the policy writer is willing to compromise and allow other assertions to take precedence. Meta-policies are specified in defeasible logic, a computationally efficient non-monotonic logic developed to model human reasoning. One drawback of this method is that at one point the algorithm starts an exhaustive search of all subsets of the set of conclusions of a defeasible theory. Although the propositional defeasible logic has linear complexity, the set of conclusions here may be large, especially in real-life practical cases. This phenomenon leads to an inefficient exponential explosion of complexity. The current process of getting a Web security policy from combination of two meta-policies consists of two steps. The first is generating a new meta-policy that is a composition of the input meta-policies, and the second is mapping the meta-policy onto a security policy. The new algorithm avoids the exhaustive search in the current algorithm, and provides a security policy that matches all requirements of the involved metapolicies.

Cloud-based Predictive Modeling System and its Application to Asthma Readmission Prediction

PubMed Central

Chen, Robert; Su, Hang; Khalilia, Mohammed; Lin, Sizhe; Peng, Yue; Davis, Tod; Hirsh, Daniel A; Searles, Elizabeth; Tejedor-Sojo, Javier; Thompson, Michael; Sun, Jimeng

2015-01-01

The predictive modeling process is time consuming and requires clinical researchers to handle complex electronic health record (EHR) data in restricted computational environments. To address this problem, we implemented a cloud-based predictive modeling system via a hybrid setup combining a secure private server with the Amazon Web Services (AWS) Elastic MapReduce platform. EHR data is preprocessed on a private server and the resulting de-identified event sequences are hosted on AWS. Based on user-specified modeling configurations, an on-demand web service launches a cluster of Elastic Compute 2 (EC2) instances on AWS to perform feature selection and classification algorithms in a distributed fashion. Afterwards, the secure private server aggregates results and displays them via interactive visualization. We tested the system on a pediatric asthma readmission task on a de-identified EHR dataset of 2,967 patients. We conduct a larger scale experiment on the CMS Linkable 2008–2010 Medicare Data Entrepreneurs’ Synthetic Public Use File dataset of 2 million patients, which achieves over 25-fold speedup compared to sequential execution. PMID:26958172

A systematic review of studies of web portals for patients with diabetes mellitus.

PubMed

Coughlin, Steven S; Williams, Lovoria B; Hatzigeorgiou, Christos

2017-01-01

Patient web portals are password-protected online websites that offer patients 24-hour access to personal health information from anywhere with an Internet connection. Due to advances in health information technologies, there has been increasing interest among providers and researchers in patient web portals for use by patients with diabetes and other chronic conditions. This article, which is based upon bibliographic searches in PubMed, reviews web portals for patients with diabetes mellitus including patient web portals tethered to electronic medical records and web portals developed specifically for patients with diabetes. Twelve studies of the impact of patient web portals on the management of diabetes patients were identified. Three had a cross-sectional design, 1 employed mixed-methods, one had a matched-control design, 3 had a retrospective cohort design, and 5 were randomized controlled trials. Six (50%) of the studies examined web portals tethered to electronic medical records and the remainder were web portals developed specifically for diabetes patients. The results of this review suggest that secure messaging between adult diabetic patients and their clinician is associated with improved glycemic control. However, results from observational studies indicate that many diabetic patients do not take advantage of web portal features such as secure messaging, perhaps because of a lack of internet access or lack of experience in navigating web portal resources. Although results from randomized controlled trials provide stronger evidence of the efficacy of web portal use in improving glycemic control among diabetic patients, the number of trials is small and results from the trials have been mixed. Studies suggest that secure messaging between adult diabetic patients and their clinician is associated with improved glycemic control, but negative findings have also been reported. The number of randomized controlled trials that have examined the efficacy of web portal use in improving glycemic control among diabetic patients is still small. Additional research is needed to identify specific portal features that may impact quality of care or improve glycemic control.

A systematic review of studies of web portals for patients with diabetes mellitus

PubMed Central

Williams, Lovoria B.; Hatzigeorgiou, Christos

2017-01-01

Patient web portals are password-protected online websites that offer patients 24-hour access to personal health information from anywhere with an Internet connection. Due to advances in health information technologies, there has been increasing interest among providers and researchers in patient web portals for use by patients with diabetes and other chronic conditions. This article, which is based upon bibliographic searches in PubMed, reviews web portals for patients with diabetes mellitus including patient web portals tethered to electronic medical records and web portals developed specifically for patients with diabetes. Twelve studies of the impact of patient web portals on the management of diabetes patients were identified. Three had a cross-sectional design, 1 employed mixed-methods, one had a matched-control design, 3 had a retrospective cohort design, and 5 were randomized controlled trials. Six (50%) of the studies examined web portals tethered to electronic medical records and the remainder were web portals developed specifically for diabetes patients. The results of this review suggest that secure messaging between adult diabetic patients and their clinician is associated with improved glycemic control. However, results from observational studies indicate that many diabetic patients do not take advantage of web portal features such as secure messaging, perhaps because of a lack of internet access or lack of experience in navigating web portal resources. Although results from randomized controlled trials provide stronger evidence of the efficacy of web portal use in improving glycemic control among diabetic patients, the number of trials is small and results from the trials have been mixed. Studies suggest that secure messaging between adult diabetic patients and their clinician is associated with improved glycemic control, but negative findings have also been reported. The number of randomized controlled trials that have examined the efficacy of web portal use in improving glycemic control among diabetic patients is still small. Additional research is needed to identify specific portal features that may impact quality of care or improve glycemic control. PMID:28736732

GEMSS: privacy and security for a medical Grid.

PubMed

Middleton, S E; Herveg, J A M; Crazzolara, F; Marvin, D; Poullet, Y

2005-01-01

The GEMSS project is developing a secure Grid infrastructure through which six medical simulations services can be invoked. We examine the legal and security framework within which GEMSS operates. We provide a legal qualification to the operations performed upon patient data, in view of EU directive 95/46, when using medical applications on the GEMSS Grid. We identify appropriate measures to ensure security and describe the legal rationale behind our choice of security technology. Our legal analysis demonstrates there must be an identified controller (typically a hospital) of patient data. The controller must then choose a processor (in this context a Grid service provider) that provides sufficient guarantees with respect to the security of their technical and organizational data processing procedures. These guarantees must ensure a level of security appropriate to the risks, with due regard to the state of the art and the cost of their implementation. Our security solutions are based on a public key infrastructure (PKI), transport level security and end-to-end security mechanisms in line with the web service (WS Security, WS Trust and SecureConversation) security specifications. The GEMSS infrastructure ensures a degree of protection of patient data that is appropriate for the health care sector, and is in line with the European directives. We hope that GEMSS will become synonymous with high security data processing, providing a framework by which GEMSS service providers can provide the security guarantees required by hospitals with regard to the processing of patient data.

Integration of Dynamic Models in Range Operations

NASA Technical Reports Server (NTRS)

Bardina, Jorge; Thirumalainambi, Rajkumar

2004-01-01

This work addresses the various model interactions in real-time to make an efficient internet based decision making tool for Shuttle launch. The decision making tool depends on the launch commit criteria coupled with physical models. Dynamic interaction between a wide variety of simulation applications and techniques, embedded algorithms, and data visualizations are needed to exploit the full potential of modeling and simulation. This paper also discusses in depth details of web based 3-D graphics and applications to range safety. The advantages of this dynamic model integration are secure accessibility and distribution of real time information to other NASA centers.

The iMeteo is a web-based weather visualization tool

NASA Astrophysics Data System (ADS)

Tuni San-Martín, Max; San-Martín, Daniel; Cofiño, Antonio S.

2010-05-01

iMeteo is a web-based weather visualization tool. Designed with an extensible J2EE architecture, it is capable of displaying information from heterogeneous data sources such as gridded data from numerical models (in NetCDF format) or databases of local predictions. All this information is presented in a user-friendly way, being able to choose the specific tool to display data (maps, graphs, information tables) and customize it to desired locations. *Modular Display System* Visualization of the data is achieved through a set of mini tools called widgets. A user can add them at will and arrange them around the screen easily with a drag and drop movement. They can be of various types and each can be configured separately, forming a really powerful and configurable system. The "Map" is the most complex widget, since it can show several variables simultaneously (either gridded or point-based) through a layered display. Other useful widgets are the the "Histogram", which generates a graph with the frequency characteristics of a variable and the "Timeline" which shows the time evolution of a variable at a given location in an interactive way. *Customization and security* Following the trends in web development, the user can easily customize the way data is displayed. Due to programming in client side with technologies like AJAX, the interaction with the application is similar to the desktop ones because there are rapid respone times. If a user is registered then he could also save his settings in the database, allowing access from any system with Internet access with his particular setup. There is particular emphasis on application security. The administrator can define a set of user profiles, which may have associated restrictions on access to certain data sources, geographic areas or time intervals.

Air Markets Program Data (AMPD)

EPA Pesticide Factsheets

The Air Markets Program Data tool allows users to search EPA data to answer scientific, general, policy, and regulatory questions about industry emissions. Air Markets Program Data (AMPD) is a web-based application that allows users easy access to both current and historical data collected as part of EPA's emissions trading programs. This site allows you to create and view reports and to download emissions data for further analysis. AMPD provides a query tool so users can create custom queries of industry source emissions data, allowance data, compliance data, and facility attributes. In addition, AMPD provides interactive maps, charts, reports, and pre-packaged datasets. AMPD does not require any additional software, plug-ins, or security controls and can be accessed using a standard web browser.

Patient-Centered Access to Secure Systems Online (PCASSO): a secure approach to clinical data access via the World Wide Web.

PubMed Central

Masys, D. R.; Baker, D. B.

1997-01-01

The Internet's World-Wide Web (WWW) provides an appealing medium for the communication of health related information due to its ease of use and growing popularity. But current technologies for communicating data between WWW clients and servers are systematically vulnerable to certain types of security threats. Prominent among these threats are "Trojan horse" programs running on client workstations, which perform some useful and known function for a user, while breaching security via background functions that are not apparent to the user. The Patient-Centered Access to Secure Systems Online (PCASSO) project of SAIC and UCSD is a research, development and evaluation project to exploit state-of-the-art security and WWW technology for health care. PCASSO is designed to provide secure access to clinical data for healthcare providers and their patients using the Internet. PCASSO will be evaluated for both safety and effectiveness, and may provide a model for secure communications via public data networks. PMID:9357644

76 FR 19110 - Published Privacy Impact Assessments on the Web

Federal Register 2010, 2011, 2012, 2013, 2014

2011-04-06

... the Web AGENCY: Privacy Office, Department of Homeland Security (DHS). ACTION: Notice of Publication... the Privacy Office's Web site between May 3, 2010 and January 7, 2011. DATES: The Privacy Impact Assessments are available on the DHS Web site until June 6, 2011, after which they are obtained by contacting...

The Potential of CGI: Using Pre-Built CGI Scripts to Make Interactive Web Pages.

ERIC Educational Resources Information Center

Nackerud, Shane A.

1998-01-01

Describes CGI (Common Gateway Interface) scripts that are available on the Web and explains how librarians can use them to make Web pages more interactive. Topics include CGI security; Perl scripts; UNIX; and HTML. (LRW)

Secure, web-accessible call rosters for academic radiology departments.

PubMed

Nguyen, A V; Tellis, W M; Avrin, D E

2000-05-01

Traditionally, radiology department call rosters have been posted via paper and bulletin boards. Frequently, changes to these lists are made by multiple people independently, but often not synchronized, resulting in confusion among the house staff and technical staff as to who is on call and when. In addition, multiple and disparate copies exist in different sections of the department, and changes made would not be propagated to all the schedules. To eliminate such difficulties, a paperless call scheduling application was developed. Our call scheduling program allowed Java-enabled web access to a database by designated personnel from each radiology section who have privileges to make the necessary changes. Once a person made a change, everyone accessing the database would see the modification. This eliminates the chaos resulting from people swapping shifts at the last minute and not having the time to record or broadcast the change. Furthermore, all changes to the database were logged. Users are given a log-in name and password and can only edit their section; however, all personnel have access to all sections' schedules. Our applet was written in Java 2 using the latest technology in database access. We access our Interbase database through the DataExpress and DB Swing (Borland, Scotts Valley, CA) components. The result is secure access to the call rosters via the web. There are many advantages to the web-enabled access, mainly the ability for people to make changes and have the changes recorded and propagated in a single virtual location and available to all who need to know.

A radiology department intranet: development and applications.

PubMed

Willing, S J; Berland, L L

1999-01-01

An intranet is a "private Internet" that uses the protocols of the World Wide Web to share information resources within a company or with the company's business partners and clients. The hardware requirements for an intranet begin with a dedicated Web server permanently connected to the departmental network. The heart of a Web server is the hypertext transfer protocol (HTTP) service, which receives a page request from a client's browser and transmits the page back to the client. Although knowledge of hypertext markup language (HTML) is not essential for authoring a Web page, a working familiarity with HTML is useful, as is knowledge of programming and database management. Security can be ensured by using scripts to write information in hidden fields or by means of "cookies." Interfacing databases and database management systems with the Web server and conforming the user interface to HTML syntax can be achieved by means of the common gateway interface (CGI), Active Server Pages (ASP), or other methods. An intranet in a radiology department could include the following types of content: on-call schedules, work schedules and a calendar, a personnel directory, resident resources, memorandums and discussion groups, software for a radiology information system, and databases.

Web tools for predictive toxicology model building.

PubMed

Jeliazkova, Nina

2012-07-01

The development and use of web tools in chemistry has accumulated more than 15 years of history already. Powered by the advances in the Internet technologies, the current generation of web systems are starting to expand into areas, traditional for desktop applications. The web platforms integrate data storage, cheminformatics and data analysis tools. The ease of use and the collaborative potential of the web is compelling, despite the challenges. The topic of this review is a set of recently published web tools that facilitate predictive toxicology model building. The focus is on software platforms, offering web access to chemical structure-based methods, although some of the frameworks could also provide bioinformatics or hybrid data analysis functionalities. A number of historical and current developments are cited. In order to provide comparable assessment, the following characteristics are considered: support for workflows, descriptor calculations, visualization, modeling algorithms, data management and data sharing capabilities, availability of GUI or programmatic access and implementation details. The success of the Web is largely due to its highly decentralized, yet sufficiently interoperable model for information access. The expected future convergence between cheminformatics and bioinformatics databases provides new challenges toward management and analysis of large data sets. The web tools in predictive toxicology will likely continue to evolve toward the right mix of flexibility, performance, scalability, interoperability, sets of unique features offered, friendly user interfaces, programmatic access for advanced users, platform independence, results reproducibility, curation and crowdsourcing utilities, collaborative sharing and secure access.

Expert Advisor (EA) Evaluation System Using Web-based ELECTRE Method in Foreign Exchange (Forex) Market

NASA Astrophysics Data System (ADS)

Satibi; Widodo, Catur Edi; Farikhin

2018-02-01

This research aims to optimize forex trading profit automatically using EA but its still keep considering accuracy and drawdown levels. The evaluation system will classify EA performance based on trading market sessions (Sydney, Tokyo, London and New York) to determine the right EA to be used in certain market sessions. This evaluation system is a web-based ELECTRE methods that interact in real-time with EA through web service and are able to present real-time charts performance dashboard using web socket protocol communications. Web applications are programmed using NodeJs. In the testing period, all EAs had been simulated 24 hours in all market sessions for three months, the best EA is valued by its profit, accuracy and drawdown criteria that calculated using web-based ELECTRE method. The ideas of this research are to compare the best EA on testing period with collaboration performances of each best classified EA by market sessions. This research uses three months historical data of EUR/USD as testing period and other 3 months as validation period. As a result, performance of collaboration four best EA classified by market sessions can increase profits percentage consistently in testing and validation periods and keep securing accuracy and drawdown levels.

Software Application Profile: Opal and Mica: open-source software solutions for epidemiological data management, harmonization and dissemination

PubMed Central

Doiron, Dany; Marcon, Yannick; Fortier, Isabel; Burton, Paul; Ferretti, Vincent

2017-01-01

Abstract Motivation Improving the dissemination of information on existing epidemiological studies and facilitating the interoperability of study databases are essential to maximizing the use of resources and accelerating improvements in health. To address this, Maelstrom Research proposes Opal and Mica, two inter-operable open-source software packages providing out-of-the-box solutions for epidemiological data management, harmonization and dissemination. Implementation Opal and Mica are two standalone but inter-operable web applications written in Java, JavaScript and PHP. They provide web services and modern user interfaces to access them. General features Opal allows users to import, manage, annotate and harmonize study data. Mica is used to build searchable web portals disseminating study and variable metadata. When used conjointly, Mica users can securely query and retrieve summary statistics on geographically dispersed Opal servers in real-time. Integration with the DataSHIELD approach allows conducting more complex federated analyses involving statistical models. Availability Opal and Mica are open-source and freely available at [www.obiba.org] under a General Public License (GPL) version 3, and the metadata models and taxonomies that accompany them are available under a Creative Commons licence. PMID:29025122

Connecting to success: practice management on the Net.

PubMed

Freydberg, B K

2001-08-15

Profound changes in the way dental practices manage data, patient records, and communication are beginning to unfold. Sooner than most of us can imagine, secured patient medical and dental records will reside on the Internet. Additionally, communication between health care providers and patients will become virtually 100% electronic. As the Application Service Provider (ASP) dental models mature, practices will transition from paper to "paperless" to "web-based" management and clinical systems. This article examines and explains these future frontiers.

Science and Technology Resources on the Internet: Computer Security.

ERIC Educational Resources Information Center

Kinkus, Jane F.

2002-01-01

Discusses issues related to computer security, including confidentiality, integrity, and authentication or availability; and presents a selected list of Web sites that cover the basic issues of computer security under subject headings that include ethics, privacy, kids, antivirus, policies, cryptography, operating system security, and biometrics.…

Development and implementation of a GEOGLAM Crop Monitor web interface

NASA Astrophysics Data System (ADS)

Oliva, P.; Sanchez, A.; Humber, M. L.; Becker-Reshef, I.; Justice, C. J.; McGaughey, K.; Barker, B.

2016-12-01

Beginning in September 2013, the GEOGLAM Crop Monitor activity has provided earth observation (EO) data to a network of partners and collected crop assessments on a subnational basis through a web interface known as the Crop Assessment Tool. Based on the collection of monthly crop assessments, a monthly crop condition bulletin is published in the Agricultural Market Information System (AMIS) Market Monitor report. This workflow has been successfully applied to food security applications through the Early Warning Crop Monitor activity. However, a lack of timely and accurate information on crop conditions and prospects at the national scale is a critical issue in the majority of southern and eastern African countries and some South American countries. Such information is necessary for informed and prompt decision making in the face of emergencies, food insecurity and planning requirements for agricultural markets. This project addresses these needs through the development of relevant, user-friendly remote sensing monitor systems, collaborative internet technology, and collaboration with national and regional agricultural monitoring networks. By building on current projects and relationships established through the various GEOGLAM Crop Monitor activities, this project aims to ultimately provide EO-informed crop condition maps and charts designed for economics and policy oriented audiences, thereby providing quick and easy to understand products on crop conditions as the season progresses. Integrating these data and assessments vertically throughout the system provides a basis for regional sharing and collaboration in food security applications.

Summary of ADTT Website Functionality and Features

NASA Technical Reports Server (NTRS)

Hawke, Veronica; Duong, Trang; Liang, Lawrence; Gage, Peter; Lawrence, Scott (Technical Monitor)

2001-01-01

This report summarizes development of the ADTT web-based design environment by the ELORET team in 2000. The Advanced Design Technology Testbed had been in development for several years, with demonstration applications restricted to aerodynamic analyses of subsonic aircraft. The key changes achieved this year were improvements in Web-based accessibility, evaluation of collaborative visualization, remote invocation of geometry updates and performance analysis, and application to aerospace system analysis. Significant effort was also devoted to post-processing of data, chiefly through comparison of similar data for alternative vehicle concepts. Such comparison is an essential requirement for designers to make informed choices between alternatives. The next section of this report provides more discussion of the goals for ADTT development. Section 3 provides screen shots from a sample session in the ADTT environment, including Login and navigation to the project of interest, data inspection, analysis execution and output evaluation. The following section provides discussion of implementation details and recommendations for future development of the software and information technologies that provide the key functionality of the ADTT system. Section 5 discusses the integration architecture for the system, which links machines running different operating systems and provides unified access to data stored in distributed locations. Security is a significant issue for this system, especially for remote access to NAS machines, so Section 6 discusses several architectural considerations with respect to security. Additional details of some aspects of ADTT development are included in Appendices.

Methods and implementation of a central biosample and data management in a three-centre clinical study.

PubMed

Angelow, Aniela; Schmidt, Matthias; Weitmann, Kerstin; Schwedler, Susanne; Vogt, Hannes; Havemann, Christoph; Hoffmann, Wolfgang

2008-07-01

In our report we describe concept, strategies and implementation of a central biosample and data management (CSDM) system in the three-centre clinical study of the Transregional Collaborative Research Centre "Inflammatory Cardiomyopathy - Molecular Pathogenesis and Therapy" SFB/TR 19, Germany. Following the requirements of high system resource availability, data security, privacy protection and quality assurance, a web-based CSDM was developed based on Java 2 Enterprise Edition using an Oracle database. An efficient and reliable sample documentation system using bar code labelling, a partitioning storage algorithm and an online documentation software was implemented. An online electronic case report form is used to acquire patient-related data. Strict rules for access to the online applications and secure connections are used to account for privacy protection and data security. Challenges for the implementation of the CSDM resided at project, technical and organisational level as well as at staff level.

Professional convergence in forensic practice.

PubMed

Mercer, D; Mason, T; Richman, J

2001-06-01

This paper outlines the development and convergence of forensic science and secure psychiatric services in the UK, locating the professionalization of forensic nursing within a complex web of political, economic, and ideological structures. It is suggested that a stagnation of the therapeutic enterprise in high and medium security provision has witnessed an intrusion of medical power into the societal body. Expanding technologies of control and surveillance are discussed in relation to the move from modernity to postmodernity and the ongoing dynamic of medicalized offending. Four aspects of globalization are identified as impacting upon the organization and application of forensic practice: (i) organized capitalism and the exhaustion of the welfare state; (ii) security versus danger and trust versus risk; (iii) science as a meta-language; and (iv) foreclosure as a mechanism of censorship. Finally, as a challenge for the profession, some predictions are offered about the future directions or demise of forensic nursing.

A Multifactor Secure Authentication System for Wireless Payment

NASA Astrophysics Data System (ADS)

Sanyal, Sugata; Tiwari, Ayu; Sanyal, Sudip

Organizations are deploying wireless based online payment applications to expand their business globally, it increases the growing need of regulatory requirements for the protection of confidential data, and especially in internet based financial areas. Existing internet based authentication systems often use either the Web or the Mobile channel individually to confirm the claimed identity of the remote user. The vulnerability is that access is based on only single factor authentication which is not secure to protect user data, there is a need of multifactor authentication. This paper proposes a new protocol based on multifactor authentication system that is both secure and highly usable. It uses a novel approach based on Transaction Identification Code and SMS to enforce another security level with the traditional Login/password system. The system provides a highly secure environment that is simple to use and deploy with in a limited resources that does not require any change in infrastructure or underline protocol of wireless network. This Protocol for Wireless Payment is extended as a two way authentications system to satisfy the emerging market need of mutual authentication and also supports secure B2B communication which increases faith of the user and business organizations on wireless financial transaction using mobile devices.

Web-based GIS for spatial pattern detection: application to malaria incidence in Vietnam.

PubMed

Bui, Thanh Quang; Pham, Hai Minh

2016-01-01

There is a great concern on how to build up an interoperable health information system of public health and health information technology within the development of public information and health surveillance programme. Technically, some major issues remain regarding to health data visualization, spatial processing of health data, health information dissemination, data sharing and the access of local communities to health information. In combination with GIS, we propose a technical framework for web-based health data visualization and spatial analysis. Data was collected from open map-servers and geocoded by open data kit package and data geocoding tools. The Web-based system is designed based on Open-source frameworks and libraries. The system provides Web-based analyst tool for pattern detection through three spatial tests: Nearest neighbour, K function, and Spatial Autocorrelation. The result is a web-based GIS, through which end users can detect disease patterns via selecting area, spatial test parameters and contribute to managers and decision makers. The end users can be health practitioners, educators, local communities, health sector authorities and decision makers. This web-based system allows for the improvement of health related services to public sector users as well as citizens in a secure manner. The combination of spatial statistics and web-based GIS can be a solution that helps empower health practitioners in direct and specific intersectional actions, thus provide for better analysis, control and decision-making.

Grid Technology as a Cyberinfrastructure for Delivering High-End Services to the Earth and Space Science Community

NASA Technical Reports Server (NTRS)

Hinke, Thomas H.

2004-01-01

Grid technology consists of middleware that permits distributed computations, data and sensors to be seamlessly integrated into a secure, single-sign-on processing environment. In &is environment, a user has to identify and authenticate himself once to the grid middleware, and then can utilize any of the distributed resources to which he has been,panted access. Grid technology allows resources that exist in enterprises that are under different administrative control to be securely integrated into a single processing environment The grid community has adopted commercial web services technology as a means for implementing persistent, re-usable grid services that sit on top of the basic distributed processing environment that grids provide. These grid services can then form building blocks for even more complex grid services. Each grid service is characterized using the Web Service Description Language, which provides a description of the interface and how other applications can access it. The emerging Semantic grid work seeks to associates sufficient semantic information with each grid service such that applications wii1 he able to automatically select, compose and if necessary substitute available equivalent services in order to assemble collections of services that are most appropriate for a particular application. Grid technology has been used to provide limited support to various Earth and space science applications. Looking to the future, this emerging grid service technology can provide a cyberinfrastructures for both the Earth and space science communities. Groups within these communities could transform those applications that have community-wide applicability into persistent grid services that are made widely available to their respective communities. In concert with grid-enabled data archives, users could easily create complex workflows that extract desired data from one or more archives and process it though an appropriate set of widely distributed grid services discovered using semantic grid technology. As required, high-end computational resources could be drawn from available grid resource pools. Using grid technology, this confluence of data, services and computational resources could easily be harnessed to transform data from many different sources into a desired product that is delivered to a user's workstation or to a web portal though which it could be accessed by its intended audience.

An innovative privacy preserving technique for incremental datasets on cloud computing.

PubMed

Aldeen, Yousra Abdul Alsahib S; Salleh, Mazleena; Aljeroudi, Yazan

2016-08-01

Cloud computing (CC) is a magnificent service-based delivery with gigantic computer processing power and data storage across connected communications channels. It imparted overwhelming technological impetus in the internet (web) mediated IT industry, where users can easily share private data for further analysis and mining. Furthermore, user affable CC services enable to deploy sundry applications economically. Meanwhile, simple data sharing impelled various phishing attacks and malware assisted security threats. Some privacy sensitive applications like health services on cloud that are built with several economic and operational benefits necessitate enhanced security. Thus, absolute cyberspace security and mitigation against phishing blitz became mandatory to protect overall data privacy. Typically, diverse applications datasets are anonymized with better privacy to owners without providing all secrecy requirements to the newly added records. Some proposed techniques emphasized this issue by re-anonymizing the datasets from the scratch. The utmost privacy protection over incremental datasets on CC is far from being achieved. Certainly, the distribution of huge datasets volume across multiple storage nodes limits the privacy preservation. In this view, we propose a new anonymization technique to attain better privacy protection with high data utility over distributed and incremental datasets on CC. The proficiency of data privacy preservation and improved confidentiality requirements is demonstrated through performance evaluation. Copyright © 2016 Elsevier Inc. All rights reserved.

Research on application information system integration platform in medicine manufacturing enterprise.

PubMed

Deng, Wu; Zhao, Huimin; Zou, Li; Li, Yuanyuan; Li, Zhengguang

2012-08-01

Computer and information technology popularizes in the medicine manufacturing enterprise for its potentials in working efficiency and service quality. In allusion to the explosive data and information of application system in current medicine manufacturing enterprise, we desire to propose a novel application information system integration platform in medicine manufacturing enterprise, which based on a combination of RFID technology and SOA, to implement information sharing and alternation. This method exploits the application integration platform across service interface layer to invoke the RFID middleware. The loose coupling in integration solution is realized by Web services. The key techniques in RFID event components and expanded role-based security access mechanism are studied in detail. Finally, a case study is implemented and tested to evidence our understanding on application system integration platform in medicine manufacturing enterprise.

Design and implementation of a secure and user-friendly broker platform supporting the end-to-end provisioning of e-homecare services.

PubMed

Van Hoecke, Sofie; Steurbaut, Kristof; Taveirne, Kristof; De Turck, Filip; Dhoedt, Bart

2010-01-01

We designed a broker platform for e-homecare services using web service technology. The broker allows efficient data communication and guarantees quality requirements such as security, availability and cost-efficiency by dynamic selection of services, minimizing user interactions and simplifying authentication through a single user sign-on. A prototype was implemented, with several e-homecare services (alarm, telemonitoring, audio diary and video-chat). It was evaluated by patients with diabetes and multiple sclerosis. The patients found that the start-up time and overhead imposed by the platform was satisfactory. Having all e-homecare services integrated into a single application, which required only one login, resulted in a high quality of experience for the patients.

Incentives to Encourage Scientific Web Contribution (Invited)

NASA Astrophysics Data System (ADS)

Antunes, A. K.

2010-12-01

We suggest improvements to citation standards and creation of remuneration opportunities to encourage career scientist contributions to Web2.0 and social media science channels. At present, agencies want to accomplish better outreach and engagement with no funding, while scientists sacrifice their personal time to contribute to web and social media sites. Securing active participation by scientists requires career recognition of the value scientists provide to web knowledge bases and to the general public. One primary mechanism to encourage participation is citation standards, which let a contributor improve their reputation in a quantifiable way. But such standards must be recognized by their scientific and workplace communities. Using case studies such as the acceptance of web in the workplace and the growth of open access journals, we examine what agencies and individual can do as well as the time scales needed to secure increased active contribution by scientists. We also discuss ways to jumpstart this process.

Security issues of Internet-based biometric authentication systems: risks of Man-in-the-Middle and BioPhishing on the example of BioWebAuth

NASA Astrophysics Data System (ADS)

Zeitz, Christian; Scheidat, Tobias; Dittmann, Jana; Vielhauer, Claus; González Agulla, Elisardo; Otero Muras, Enrique; García Mateo, Carmen; Alba Castro, José L.

2008-02-01

Beside the optimization of biometric error rates the overall security system performance in respect to intentional security attacks plays an important role for biometric enabled authentication schemes. As traditionally most user authentication schemes are knowledge and/or possession based, firstly in this paper we present a methodology for a security analysis of Internet-based biometric authentication systems by enhancing known methodologies such as the CERT attack-taxonomy with a more detailed view on the OSI-Model. Secondly as proof of concept, the guidelines extracted from this methodology are strictly applied to an open source Internet-based biometric authentication system (BioWebAuth). As case studies, two exemplary attacks, based on the found security leaks, are investigated and the attack performance is presented to show that during the biometric authentication schemes beside biometric error performance tuning also security issues need to be addressed. Finally, some design recommendations are given in order to ensure a minimum security level.

Grid-based HPC astrophysical applications at INAF Catania.

NASA Astrophysics Data System (ADS)

Costa, A.; Calanducci, A.; Becciani, U.; Capuzzo Dolcetta, R.

The research activity on grid area at INAF Catania has been devoted to two main goals: the integration of a multiprocessor supercomputer (IBM SP4) within INFN-GRID middleware and the developing of a web-portal, Astrocomp-G, for the submission of astrophysical jobs into the grid infrastructure. Most of the actual grid implementation infrastructure is based on common hardware, i.e. i386 architecture machines (Intel Celeron, Pentium III, IV, Amd Duron, Athlon) using Linux RedHat OS. We were the first institute to integrate a totally different machine, an IBM SP with RISC architecture and AIX OS, as a powerful Worker Node inside a grid infrastructure. We identified and ported to AIX OS the grid components dealing with job monitoring and execution and properly tuned the Computing Element to delivery jobs into this special Worker Node. For testing purpose we used MARA, an astrophysical application for the analysis of light curve sequences. Astrocomp-G is a user-friendly front end to our grid site. Users who want to submit the astrophysical applications already available in the portal need to own a valid personal X509 certificate in addiction to a username and password released by the grid portal web master. The personal X509 certificate is a prerequisite for the creation of a short or long-term proxy certificate that allows the grid infrastructure services to identify clearly whether the owner of the job has the permissions to use resources and data. X509 and proxy certificates are part of GSI (Grid Security Infrastructure), a standard security tool adopted by all major grid sites around the world.

An Improved Publication Process for the UMVF.

PubMed

Renard, Jean-Marie; Brunetaud, Jean-Marc; Cuggia, Marc; Darmoni, Stephan; Lebeux, Pierre; Beuscart, Régis

2005-01-01

The "Université Médicale Virtuelle Francophone" (UMVF) is a federation of French medical schools. Its main goal is to share the production and use of pedagogic medical resources generated by academic medical teachers. We developed an Open-Source application based upon a workflow system which provides an improved publication process for the UMVF. For teachers, the tool permits easy and efficient upload of new educational resources. For web masters it provides a mechanism to easily locate and validate the resources. For both the teachers and the web masters, the utility provides the control and communication functions that define a workflow system.For all users, students in particular, the application improves the value of the UMVF repository by providing an easy way to find a detailed description of a resource and to check any resource from the UMVF to ascertain its quality and integrity, even if the resource is an old deprecated version. The server tier of the application is used to implement the main workflow functionalities and is deployed on certified UMVF servers using the PHP language, an LDAP directory and an SQL database. The client tier of the application provides both the workflow and the search and check functionalities and is implemented using a Java applet through a W3C compliant web browser. A unique signature for each resource, was needed to provide security functionality and is implemented using the MD5 Digest algorithm. The testing performed by Rennes and Lille verified the functionality and conformity with our specifications.

A web-based clinical trial management system for a sham-controlled multicenter clinical trial in depression.

PubMed

Durkalski, Valerie; Wenle Zhao; Dillon, Catherine; Kim, Jaemyung

2010-04-01

Clinical trial investigators and sponsors invest vast amounts of resources and energy into conducting trials and often face daily challenges with data management, project management, and data quality control. Rather than waiting months for study progress reports, investigators need the ability to use real-time data for the coordination and management of study activities across all study team members including site investigators, oversight committees, data and safety monitoring boards, and medical safety monitors. Web-based data management systems are beginning to meet this need but what distinguishes one system from the other are user needs/requirements and cost. To illustrate the development and implementation of a web-based data and project management system for a multicenter clinical trial designed to test the superiority of repeated transcranial magnetic stimulation versus sham for the treatment of patients with major depression. The authors discuss the reasons for not using a commercially available system for this study and describe the approach to developing their own web-based system for the OPT-TMS study. Timelines, effort, system architecture, and lessons learned are shared with the hope that this information will direct clinical trial researchers and software developers towards more efficient, user-friendly systems. The developers use a combination of generic and custom application code to allow for the flexibility to adapt the system to the needs of the study. Features of the system include: central participant registration and randomization; secure data entry at the site; participant progress/study calendar; safety data reporting; device accounting; monitor verification; and user-configurable generic reports and built-in customized reports. Hard coding was more time-efficient to address project-specific issues compared with the effort of creating a generic code application. As a consequence of this strategy, the required maintenance of the system is increased and the value of using this system for other trials is reduced. Web-based central computerized systems offer time-saving, secure options for managing clinical trial data. The choice of a commercially available system or an internally developed system is determined by the requirements of the study and users. Pros and cons to both approaches were discussed. If the intention is to use the system for various trials (single and multi-center, phases I-III) across various therapeutic areas, then the overall design should be a generic structure that simplifies the general application with minimal loss of functionality.

OC ToGo: bed site image integration into OpenClinica with mobile devices

NASA Astrophysics Data System (ADS)

Haak, Daniel; Gehlen, Johan; Jonas, Stephan; Deserno, Thomas M.

2014-03-01

Imaging and image-based measurements nowadays play an essential role in controlled clinical trials, but electronic data capture (EDC) systems insufficiently support integration of captured images by mobile devices (e.g. smartphones and tablets). The web application OpenClinica has established as one of the world's leading EDC systems and is used to collect, manage and store data of clinical trials in electronic case report forms (eCRFs). In this paper, we present a mobile application for instantaneous integration of images into OpenClinica directly during examination on patient's bed site. The communication between the Android application and OpenClinica is based on the simple object access protocol (SOAP) and representational state transfer (REST) web services for metadata, and secure file transfer protocol (SFTP) for image transfer, respectively. OpenClinica's web services are used to query context information (e.g. existing studies, events and subjects) and to import data into the eCRF, as well as export of eCRF metadata and structural information. A stable image transfer is ensured and progress information (e.g. remaining time) visualized to the user. The workflow is demonstrated for a European multi-center registry, where patients with calciphylaxis disease are included. Our approach improves the EDC workflow, saves time, and reduces costs. Furthermore, data privacy is enhanced, since storage of private health data on the imaging devices becomes obsolete.

Security Techniques for Prevention of Rank Manipulation in Social Tagging Services including Robotic Domains

PubMed Central

2014-01-01

With smartphone distribution becoming common and robotic applications on the rise, social tagging services for various applications including robotic domains have advanced significantly. Though social tagging plays an important role when users are finding the exact information through web search, reliability and semantic relation between web contents and tags are not considered. Spams are making ill use of this aspect and put irrelevant tags deliberately on contents and induce users to advertise contents when they click items of search results. Therefore, this study proposes a detection method for tag-ranking manipulation to solve the problem of the existing methods which cannot guarantee the reliability of tagging. Similarity is measured for ranking the grade of registered tag on the contents, and weighted values of each tag are measured by means of synonym relevance, frequency, and semantic distances between tags. Lastly, experimental evaluation results are provided and its efficiency and accuracy are verified through them. PMID:25114975

Grids for Dummies: Featuring Earth Science Data Mining Application

NASA Technical Reports Server (NTRS)

Hinke, Thomas H.

2002-01-01

This viewgraph presentation discusses the concept and advantages of linking computers together into data grids, an emerging technology for managing information across institutions, and potential users of data grids. The logistics of access to a grid, including the use of the World Wide Web to access grids, and security concerns are also discussed. The potential usefulness of data grids to the earth science community is also discussed, as well as the Global Grid Forum, and other efforts to establish standards for data grids.

Constructing paths through social networks for disease surveillance

NASA Astrophysics Data System (ADS)

Greene, Marjorie

2011-06-01

Global health security needs better information on biological threats such as pandemics and bioterrorism that pose ever-increasing dangers for the health of populations worldwide. A vast amount of real-time information about infectious disease outbreaks is found in various forms of Web-based data streams. There are advantages and disadvantages of Internet-based surveillance and it has been suggested that an important research area will be to evaluate the application of technologies that will provide benefits to outbreak disease control at local, national, and international levels.

Data privacy preservation in telemedicine: the PAIRSE project.

PubMed

Nageba, Ebrahim; Defude, Bruno; Morvan, Franck; Ghedira, Chirine; Fayn, Jocelyne

2011-01-01

The preservation of medical data privacy and confidentiality is a major challenge in eHealth systems and applications. A technological solution based on advanced information and communication systems architectures is needed in order to retrieve and exchange the patient's data in a secure and reliable manner. In this paper, we introduce the project PAIRSE, Preserving Privacy in Peer to Peer (P2P) environments, which proposes an original web service oriented framework preserving the privacy and confidentiality of shared or exchanged medical data.

A web-based information system for management and analysis of patient data after refractive eye surgery.

PubMed

Zuberbuhler, Bruno; Galloway, Peter; Reddy, Aravind; Saldana, Manuel; Gale, Richard

2007-12-01

The aim was to develop a software tool for refractive surgeons using a standard user-friendly web-based interface, providing the user with a secure environment to protect large volumes of patient data. The software application was named "Internet-based refractive analysis" (IBRA), and was programmed with the computer languages PHP, HTML and JavaScript, attached to the opensource MySQL database. IBRA facilitated internationally accepted presentation methods including the stability chart, the predictability chart and the safety chart; it was able to perform vector analysis for the course of a single patient or for group data. With the integrated nomogram calculation, treatment could be customised to reduce the postoperative refractive error. Multicenter functions permitted quality-control comparisons between different surgeons and laser units.

Real-Time Remote Monitoring with Data Acquisition System

NASA Astrophysics Data System (ADS)

Faizal Zainal Abidin, Ahmad; Huzaimy Jusoh, Mohammad; James, Elster; Junid, Syed Abdul Mutalib Al; Mohd Yassin, Ahmad Ihsan

2015-11-01

The purpose of this system is to provide monitoring system for an electrical device and enable remote monitoring via web based application. This monitoring system allow the user to monitor the device condition from anywhere as the information will be synchronised to the website. The current and voltage reading of the monitored equipment, ambient temperature and humidity level are monitored and recorded. These parameters will be updated on the web page. All these sensor are connected to the microcontroller and the data will saved in micro secure digital (SD) card and send all the gathered information to a web page using the GPRS service connection synchronously. The collected data will be displayed on the website and the user enable to download the data directly from the website. The system will help user to monitor the devices condition and ambient changes with ease. The system is successfully developed, tested and has been installed at residential area in Taman Cahaya Alam, Section U12, Shah Alam, Selangor, Malaysia.

Tools for Administration of a UNIX-Based Network

NASA Technical Reports Server (NTRS)

LeClaire, Stephen; Farrar, Edward

2004-01-01

Several computer programs have been developed to enable efficient administration of a large, heterogeneous, UNIX-based computing and communication network that includes a variety of computers connected to a variety of subnetworks. One program provides secure software tools for administrators to create, modify, lock, and delete accounts of specific users. This program also provides tools for users to change their UNIX passwords and log-in shells. These tools check for errors. Another program comprises a client and a server component that, together, provide a secure mechanism to create, modify, and query quota levels on a network file system (NFS) mounted by use of the VERITAS File SystemJ software. The client software resides on an internal secure computer with a secure Web interface; one can gain access to the client software from any authorized computer capable of running web-browser software. The server software resides on a UNIX computer configured with the VERITAS software system. Directories where VERITAS quotas are applied are NFS-mounted. Another program is a Web-based, client/server Internet Protocol (IP) address tool that facilitates maintenance lookup of information about IP addresses for a network of computers.

Internet/Web-based administration of benefits.

PubMed

Vitiello, J

2001-09-01

Most funds will face the challenge of deploying at least some Web-based functionality in the near future, if they have not already done so. Clear objectives and careful planning will help ensure success. Issues that must be considered include support requirements, security concerns, functional business objectives, and employer and member Web access.

A Course Evolves-Physical Anthropology.

ERIC Educational Resources Information Center

O'Neil, Dennis

2001-01-01

Describes the development of an online physical anthropology course at Palomar College (California) that evolved from online tutorials. Discusses the ability to update materials on the Web more quickly than in traditional textbooks; creating Web pages that are readable by most Web browsers; test security issues; and clarifying ownership of online…

Employment Security Tax

Science.gov Websites

Alaska > DOLWD > Employment Security Tax EMAIL SCAM ALERT (December 2012) On-line Employer Services Online Filing Demonstrations FAQs for TaxWeb Employer Report Notice Alaska Unemployment Insurance Tax Handbook The Employment Security Tax Section is responsible for providing assistance and information to

Is Domain Highlighting Actually Helpful in Identifying Phishing Web Pages?

PubMed

Xiong, Aiping; Proctor, Robert W; Yang, Weining; Li, Ninghui

2017-06-01

To evaluate the effectiveness of domain highlighting in helping users identify whether Web pages are legitimate or spurious. As a component of the URL, a domain name can be overlooked. Consequently, browsers highlight the domain name to help users identify which Web site they are visiting. Nevertheless, few studies have assessed the effectiveness of domain highlighting, and the only formal study confounded highlighting with instructions to look at the address bar. We conducted two phishing detection experiments. Experiment 1 was run online: Participants judged the legitimacy of Web pages in two phases. In Phase 1, participants were to judge the legitimacy based on any information on the Web page, whereas in Phase 2, they were to focus on the address bar. Whether the domain was highlighted was also varied. Experiment 2 was conducted similarly but with participants in a laboratory setting, which allowed tracking of fixations. Participants differentiated the legitimate and fraudulent Web pages better than chance. There was some benefit of attending to the address bar, but domain highlighting did not provide effective protection against phishing attacks. Analysis of eye-gaze fixation measures was in agreement with the task performance, but heat-map results revealed that participants' visual attention was attracted by the highlighted domains. Failure to detect many fraudulent Web pages even when the domain was highlighted implies that users lacked knowledge of Web page security cues or how to use those cues. Potential applications include development of phishing prevention training incorporating domain highlighting with other methods to help users identify phishing Web pages.

Detection and Prevention of Insider Threats in Database Driven Web Services

NASA Astrophysics Data System (ADS)

Chumash, Tzvi; Yao, Danfeng

In this paper, we take the first step to address the gap between the security needs in outsourced hosting services and the protection provided in the current practice. We consider both insider and outsider attacks in the third-party web hosting scenarios. We present SafeWS, a modular solution that is inserted between server side scripts and databases in order to prevent and detect website hijacking and unauthorized access to stored data. To achieve the required security, SafeWS utilizes a combination of lightweight cryptographic integrity and encryption tools, software engineering techniques, and security data management principles. We also describe our implementation of SafeWS and its evaluation. The performance analysis of our prototype shows the overhead introduced by security verification is small. SafeWS will allow business owners to significantly reduce the security risks and vulnerabilities of outsourcing their sensitive customer data to third-party providers.

Secure and robust cloud computing for high-throughput forensic microsatellite sequence analysis and databasing.

PubMed

Bailey, Sarah F; Scheible, Melissa K; Williams, Christopher; Silva, Deborah S B S; Hoggan, Marina; Eichman, Christopher; Faith, Seth A

2017-11-01

Next-generation Sequencing (NGS) is a rapidly evolving technology with demonstrated benefits for forensic genetic applications, and the strategies to analyze and manage the massive NGS datasets are currently in development. Here, the computing, data storage, connectivity, and security resources of the Cloud were evaluated as a model for forensic laboratory systems that produce NGS data. A complete front-to-end Cloud system was developed to upload, process, and interpret raw NGS data using a web browser dashboard. The system was extensible, demonstrating analysis capabilities of autosomal and Y-STRs from a variety of NGS instrumentation (Illumina MiniSeq and MiSeq, and Oxford Nanopore MinION). NGS data for STRs were concordant with standard reference materials previously characterized with capillary electrophoresis and Sanger sequencing. The computing power of the Cloud was implemented with on-demand auto-scaling to allow multiple file analysis in tandem. The system was designed to store resulting data in a relational database, amenable to downstream sample interpretations and databasing applications following the most recent guidelines in nomenclature for sequenced alleles. Lastly, a multi-layered Cloud security architecture was tested and showed that industry standards for securing data and computing resources were readily applied to the NGS system without disadvantageous effects for bioinformatic analysis, connectivity or data storage/retrieval. The results of this study demonstrate the feasibility of using Cloud-based systems for secured NGS data analysis, storage, databasing, and multi-user distributed connectivity. Copyright © 2017 Elsevier B.V. All rights reserved.

The Anatomy of a Grid portal

NASA Astrophysics Data System (ADS)

Licari, Daniele; Calzolari, Federico

2011-12-01

In this paper we introduce a new way to deal with Grid portals referring to our implementation. L-GRID is a light portal to access the EGEE/EGI Grid infrastructure via Web, allowing users to submit their jobs from a common Web browser in a few minutes, without any knowledge about the Grid infrastructure. It provides the control over the complete lifecycle of a Grid Job, from its submission and status monitoring, to the output retrieval. The system, implemented as client-server architecture, is based on the Globus Grid middleware. The client side application is based on a java applet; the server relies on a Globus User Interface. There is no need of user registration on the server side, and the user needs only his own X.509 personal certificate. The system is user-friendly, secure (it uses SSL protocol, mechanism for dynamic delegation and identity creation in public key infrastructures), highly customizable, open source, and easy to install. The X.509 personal certificate does not get out from the local machine. It allows to reduce the time spent for the job submission, granting at the same time a higher efficiency and a better security level in proxy delegation and management.

Secure medical digital libraries.

PubMed

Papadakis, I; Chrissikopoulos, V; Polemi, D

2001-12-01

In this paper, a secure medical digital library is presented. It is based on the CORBA specifications for distributed systems. The described approach relies on a three-tier architecture. Interaction between the medical digital library and its users is achieved through a Web server. The choice of employing Web technology for the dissemination of medical data has many advantages compared to older approaches, but also poses extra requirements that need to be fulfilled. Thus, special attention is paid to the distinguished nature of such medical data, whose integrity and confidentiality should be preserved at all costs. This is achieved through the employment of Trusted Third Parties (TTP) technology for the support of the required security services. Additionally, the proposed digital library employs smartcards for the management of the various security tokens that are used from the above services.

JACOB: an enterprise framework for computational chemistry.

PubMed

Waller, Mark P; Dresselhaus, Thomas; Yang, Jack

2013-06-15

Here, we present just a collection of beans (JACOB): an integrated batch-based framework designed for the rapid development of computational chemistry applications. The framework expedites developer productivity by handling the generic infrastructure tier, and can be easily extended by user-specific scientific code. Paradigms from enterprise software engineering were rigorously applied to create a scalable, testable, secure, and robust framework. A centralized web application is used to configure and control the operation of the framework. The application-programming interface provides a set of generic tools for processing large-scale noninteractive jobs (e.g., systematic studies), or for coordinating systems integration (e.g., complex workflows). The code for the JACOB framework is open sourced and is available at: www.wallerlab.org/jacob. Copyright © 2013 Wiley Periodicals, Inc.

Research on models of Digital City geo-information sharing platform

NASA Astrophysics Data System (ADS)

Xu, Hanwei; Liu, Zhihui; Badawi, Rami; Liu, Haiwang

2009-10-01

The data related to Digital City has the property of large quantity, isomerous and multiple dimensions. In the original copy method of data sharing, the application departments can not solve the problem of data updating and data security in real-time. This paper firstly analyzes various patterns of sharing Digital City information and on this basis the author provides a new shared mechanism of GIS Services, with which the data producers provide Geographic Information Services to the application users through Web API, so as to the data producers and the data users can do their best respectively. Then the author takes the application system in supermarket management as an example to explain the correctness and effectiveness of the method provided in this paper.

OpenID Connect as a security service in cloud-based medical imaging systems.

PubMed

Ma, Weina; Sartipi, Kamran; Sharghigoorabi, Hassan; Koff, David; Bak, Peter

2016-04-01

The evolution of cloud computing is driving the next generation of medical imaging systems. However, privacy and security concerns have been consistently regarded as the major obstacles for adoption of cloud computing by healthcare domains. OpenID Connect, combining OpenID and OAuth together, is an emerging representational state transfer-based federated identity solution. It is one of the most adopted open standards to potentially become the de facto standard for securing cloud computing and mobile applications, which is also regarded as "Kerberos of cloud." We introduce OpenID Connect as an authentication and authorization service in cloud-based diagnostic imaging (DI) systems, and propose enhancements that allow for incorporating this technology within distributed enterprise environments. The objective of this study is to offer solutions for secure sharing of medical images among diagnostic imaging repository (DI-r) and heterogeneous picture archiving and communication systems (PACS) as well as Web-based and mobile clients in the cloud ecosystem. The main objective is to use OpenID Connect open-source single sign-on and authorization service and in a user-centric manner, while deploying DI-r and PACS to private or community clouds should provide equivalent security levels to traditional computing model.

76 FR 7884 - Self-Regulatory Organizations; International Securities Exchange, LLC; Order Approving Proposed...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-02-11

... Industry Regulatory Authority's (``FINRA'') Central Registration Depository System (``Web CRD''), and must... proposed Rule 313 all associated persons that are not already registered in Web CRD must register (i.e... the Exchange via a Form U4 through FINRA's Web CRD. (Generally, all principals must qualify as...

32 CFR 806b.51 - Privacy and the Web.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 32 National Defense 6 2013-07-01 2013-07-01 false Privacy and the Web. 806b.51 Section 806b.51 National Defense Department of Defense (Continued) DEPARTMENT OF THE AIR FORCE ADMINISTRATION PRIVACY ACT... security notices at major web site entry points and Privacy Act statements or Privacy Advisories when...

Software Application Profile: Opal and Mica: open-source software solutions for epidemiological data management, harmonization and dissemination.

PubMed

Doiron, Dany; Marcon, Yannick; Fortier, Isabel; Burton, Paul; Ferretti, Vincent

2017-10-01

Improving the dissemination of information on existing epidemiological studies and facilitating the interoperability of study databases are essential to maximizing the use of resources and accelerating improvements in health. To address this, Maelstrom Research proposes Opal and Mica, two inter-operable open-source software packages providing out-of-the-box solutions for epidemiological data management, harmonization and dissemination. Opal and Mica are two standalone but inter-operable web applications written in Java, JavaScript and PHP. They provide web services and modern user interfaces to access them. Opal allows users to import, manage, annotate and harmonize study data. Mica is used to build searchable web portals disseminating study and variable metadata. When used conjointly, Mica users can securely query and retrieve summary statistics on geographically dispersed Opal servers in real-time. Integration with the DataSHIELD approach allows conducting more complex federated analyses involving statistical models. Opal and Mica are open-source and freely available at [www.obiba.org] under a General Public License (GPL) version 3, and the metadata models and taxonomies that accompany them are available under a Creative Commons licence. © The Author 2017; all rights reserved. Published by Oxford University Press on behalf of the International Epidemiological Association

A Web application for the management of clinical workflow in image-guided and adaptive proton therapy for prostate cancer treatments.

PubMed

Yeung, Daniel; Boes, Peter; Ho, Meng Wei; Li, Zuofeng

2015-05-08

Image-guided radiotherapy (IGRT), based on radiopaque markers placed in the prostate gland, was used for proton therapy of prostate patients. Orthogonal X-rays and the IBA Digital Image Positioning System (DIPS) were used for setup correction prior to treatment and were repeated after treatment delivery. Following a rationale for margin estimates similar to that of van Herk,(1) the daily post-treatment DIPS data were analyzed to determine if an adaptive radiotherapy plan was necessary. A Web application using ASP.NET MVC5, Entity Framework, and an SQL database was designed to automate this process. The designed features included state-of-the-art Web technologies, a domain model closely matching the workflow, a database-supporting concurrency and data mining, access to the DIPS database, secured user access and roles management, and graphing and analysis tools. The Model-View-Controller (MVC) paradigm allowed clean domain logic, unit testing, and extensibility. Client-side technologies, such as jQuery, jQuery Plug-ins, and Ajax, were adopted to achieve a rich user environment and fast response. Data models included patients, staff, treatment fields and records, correction vectors, DIPS images, and association logics. Data entry, analysis, workflow logics, and notifications were implemented. The system effectively modeled the clinical workflow and IGRT process.

Grid enablement of OpenGeospatial Web Services: the G-OWS Working Group

NASA Astrophysics Data System (ADS)

Mazzetti, Paolo

2010-05-01

In last decades two main paradigms for resource sharing emerged and reached maturity: the Web and the Grid. They both demonstrate suitable for building Distributed Computing Infrastructures (DCIs) supporting the coordinated sharing of resources (i.e. data, information, services, etc) on the Internet. Grid and Web DCIs have much in common as a result of their underlying Internet technology (protocols, models and specifications). However, being based on different requirements and architectural approaches, they show some differences as well. The Web's "major goal was to be a shared information space through which people and machines could communicate" [Berners-Lee 1996]. The success of the Web, and its consequent pervasiveness, made it appealing for building specialized systems like the Spatial Data Infrastructures (SDIs). In this systems the introduction of Web-based geo-information technologies enables specialized services for geospatial data sharing and processing. The Grid was born to achieve "flexible, secure, coordinated resource sharing among dynamic collections of individuals, institutions, and resources" [Foster 2001]. It specifically focuses on large-scale resource sharing, innovative applications, and, in some cases, high-performance orientation. In the Earth and Space Sciences (ESS) the most part of handled information is geo-referred (geo-information) since spatial and temporal meta-information is of primary importance in many application domains: Earth Sciences, Disasters Management, Environmental Sciences, etc. On the other hand, in several application areas there is the need of running complex models which require the large processing and storage capabilities that the Grids are able to provide. Therefore the integration of geo-information and Grid technologies might be a valuable approach in order to enable advanced ESS applications. Currently both geo-information and Grid technologies have reached a high level of maturity, allowing to build such an integration on existing solutions. More specifically, the Open Geospatial Consortium (OGC) Web Services (OWS) specifications play a fundamental role in geospatial information sharing (e.g. in INSPIRE Implementing Rules, GEOSS architecture, GMES Services, etc.). On the Grid side, the gLite middleware, developed in the European EGEE (Enabling Grids for E-sciencE) Projects, is widely spread in Europe and beyond, proving its high scalability and it is one of the middleware chosen for the future European Grid Infrastructure (EGI) initiative. Therefore the convergence between OWS and gLite technologies would be desirable for a seamless access to the Grid capabilities through OWS-compliant systems. Anyway, to achieve this harmonization there are some obstacles to overcome. Firstly, a semantics mismatch must be addressed: gLite handle low-level (e.g. close to the machine) concepts like "file", "data", "instruments", "job", etc., while geo-information services handle higher-level (closer to the human) concepts like "coverage", "observation", "measurement", "model", etc. Secondly, an architectural mismatch must be addressed: OWS implements a Web Service-Oriented-Architecture which is stateless, synchronous and with no embedded security (which is demanded to other specs), while gLite implements the Grid paradigm in an architecture which is stateful, asynchronous (even not fully event-based) and with strong embedded security (based on the VO paradigm). In recent years many initiatives and projects have worked out possible approaches for implementing Grid-enabled OWSs. Just to mention some: (i) in 2007 the OGC has signed a Memorandum of Understanding with the Open Grid Forum, "a community of users, developers, and vendors leading the global standardization effort for grid computing."; (ii) the OGC identified "WPS Profiles - Conflation; and Grid processing" as one of the tasks in the Geo Processing Workflow theme of the OWS Phase 6 (OWS-6); (iii) several national, European and international projects investigated different aspects of this integration, developing demonstrators and Proof-of-Concepts; In this context, "gLite enablement of OpenGeospatial Web Services" (G-OWS) is an initiative started in 2008 by the European CYCLOPS, GENESI-DR, and DORII Projects Consortia in order to collect/coordinate experiences on the enablement of OWS on top of the gLite middleware [GOWS]. Currently G-OWS counts ten member organizations from Europe and beyond, and four European Projects involved. It broadened its scope to the development of Spatial Data and Information Infrastructures (SDI and SII) based on the Grid/Cloud capacity in order to enable Earth Science applications and tools. Its operational objectives are the following: i) to contribute to the OGC-OGF initiative; ii) to release a reference implementation as standard gLite APIs (under the gLite software license); iii) to release a reference model (including procedures and guidelines) for OWS Grid-ification, as far as gLite is concerned; iv) to foster and promote the formation of consortiums for participation to projects/initiatives aimed at building Grid-enabled SDIs To achieve this objectives G-OWS bases its activities on two main guiding principles: a) the adoption of a service-oriented architecture based on the information modelling approach, and b) standardization as a means of achieving interoperability (i.e. adoption of standards from ISO TC211, OGC OWS, OGF). In the first year of activity G-OWS has designed a general architectural framework stemming from the FP6 CYCLOPS studies and enriched by the outcomes of other projects and initiatives involved (i.e. FP7 GENESI-DR, FP7 DORII, AIST GeoGrid, etc.). Some proof-of-concepts have been developed to demonstrate the flexibility and scalability of such architectural framework. The G-OWS WG developed implementations of gLite-enabled Web Coverage Service (WCS) and Web Processing Service (WPS), and an implementation of a Shibboleth authentication for gLite-enabled OWS in order to evaluate the possible integration of Web and Grid security models. The presentation will aim to communicate the G-OWS organization, activities, future plans and means to involve the ESSI community. References [Berners-Lee 1996] T. Berners-Lee, "WWW: Past, present, and future". IEEE Computer, 29(10), Oct. 1996, pp. 69-77. [Foster 2001] I. Foster, C. Kesselman and S. Tuecke, "The Anatomy of the Grid. The International Journal ofHigh Performance Computing Applications", 15(3):200-222, Fall 2001 [GOWS] G-OWS WG, https://www.g-ows.org/, accessed: 15 January 2010

A Low-Cost and Secure Solution for e-Commerce

NASA Astrophysics Data System (ADS)

Pasquet, Marc; Vacquez, Delphine; Rosenberger, Christophe

We present in this paper a new architecture for remote banking and e-commerce applications. The proposed solution is designed to be low cost and provides some good guarantees of security for a client and his bank issuer. Indeed, the main problem for an issuer is to identify and authenticate one client (a cardholder) using his personal computer through the web when this client wants to access to remote banking services or when he wants to pay on a e-commerce site equipped with 3D-secure payment solution. The proposed solution described in this paper is MasterCard Chip Authentication Program compliant and was experimented in the project called SOPAS. The main contribution of this system consists in the use of a smartcard with a I2C bus that pilots a terminal only equipped with a screen and a keyboard. During the use of services, the user types his PIN code on the keyboard and all the security part of the transaction is performed by the chip of the smartcard. None information of security stays on the personal computer and a dynamic token created by the card is sent to the bank and verified by the front end. We present first the defined methodology and we analyze the main security aspects of the proposed solution.

Development of mobile preventive notification system (PreNotiS)

NASA Astrophysics Data System (ADS)

Kumar, Abhinav; Akopian, David; Chen, Philip

2009-02-01

The tasks achievable by mobile handsets continuously exceed our imagination. Statistics show that the mobile phone sales are soaring, rising exponentially year after year with predictions being that they will rise to a billion units in 2009, with a large section of these being smartphones. Mobile service providers, mobile application developers and researchers have been working closely over the past decade to bring about revolutionary and hardware and software advancements in hand-sets such as embedded digital camera, large memory capacity, accelerometer, touch sensitive screens, GPS, Wi- Fi capabilities etc. as well as in the network infrastructure to support these features. Recently we presented a multi-platform, massive data collection system from distributive sources such as cell phone users1 called PreNotiS. This technology was intended to significantly simplify the response to the events and help e.g. special agencies to gather crucial information in time and respond as quickly as possible to prevent or contain potential emergency situations and act as a massive, centralized evidence collection mechanism that effectively exploits the advancements in mobile application development platforms and the existing network infrastructure to present an easy-touse, fast and effective tool to mobile phone users. We successfully demonstrated the functionality of the client-server application suite to post user information onto the server. This paper presents a new version of the system PreNotiS, with a revised client application and with all new server capabilities. PreNotiS still puts forth the idea of having a fast, efficient client-server based application suite for mobile phones which through a highly simplified user interface will collect security/calamity based information in a structured format from first responders and relay that structured information to a central server where this data is sorted into a database in a predefined manner. This information which includes selections, images and text will be instantly available to authorities and action forces through a secure web portal thus helping them to make decisions in a timely and prompt manner. All the cell phones have self-localizing capability according to FCC E9112 mandate, thus the communicated information can be further tagged automatically by location and time information at the server making all this information available through the secure web-portal.

Geospatial Applications on Different Parallel and Distributed Systems in enviroGRIDS Project

NASA Astrophysics Data System (ADS)

Rodila, D.; Bacu, V.; Gorgan, D.

2012-04-01

The execution of Earth Science applications and services on parallel and distributed systems has become a necessity especially due to the large amounts of Geospatial data these applications require and the large geographical areas they cover. The parallelization of these applications comes to solve important performance issues and can spread from task parallelism to data parallelism as well. Parallel and distributed architectures such as Grid, Cloud, Multicore, etc. seem to offer the necessary functionalities to solve important problems in the Earth Science domain: storing, distribution, management, processing and security of Geospatial data, execution of complex processing through task and data parallelism, etc. A main goal of the FP7-funded project enviroGRIDS (Black Sea Catchment Observation and Assessment System supporting Sustainable Development) [1] is the development of a Spatial Data Infrastructure targeting this catchment region but also the development of standardized and specialized tools for storing, analyzing, processing and visualizing the Geospatial data concerning this area. For achieving these objectives, the enviroGRIDS deals with the execution of different Earth Science applications, such as hydrological models, Geospatial Web services standardized by the Open Geospatial Consortium (OGC) and others, on parallel and distributed architecture to maximize the obtained performance. This presentation analysis the integration and execution of Geospatial applications on different parallel and distributed architectures and the possibility of choosing among these architectures based on application characteristics and user requirements through a specialized component. Versions of the proposed platform have been used in enviroGRIDS project on different use cases such as: the execution of Geospatial Web services both on Web and Grid infrastructures [2] and the execution of SWAT hydrological models both on Grid and Multicore architectures [3]. The current focus is to integrate in the proposed platform the Cloud infrastructure, which is still a paradigm with critical problems to be solved despite the great efforts and investments. Cloud computing comes as a new way of delivering resources while using a large set of old as well as new technologies and tools for providing the necessary functionalities. The main challenges in the Cloud computing, most of them identified also in the Open Cloud Manifesto 2009, address resource management and monitoring, data and application interoperability and portability, security, scalability, software licensing, etc. We propose a platform able to execute different Geospatial applications on different parallel and distributed architectures such as Grid, Cloud, Multicore, etc. with the possibility of choosing among these architectures based on application characteristics and complexity, user requirements, necessary performances, cost support, etc. The execution redirection on a selected architecture is realized through a specialized component and has the purpose of offering a flexible way in achieving the best performances considering the existing restrictions.

Written online situational feedback via mobile phone to support self-management of chronic widespread pain: a usability study of a Web-based intervention

PubMed Central

2011-01-01

Background This pretrial study aimed to develop and test the usability of a four-week Internet intervention delivered by a Web-enabled mobile phone to support self-management of chronic widespread pain. Methods The intervention included daily online entries and individualized written feedback, grounded in a mindfulness-based cognitive behavioral approach. The participants registered activities, emotions and pain cognitions three times daily using the mobile device. The therapist had immediate access to this information through a secure Web site. The situational information was used to formulate and send a personalized text message to the participant with the aim of stimulating effective self-management of the current situation. Six women participated and evaluated the experience. Results The intervention was rated as supportive, meaningful and user-friendly by the majority of the women. The response rate to the daily registration entries was high and technical problems were few. Conclusion The results indicate a feasible intervention. Web-applications are fast becoming standard features of mobile phones and interventions of this kind can therefore be more available than before. Trial registration number ClinicalTrials.gov: NCT01236209 PMID:21352516

An implementation of a security infrastructure compliant with the Italian Personal Data Protection Code in a web-based cooperative work system.

PubMed

Eccher, Claudio; Eccher, Lorenzo; Izzo, Umberto

2005-01-01

In this poster we describe the security solutions implemented in a web-based cooperative work frame-work for managing heart failure patients among different health care professionals involved in the care process. The solution, developed in close collaboration with the Law Department of the University of Trento, is compliant with the new Italian Personal Data Protection Code, issued in 2003, that regulates also the storing and processing of health data.

48 CFR 1804.470-3 - IT security requirements.

Code of Federal Regulations, 2011 CFR

2011-10-01

... the provisioning of services or products (e.g., research and development, engineering, manufacturing... Policies are available at the NASA IT Security Policy Web site at: http://www.nasa.gov/offices/ocio...

High-performance integrated virtual environment (HIVE): a robust infrastructure for next-generation sequence data analysis

PubMed Central

Simonyan, Vahan; Chumakov, Konstantin; Dingerdissen, Hayley; Faison, William; Goldweber, Scott; Golikov, Anton; Gulzar, Naila; Karagiannis, Konstantinos; Vinh Nguyen Lam, Phuc; Maudru, Thomas; Muravitskaja, Olesja; Osipova, Ekaterina; Pan, Yang; Pschenichnov, Alexey; Rostovtsev, Alexandre; Santana-Quintero, Luis; Smith, Krista; Thompson, Elaine E.; Tkachenko, Valery; Torcivia-Rodriguez, John; Wan, Quan; Wang, Jing; Wu, Tsung-Jung; Wilson, Carolyn; Mazumder, Raja

2016-01-01

The High-performance Integrated Virtual Environment (HIVE) is a distributed storage and compute environment designed primarily to handle next-generation sequencing (NGS) data. This multicomponent cloud infrastructure provides secure web access for authorized users to deposit, retrieve, annotate and compute on NGS data, and to analyse the outcomes using web interface visual environments appropriately built in collaboration with research and regulatory scientists and other end users. Unlike many massively parallel computing environments, HIVE uses a cloud control server which virtualizes services, not processes. It is both very robust and flexible due to the abstraction layer introduced between computational requests and operating system processes. The novel paradigm of moving computations to the data, instead of moving data to computational nodes, has proven to be significantly less taxing for both hardware and network infrastructure. The honeycomb data model developed for HIVE integrates metadata into an object-oriented model. Its distinction from other object-oriented databases is in the additional implementation of a unified application program interface to search, view and manipulate data of all types. This model simplifies the introduction of new data types, thereby minimizing the need for database restructuring and streamlining the development of new integrated information systems. The honeycomb model employs a highly secure hierarchical access control and permission system, allowing determination of data access privileges in a finely granular manner without flooding the security subsystem with a multiplicity of rules. HIVE infrastructure will allow engineers and scientists to perform NGS analysis in a manner that is both efficient and secure. HIVE is actively supported in public and private domains, and project collaborations are welcomed. Database URL: https://hive.biochemistry.gwu.edu PMID:26989153

High-performance integrated virtual environment (HIVE): a robust infrastructure for next-generation sequence data analysis.

PubMed

Simonyan, Vahan; Chumakov, Konstantin; Dingerdissen, Hayley; Faison, William; Goldweber, Scott; Golikov, Anton; Gulzar, Naila; Karagiannis, Konstantinos; Vinh Nguyen Lam, Phuc; Maudru, Thomas; Muravitskaja, Olesja; Osipova, Ekaterina; Pan, Yang; Pschenichnov, Alexey; Rostovtsev, Alexandre; Santana-Quintero, Luis; Smith, Krista; Thompson, Elaine E; Tkachenko, Valery; Torcivia-Rodriguez, John; Voskanian, Alin; Wan, Quan; Wang, Jing; Wu, Tsung-Jung; Wilson, Carolyn; Mazumder, Raja

2016-01-01

The High-performance Integrated Virtual Environment (HIVE) is a distributed storage and compute environment designed primarily to handle next-generation sequencing (NGS) data. This multicomponent cloud infrastructure provides secure web access for authorized users to deposit, retrieve, annotate and compute on NGS data, and to analyse the outcomes using web interface visual environments appropriately built in collaboration with research and regulatory scientists and other end users. Unlike many massively parallel computing environments, HIVE uses a cloud control server which virtualizes services, not processes. It is both very robust and flexible due to the abstraction layer introduced between computational requests and operating system processes. The novel paradigm of moving computations to the data, instead of moving data to computational nodes, has proven to be significantly less taxing for both hardware and network infrastructure.The honeycomb data model developed for HIVE integrates metadata into an object-oriented model. Its distinction from other object-oriented databases is in the additional implementation of a unified application program interface to search, view and manipulate data of all types. This model simplifies the introduction of new data types, thereby minimizing the need for database restructuring and streamlining the development of new integrated information systems. The honeycomb model employs a highly secure hierarchical access control and permission system, allowing determination of data access privileges in a finely granular manner without flooding the security subsystem with a multiplicity of rules. HIVE infrastructure will allow engineers and scientists to perform NGS analysis in a manner that is both efficient and secure. HIVE is actively supported in public and private domains, and project collaborations are welcomed. Database URL: https://hive.biochemistry.gwu.edu. © The Author(s) 2016. Published by Oxford University Press.

77 FR 19408 - Reinstate Index to Chapter III in 20 CFR

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-30

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA-2012-0018] Reinstate Index to Chapter III in 20 CFR AGENCY: Social Security Administration. ACTION: Notice; correction. SUMMARY: The Social Security... Chapter III in Title 20 of the Code of Federal Regulations. The document contains a misprinted Web site...

School Safety and Security.

ERIC Educational Resources Information Center

California State Dept. of Education, Sacramento.

This document offers additional guidelines for school facilities in California in the areas of safety and security, lighting, and cleanliness. It also offers a description of technology resources available on the World Wide Web. On the topic of safety and security, the document offers guidelines in the areas of entrances, doors, and controlled…

78 FR 13897 - Final Revision and Publication of the 2012 Form M-1, Notice

Federal Register 2010, 2011, 2012, 2013, 2014

2013-03-01

... DEPARTMENT OF LABOR Employee Benefits Security Administration RIN 1210-AB51 Final Revision and Publication of the 2012 Form M-1, Notice AGENCY: Employee Benefits Security Administration, Department of... Security Administration's (EBSA) Web site at www.dol.gov/ebsa . The revised form is substantively different...

17 CFR 248.126 - Delivery of opt out notices.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 17 Commodity and Securities Exchanges 4 2014-04-01 2014-04-01 false Delivery of opt out notices. 248.126 Section 248.126 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION... Internet Web site at which the consumer obtained a product or service electronically and requires the...

17 CFR 248.124 - Reasonable opportunity to opt out.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 17 Commodity and Securities Exchanges 3 2012-04-01 2012-04-01 false Reasonable opportunity to opt out. 248.124 Section 248.124 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION... Internet Web site at which the consumer has obtained a product or service. The consumer acknowledges...

17 CFR 248.124 - Reasonable opportunity to opt out.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 17 Commodity and Securities Exchanges 3 2011-04-01 2011-04-01 false Reasonable opportunity to opt out. 248.124 Section 248.124 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION... Internet Web site at which the consumer has obtained a product or service. The consumer acknowledges...

31 CFR 344.3 - What provisions apply to the SLGSafe Service?

Code of Federal Regulations, 2012 CFR

2012-07-01

... to the SLGSafe Service? (a) What is the SLGSafe Service? SLGSafe is a secure Internet site on the World Wide Web through which subscribers submit SLGS securities transactions. SLGSafe Internet... (Continued) FISCAL SERVICE, DEPARTMENT OF THE TREASURY BUREAU OF THE PUBLIC DEBT U.S. TREASURY SECURITIES...

17 CFR 248.126 - Delivery of opt out notices.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 17 Commodity and Securities Exchanges 3 2012-04-01 2012-04-01 false Delivery of opt out notices. 248.126 Section 248.126 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION... Internet Web site at which the consumer obtained a product or service electronically and requires the...

17 CFR 248.124 - Reasonable opportunity to opt out.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 17 Commodity and Securities Exchanges 4 2014-04-01 2014-04-01 false Reasonable opportunity to opt out. 248.124 Section 248.124 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION... Internet Web site at which the consumer has obtained a product or service. The consumer acknowledges...

17 CFR 248.126 - Delivery of opt out notices.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 17 Commodity and Securities Exchanges 3 2013-04-01 2013-04-01 false Delivery of opt out notices. 248.126 Section 248.126 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION... Internet Web site at which the consumer obtained a product or service electronically and requires the...

17 CFR 248.124 - Reasonable opportunity to opt out.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 17 Commodity and Securities Exchanges 3 2013-04-01 2013-04-01 false Reasonable opportunity to opt out. 248.124 Section 248.124 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION... Internet Web site at which the consumer has obtained a product or service. The consumer acknowledges...

17 CFR 248.126 - Delivery of opt out notices.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 17 Commodity and Securities Exchanges 3 2011-04-01 2011-04-01 false Delivery of opt out notices. 248.126 Section 248.126 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION... Internet Web site at which the consumer obtained a product or service electronically and requires the...

31 CFR 344.3 - What provisions apply to the SLGSafe Service?

Code of Federal Regulations, 2014 CFR

2014-07-01

... to the SLGSafe Service? (a) What is the SLGSafe Service? SLGSafe is a secure Internet site on the World Wide Web through which subscribers submit SLGS securities transactions. SLGSafe Internet... (Continued) FISCAL SERVICE, DEPARTMENT OF THE TREASURY BUREAU OF THE FISCAL SERVICE U.S. TREASURY SECURITIES...

31 CFR 344.3 - What provisions apply to the SLGSafe Service?

Code of Federal Regulations, 2013 CFR

2013-07-01

... to the SLGSafe Service? (a) What is the SLGSafe Service? SLGSafe is a secure Internet site on the World Wide Web through which subscribers submit SLGS securities transactions. SLGSafe Internet... (Continued) FISCAL SERVICE, DEPARTMENT OF THE TREASURY BUREAU OF THE PUBLIC DEBT U.S. TREASURY SECURITIES...

17 CFR 248.124 - Reasonable opportunity to opt out.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 17 Commodity and Securities Exchanges 3 2010-04-01 2010-04-01 false Reasonable opportunity to opt out. 248.124 Section 248.124 Commodity and Securities Exchanges SECURITIES AND EXCHANGE COMMISSION... Internet Web site at which the consumer has obtained a product or service. The consumer acknowledges...

Defense.gov - Special Report - Travels With Gates

Science.gov Websites

/Photos Leaders DoD Web Sites Contact Us Shangri-La Dialogue: Asia Security Summit Alaska Visit – June Shangri-La Dialogue on Asia Security Summit, Singapore, May 30, 2009. DoD photo by U.S. Air Force Master Robert M. Gates opened the “Shangri-La Dialogue” Asia security summit outlining broad security issues

Addressing Software Security

NASA Technical Reports Server (NTRS)

Bailey, Brandon

2015-01-01

Historically security within organizations was thought of as an IT function (web sites/servers, email, workstation patching, etc.) Threat landscape has evolved (Script Kiddies, Hackers, Advanced Persistent Threat (APT), Nation States, etc.) Attack surface has expanded -Networks interconnected!! Some security posture factors Network Layer (Routers, Firewalls, etc.) Computer Network Defense (IPS/IDS, Sensors, Continuous Monitoring, etc.) Industrial Control Systems (ICS) Software Security (COTS, FOSS, Custom, etc.)

Novel Advancements in Internet-Based Real Time Data Technologies

NASA Technical Reports Server (NTRS)

Myers, Gerry; Welch, Clara L. (Technical Monitor)

2002-01-01

AZ Technology has been working with MSFC Ground Systems Department to find ways to make it easier for remote experimenters (RPI's) to monitor their International Space Station (ISS) payloads in real-time from anywhere using standard/familiar devices. AZ Technology was awarded an SBIR Phase I grant to research the technologies behind and advancements of distributing live ISS data across the Internet. That research resulted in a product called "EZStream" which is in use on several ISS-related projects. Although the initial implementation is geared toward ISS, the architecture and lessons learned are applicable to other space-related programs. This paper presents the high-level architecture and components that make up EZStream. A combination of commercial-off-the-shelf (COTS) and custom components were used and their interaction will be discussed. The server is powered by Apache's Jakarta-Tomcat web server/servlet engine. User accounts are maintained in a My SQL database. Both Tomcat and MySQL are Open Source products. When used for ISS, EZStream pulls the live data directly from NASA's Telescience Resource Kit (TReK) API. TReK parses the ISS data stream into individual measurement parameters and performs on-the- fly engineering unit conversion and range checking before passing the data to EZStream for distribution. TReK is provided by NASA at no charge to ISS experimenters. By using a combination of well established Open Source, NASA-supplied. and AZ Technology-developed components, operations using EZStream are robust and economical. Security over the Internet is a major concern on most space programs. This paper describes how EZStream provides for secure connection to and transmission of space- related data over the public Internet. Display pages that show sensitive data can be placed under access control by EZStream. Users are required to login before being allowed to pull up those web pages. To enhance security, the EZStream client/server data transmissions can be encrypted to preclude interception. EZStream was developed to make use of a host of standard platforms and protocols. Each are discussed in detail in this paper. The I3ZStream server is written as Java Servlets. This allows different platforms (i.e. Windows, Unix, Linux . Mac) to host the server portion. The EZStream client component is written in two different flavors: JavaBean and ActiveX. The JavaBean component is used to develop Java Applet displays. The ActiveX component is used for developing ActiveX-based displays. Remote user devices will be covered including web browsers on PC#s and scaled-down displays for PDA's and smart cell phones. As mentioned. the interaction between EZStream (web/data server) and TReK (data source) will be covered as related to ISS. EZStream is being enhanced to receive and parse binary data stream directly. This makes EZStream beneficial to both the ISS International Partners and non-NASA applications (i.e. factory floor monitoring). The options for developing client-side display web pages will be addressed along with the development of tools to allow creation of display web pages by non-programmers.

Use of the World Wide Web for multisite data collection.

PubMed

Subramanian, A K; McAfee, A T; Getzinger, J P

1997-08-01

As access to the Internet becomes increasingly available, research applications in medicine will increase. This paper describes the use of the Internet, and, more specifically, the World Wide Web (WWW), as a channel of communication between EDs throughout the world and investigators who are interested in facilitating the collection of data from multiple sites. Data entered into user-friendly electronic surveys can be transmitted over the Internet to a database located at the site of the study, rendering geographic separation less of a barrier to the conduction of multisite studies. The electronic format of the data can enable real-time statistical processing while data are stored using existing database technologies. In theory, automated processing of variables within such a database enables early identification of data trends. Methods of ensuring validity, security, and compliance are discussed.

Design of a steganographic virtual operating system

NASA Astrophysics Data System (ADS)

Ashendorf, Elan; Craver, Scott

2015-03-01

A steganographic file system is a secure file system whose very existence on a disk is concealed. Customarily, these systems hide an encrypted volume within unused disk blocks, slack space, or atop conventional encrypted volumes. These file systems are far from undetectable, however: aside from their ciphertext footprint, they require a software or driver installation whose presence can attract attention and then targeted surveillance. We describe a new steganographic operating environment that requires no visible software installation, launching instead from a concealed bootstrap program that can be extracted and invoked with a chain of common Unix commands. Our system conceals its payload within innocuous files that typically contain high-entropy data, producing a footprint that is far less conspicuous than existing methods. The system uses a local web server to provide a file system, user interface and applications through a web architecture.

Smart sensing surveillance system

NASA Astrophysics Data System (ADS)

Hsu, Charles; Chu, Kai-Dee; O'Looney, James; Blake, Michael; Rutar, Colleen

2010-04-01

An effective public safety sensor system for heavily-populated applications requires sophisticated and geographically-distributed infrastructures, centralized supervision, and deployment of large-scale security and surveillance networks. Artificial intelligence in sensor systems is a critical design to raise awareness levels, improve the performance of the system and adapt to a changing scenario and environment. In this paper, a highly-distributed, fault-tolerant, and energy-efficient Smart Sensing Surveillance System (S4) is presented to efficiently provide a 24/7 and all weather security operation in crowded environments or restricted areas. Technically, the S4 consists of a number of distributed sensor nodes integrated with specific passive sensors to rapidly collect, process, and disseminate heterogeneous sensor data from near omni-directions. These distributed sensor nodes can cooperatively work to send immediate security information when new objects appear. When the new objects are detected, the S4 will smartly select the available node with a Pan- Tilt- Zoom- (PTZ) Electro-Optics EO/IR camera to track the objects and capture associated imagery. The S4 provides applicable advanced on-board digital image processing capabilities to detect and track the specific objects. The imaging detection operations include unattended object detection, human feature and behavior detection, and configurable alert triggers, etc. Other imaging processes can be updated to meet specific requirements and operations. In the S4, all the sensor nodes are connected with a robust, reconfigurable, LPI/LPD (Low Probability of Intercept/ Low Probability of Detect) wireless mesh network using Ultra-wide band (UWB) RF technology. This UWB RF technology can provide an ad-hoc, secure mesh network and capability to relay network information, communicate and pass situational awareness and messages. The Service Oriented Architecture of S4 enables remote applications to interact with the S4 network and use the specific presentation methods. In addition, the S4 is compliant with Open Geospatial Consortium - Sensor Web Enablement (OGC-SWE) standards to efficiently discover, access, use, and control heterogeneous sensors and their metadata. These S4 capabilities and technologies have great potential for both military and civilian applications, enabling highly effective security support tools for improving surveillance activities in densely crowded environments. The S4 system is directly applicable to solutions for emergency response personnel, law enforcement, and other homeland security missions, as well as in applications requiring the interoperation of sensor networks with handheld or body-worn interface devices.

Building a Library Web Server on a Budget.

ERIC Educational Resources Information Center

Orr, Giles

1998-01-01

Presents a method for libraries with limited budgets to create reliable Web servers with existing hardware and free software available via the Internet. Discusses staff, hardware and software requirements, and security; outlines the assembly process. (PEN)

12 CFR Appendix A to Part 40 - Model Privacy Form

Code of Federal Regulations, 2011 CFR

2011-01-01

... the term “Social Security number” in the first bullet. (2) Institutions must use five (5) of the...; a Web site; or use of a mail-in opt-out form. Institutions may include the words “toll-free” before... specific Web address that takes consumers directly to the opt-out page or a general Web address that...

12 CFR Appendix A to Part 716 - Model Privacy Form

Code of Federal Regulations, 2011 CFR

2011-01-01

... the term “Social Security number” in the first bullet. (2) Institutions must use five (5) of the...; a Web site; or use of a mail-in opt-out form. Institutions may include the words “toll-free” before... specific Web address that takes consumers directly to the opt-out page or a general Web address that...

12 CFR Appendix A to Part 573 - Model Privacy Form

Code of Federal Regulations, 2011 CFR

2011-01-01

... the term “Social Security number” in the first bullet. (2) Institutions must use five (5) of the...; a Web site; or use of a mail-in opt-out form. Institutions may include the words “toll-free” before... specific Web address that takes consumers directly to the opt-out page or a general Web address that...

78 FR 62862 - Self-Regulatory Organizations; Financial Industry Regulatory Authority, Inc.; Notice of Filing of...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-10-22

... count information for equity securities publicly available on its Web site. The text of the proposed rule change is available on FINRA's Web site at http://www.finra.org , at the principal office of FINRA... basis.\\15\\ Under the proposed rule change, FINRA would publish on its Web site the reported information...

78 FR 20983 - Self-Regulatory Organizations; New York Stock Exchange LLC; Notice of Filing and Immediate...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-04-08

... the proposed rule change is available on the Exchange's Web site at www.nyse.com , at the principal... in a manner to facilitate its distribution via Web sites or mobile devices. \\4\\ See Securities... broadcasters, Web site and mobile device service providers, and others to distribute this data product to their...

Innovative patient care practices using social media.

PubMed

Mattingly, T Joseph

2015-01-01

To characterize the literature on social media applications used to deliver patient care. A search of the literature was conducted on June 11, 2014, using PubMed, MEDLINE, CINAHL, and Communication Abstracts databases for clinical studies between 2004 and 2014. A combination of the search terms "social media" or "Web 2.0" or "online social networking" or "Facebook" or "Twitter" AND "patient care" or "health care" was used. In addition, 42 additional abstracts were retrieved from www.patientslikeme.com for review. Only published, peer-reviewed journal articles were considered and only publications in English were included. The abstracts from this search were reviewed for relevance to Web-based social media platforms being used in patient care activities. A total of 35 articles were included in the review. A majority of the studies published on social media and patient care used cross-sectional designs and were conducted in the United States. Multiple social media applications were studied, but Facebook was the predominant social media tool found. Patient care opportunities for various diseases with social media have been studied. Recurring themes included overcoming barriers, engaging and empowering patients, enhancing research, providing information for health promotion, scratching the surface, and potential pitfalls. Social media have the potential to help patients and practitioners overcome multiple barriers in the delivery of health care. Maintaining patient privacy, security of information shared in the platform, and integrity of information shared are all concerns when using this type of Web application.

Prototyping manufacturing in the cloud

NASA Astrophysics Data System (ADS)

Ciortea, E. M.

2017-08-01

This paper attempts a theoretical approach to cloud systems with impacts on production systems. I call systems as cloud computing because form a relatively new concept in the field of informatics, representing an overall distributed computing services, applications, access to information and data storage without the user to know the physical location and configuration of systems. The advantages of this approach are especially computing speed and storage capacity without investment in additional configurations, synchronizing user data, data processing using web applications. The disadvantage is that it wants to identify a solution for data security, leading to mistrust users. The case study is applied to a module of the system of production, because the system is complex.

From Sensor to Observation Web with environmental enablers in the Future Internet.

PubMed

Havlik, Denis; Schade, Sven; Sabeur, Zoheir A; Mazzetti, Paolo; Watson, Kym; Berre, Arne J; Mon, Jose Lorenzo

2011-01-01

This paper outlines the grand challenges in global sustainability research and the objectives of the FP7 Future Internet PPP program within the Digital Agenda for Europe. Large user communities are generating significant amounts of valuable environmental observations at local and regional scales using the devices and services of the Future Internet. These communities' environmental observations represent a wealth of information which is currently hardly used or used only in isolation and therefore in need of integration with other information sources. Indeed, this very integration will lead to a paradigm shift from a mere Sensor Web to an Observation Web with semantically enriched content emanating from sensors, environmental simulations and citizens. The paper also describes the research challenges to realize the Observation Web and the associated environmental enablers for the Future Internet. Such an environmental enabler could for instance be an electronic sensing device, a web-service application, or even a social networking group affording or facilitating the capability of the Future Internet applications to consume, produce, and use environmental observations in cross-domain applications. The term "envirofied" Future Internet is coined to describe this overall target that forms a cornerstone of work in the Environmental Usage Area within the Future Internet PPP program. Relevant trends described in the paper are the usage of ubiquitous sensors (anywhere), the provision and generation of information by citizens, and the convergence of real and virtual realities to convey understanding of environmental observations. The paper addresses the technical challenges in the Environmental Usage Area and the need for designing multi-style service oriented architecture. Key topics are the mapping of requirements to capabilities, providing scalability and robustness with implementing context aware information retrieval. Another essential research topic is handling data fusion and model based computation, and the related propagation of information uncertainty. Approaches to security, standardization and harmonization, all essential for sustainable solutions, are summarized from the perspective of the Environmental Usage Area. The paper concludes with an overview of emerging, high impact applications in the environmental areas concerning land ecosystems (biodiversity), air quality (atmospheric conditions) and water ecosystems (marine asset management).

From Sensor to Observation Web with Environmental Enablers in the Future Internet

PubMed Central

Havlik, Denis; Schade, Sven; Sabeur, Zoheir A.; Mazzetti, Paolo; Watson, Kym; Berre, Arne J.; Mon, Jose Lorenzo

2011-01-01

This paper outlines the grand challenges in global sustainability research and the objectives of the FP7 Future Internet PPP program within the Digital Agenda for Europe. Large user communities are generating significant amounts of valuable environmental observations at local and regional scales using the devices and services of the Future Internet. These communities’ environmental observations represent a wealth of information which is currently hardly used or used only in isolation and therefore in need of integration with other information sources. Indeed, this very integration will lead to a paradigm shift from a mere Sensor Web to an Observation Web with semantically enriched content emanating from sensors, environmental simulations and citizens. The paper also describes the research challenges to realize the Observation Web and the associated environmental enablers for the Future Internet. Such an environmental enabler could for instance be an electronic sensing device, a web-service application, or even a social networking group affording or facilitating the capability of the Future Internet applications to consume, produce, and use environmental observations in cross-domain applications. The term “envirofied” Future Internet is coined to describe this overall target that forms a cornerstone of work in the Environmental Usage Area within the Future Internet PPP program. Relevant trends described in the paper are the usage of ubiquitous sensors (anywhere), the provision and generation of information by citizens, and the convergence of real and virtual realities to convey understanding of environmental observations. The paper addresses the technical challenges in the Environmental Usage Area and the need for designing multi-style service oriented architecture. Key topics are the mapping of requirements to capabilities, providing scalability and robustness with implementing context aware information retrieval. Another essential research topic is handling data fusion and model based computation, and the related propagation of information uncertainty. Approaches to security, standardization and harmonization, all essential for sustainable solutions, are summarized from the perspective of the Environmental Usage Area. The paper concludes with an overview of emerging, high impact applications in the environmental areas concerning land ecosystems (biodiversity), air quality (atmospheric conditions) and water ecosystems (marine asset management). PMID:22163827

The research of network database security technology based on web service

NASA Astrophysics Data System (ADS)

Meng, Fanxing; Wen, Xiumei; Gao, Liting; Pang, Hui; Wang, Qinglin

2013-03-01

Database technology is one of the most widely applied computer technologies, its security is becoming more and more important. This paper introduced the database security, network database security level, studies the security technology of the network database, analyzes emphatically sub-key encryption algorithm, applies this algorithm into the campus-one-card system successfully. The realization process of the encryption algorithm is discussed, this method is widely used as reference in many fields, particularly in management information system security and e-commerce.

Development of a web-based register for the Dutch national study on biologicals in JIA: www.ABC-register.nl.

PubMed

Prince, F H M; Ferket, I S; Kamphuis, S; Armbrust, W; Ten Cate, R; Hoppenreijs, E P A H; Koopman-Keemink, Y; van Rossum, M A J; van Santen-Hoeufft, M; Twilt, M; van Suijlekom-Smit, L W A

2008-09-01

Most clinical studies use paper case record forms (CRFs) to collect data. In the Dutch multi-centre observational study on biologicals we encountered several disadvantages of using the paper CRFs. These are delay in data collection, lack of overview in collected data and difficulties in obtaining up-to-date interim reports. Therefore, we wanted to create a more effective method of data collection compared with CRFs on paper in a multi-centre study. We designed a web-based register with the intention to make it easy to use for participating physicians and at the same time accurate and up-to-date. Security demands were taken into account to secure the safety of the patient data. The web-based register was tested with data from 161 juvenile idiopathic arthritis patients from nine different centres. Internal validity was obtained and user-friendliness guaranteed. To secure the completeness of the data automatically generated e-mail alerts were implemented into the web-based register. More transparency of data was achieved by including the option to automatically generate interim reports of data in the web-based register. The safety was tested and approved. By digitalizing the CRF we achieved our aim to provide easy, rapid and safe access to the database and contributed to a new way of data collection. Although the web-based register was designed for the current multi-centre observational study, this type of instrument can also be applied to other types of studies. We expect that especially collaborative study groups will find it an efficient tool to collect data.

Web Service Execution and Monitoring in Integrated Applications in Support of Business Communities

NASA Astrophysics Data System (ADS)

Chiriacescu, Rares M.; SzóKe, Alexandru; Portase, Sorin; Florea, Monica

Emerging technology is one of the key factors that drive the business world to faster adaptation, reaction and shorter communication path. Building upon such technologies, business communities emerge, geared toward high flexibility in their offerings and collaboration: business-to-customer and business-to-business collaborations. Adapting to the market requirements, companies must address several technical challenges that arise from the main requirements of the system they have to introduce: a high degree of flexibility, heterogeneous system collaboration and security of the transferred data.

Service-Oriented Architecture for NVO and TeraGrid Computing

NASA Technical Reports Server (NTRS)

Jacob, Joseph; Miller, Craig; Williams, Roy; Steenberg, Conrad; Graham, Matthew

2008-01-01

The National Virtual Observatory (NVO) Extensible Secure Scalable Service Infrastructure (NESSSI) is a Web service architecture and software framework that enables Web-based astronomical data publishing and processing on grid computers such as the National Science Foundation's TeraGrid. Characteristics of this architecture include the following: (1) Services are created, managed, and upgraded by their developers, who are trusted users of computing platforms on which the services are deployed. (2) Service jobs can be initiated by means of Java or Python client programs run on a command line or with Web portals. (3) Access is granted within a graduated security scheme in which the size of a job that can be initiated depends on the level of authentication of the user.

reCAPTCHA: human-based character recognition via Web security measures.

PubMed

von Ahn, Luis; Maurer, Benjamin; McMillen, Colin; Abraham, David; Blum, Manuel

2008-09-12

CAPTCHAs (Completely Automated Public Turing test to tell Computers and Humans Apart) are widespread security measures on the World Wide Web that prevent automated programs from abusing online services. They do so by asking humans to perform a task that computers cannot yet perform, such as deciphering distorted characters. Our research explored whether such human effort can be channeled into a useful purpose: helping to digitize old printed material by asking users to decipher scanned words from books that computerized optical character recognition failed to recognize. We showed that this method can transcribe text with a word accuracy exceeding 99%, matching the guarantee of professional human transcribers. Our apparatus is deployed in more than 40,000 Web sites and has transcribed over 440 million words.

Secure web-based invocation of large-scale plasma simulation codes

NASA Astrophysics Data System (ADS)

Dimitrov, D. A.; Busby, R.; Exby, J.; Bruhwiler, D. L.; Cary, J. R.

2004-12-01

We present our design and initial implementation of a web-based system for running, both in parallel and serial, Particle-In-Cell (PIC) codes for plasma simulations with automatic post processing and generation of visual diagnostics.

Department of Defense High Performance Computing Modernization Program. 2008 Annual Report

DTIC Science & Technology

2009-04-01

place to another on the network. Without it, a computer could only talk to itself - no email, no web browsing, and no iTunes . Most of the Internet...Your SecurID Card ), Ken Renard Secure Wireless, Rob Scott and Stephen Bowman Securing Today’s Networks, Rich Whittney, Juniper Networks, Federal

Building Multilevel Secure Web Services-Based Components for the Global Information Grid

DTIC Science & Technology

2006-05-01

unclassified Standard Form 298 (Rev. 8-98) Prescribed by ANSI Std Z39-18 Transforming: Business , Security ,Warfighting 16 CROSSTALK The Journal of Defense...A Single Step of the BAC Table 1: A Single Step of the Block Access Controller Transforming: Business , Security ,Warfighting 18 CROSSTALK The Journal

Security Considerations of Doing Business via the Internet: Cautions To Be Considered.

ERIC Educational Resources Information Center

Aldridge, Alicia; White, Michele; Forcht, Karen

1997-01-01

Lack of security is perceived as a major roadblock to doing business online. This article examines system, user, and commercial transaction privacy on the World Wide Web and discusses methods of protection: operating systems security, file and data protection, user education, access restrictions, data authentication, perimeter and transaction…

Cloud Surprises Discovered in Moving NASA EOSDIS Applications into Amazon Web Services… and #6 Will Shock You!

NASA Astrophysics Data System (ADS)

McLaughlin, B. D.; Pawloski, A. W.

2017-12-01

NASA ESDIS has been moving a variety of data ingest, distribution, and science data processing applications into a cloud environment over the last 2 years. As expected, there have been a number of challenges in migrating primarily on-premises applications into a cloud-based environment, related to architecture and taking advantage of cloud-based services. What was not expected is a number of issues that were beyond purely technical application re-architectures. From surprising network policy limitations, billing challenges in a government-based cost model, and obtaining certificates in an NASA security-compliant manner to working with multiple applications in a shared and resource-constrained AWS account, these have been the relevant challenges in taking advantage of a cloud model. And most surprising of all… well, you'll just have to wait and see the "gotcha" that caught our entire team off guard!

wayGoo: a platform for geolocating and managing indoor and outdoor spaces

NASA Astrophysics Data System (ADS)

Thomopoulos, Stelios C. A.; Karafylli, Christina; Karafylli, Maria; Motos, Dionysis; Lampropoulos, Vassilis; Dimitros, Kostantinos; Margonis, Christos

2016-05-01

wayGoo2 is a platform for Geolocating and Managing indoor and outdoor spaces and content with multidimensional indoor and outdoor Navigation and Guidance. Its main components are a Geographic Information System, a back-end server, front-end applications and a web-based Content Management System (CMS). It constitutes a fully integrated 2D/3D space and content management system that creates a repository that consists of a database, content components and administrative data. wayGoo can connect to any third party database and event management data-source. The platform is secure as the data is only available through a Restful web service using https security protocol in conjunction with an API key used for authentication. To enhance users experience, wayGoo makes the content available by extracting components out of the repository and constructing targeted applications. The wayGoo platform supports geo-referencing of indoor and outdoor information and use of metadata. It also allows the use of existing information such as maps and databases. The platform enables planning through integration of content that is connected either spatially, temporally or contextually, and provides immediate access to all spatial data through interfaces and interactive 2D and 3D representations. wayGoo constitutes a mean to document and preserve assets through computerized techniques and provides a system that enhances the protection of your space, people and guests when combined with wayGoo notification and alert system. It constitutes a strong marketing tool providing staff and visitors with an immersive tool for navigation in indoor spaces and allowing users to organize their agenda and to discover events through wayGoo event scheduler and recommendation system. Furthermore, the wayGoo platform can be used in Security applications and event management, e.g. CBRNE incidents, man-made and natural disasters, etc., to document and geolocate information and sensor data (off line and real time) on one end, and offer navigation capabilities in indoor and outdoor spaces. Furthermore, the wayGoo platform can be used for the creation of immersive environments and experiences in conjunction with VR/AR (Virtual and Augmented Reality) technologies.

WebGLORE: a web service for Grid LOgistic REgression.

PubMed

Jiang, Wenchao; Li, Pinghao; Wang, Shuang; Wu, Yuan; Xue, Meng; Ohno-Machado, Lucila; Jiang, Xiaoqian

2013-12-15

WebGLORE is a free web service that enables privacy-preserving construction of a global logistic regression model from distributed datasets that are sensitive. It only transfers aggregated local statistics (from participants) through Hypertext Transfer Protocol Secure to a trusted server, where the global model is synthesized. WebGLORE seamlessly integrates AJAX, JAVA Applet/Servlet and PHP technologies to provide an easy-to-use web service for biomedical researchers to break down policy barriers during information exchange. http://dbmi-engine.ucsd.edu/webglore3/. WebGLORE can be used under the terms of GNU general public license as published by the Free Software Foundation.

Mashup Model and Verification Using Mashup Processing Network

NASA Astrophysics Data System (ADS)

Zahoor, Ehtesham; Perrin, Olivier; Godart, Claude

Mashups are defined to be lightweight Web applications aggregating data from different Web services, built using ad-hoc composition and being not concerned with long term stability and robustness. In this paper we present a pattern based approach, called Mashup Processing Network (MPN). The idea is based on Event Processing Network and is supposed to facilitate the creation, modeling and the verification of mashups. MPN provides a view of how different actors interact for the mashup development namely the producer, consumer, mashup processing agent and the communication channels. It also supports modeling transformations and validations of data and offers validation of both functional and non-functional requirements, such as reliable messaging and security, that are key issues within the enterprise context. We have enriched the model with a set of processing operations and categorize them into data composition, transformation and validation categories. These processing operations can be seen as a set of patterns for facilitating the mashup development process. MPN also paves a way for realizing Mashup Oriented Architecture where mashups along with services are used as building blocks for application development.

33 CFR 106.262 - Security measures for newly-hired employees.

Code of Federal Regulations, 2010 CFR

2010-07-01

... following information on the new hire into the Coast Guard's Homeport Web site (http://homeport.uscg.mil): (i) Full legal name, including middle name if one exists; (ii) Date of birth; (iii) Social security...

33 CFR 106.262 - Security measures for newly-hired employees.

Code of Federal Regulations, 2011 CFR

2011-07-01

... following information on the new hire into the Coast Guard's Homeport Web site (http://homeport.uscg.mil): (i) Full legal name, including middle name if one exists; (ii) Date of birth; (iii) Social security...

Security Proof for Password Authentication in TLS-Verifier-based Three-Party Group Diffie-Hellman

DOE Office of Scientific and Technical Information (OSTI.GOV)

Chevassut, Olivier; Milner, Joseph; Pointcheval, David

2008-04-21

The internet has grown greatly in the past decade, by some numbers exceeding 47 million active web sites and a total aggregate exceeding100 million web sites. What is common practice today on the Internet is that servers have public keys, but clients are largely authenticated via short passwords. Protecting these passwords by not storing them in the clear on institutions's servers has become a priority. This paper develops password-based ciphersuites for the Transport Layer Security (TLS) protocol that are: (1) resistant to server compromise; (2) provably secure; (3) believed to be free from patent and licensing restrictions based on anmore » analysis of relevant patents in the area.« less

ProXL (Protein Cross-Linking Database): A Platform for Analysis, Visualization, and Sharing of Protein Cross-Linking Mass Spectrometry Data

PubMed Central

2016-01-01

ProXL is a Web application and accompanying database designed for sharing, visualizing, and analyzing bottom-up protein cross-linking mass spectrometry data with an emphasis on structural analysis and quality control. ProXL is designed to be independent of any particular software pipeline. The import process is simplified by the use of the ProXL XML data format, which shields developers of data importers from the relative complexity of the relational database schema. The database and Web interfaces function equally well for any software pipeline and allow data from disparate pipelines to be merged and contrasted. ProXL includes robust public and private data sharing capabilities, including a project-based interface designed to ensure security and facilitate collaboration among multiple researchers. ProXL provides multiple interactive and highly dynamic data visualizations that facilitate structural-based analysis of the observed cross-links as well as quality control. ProXL is open-source, well-documented, and freely available at https://github.com/yeastrc/proxl-web-app. PMID:27302480

Standards-based sensor interoperability and networking SensorWeb: an overview

NASA Astrophysics Data System (ADS)

Bolling, Sam

2012-06-01

The War fighter lacks a unified Intelligence, Surveillance, and Reconnaissance (ISR) environment to conduct mission planning, command and control (C2), tasking, collection, exploitation, processing, and data discovery of disparate sensor data across the ISR Enterprise. Legacy sensors and applications are not standardized or integrated for assured, universal access. Existing tasking and collection capabilities are not unified across the enterprise, inhibiting robust C2 of ISR including near-real time, cross-cueing operations. To address these critical needs, the National Measurement and Signature Intelligence (MASINT) Office (NMO), and partnering Combatant Commands and Intelligence Agencies are developing SensorWeb, an architecture that harmonizes heterogeneous sensor data to a common standard for users to discover, access, observe, subscribe to and task sensors. The SensorWeb initiative long term goal is to establish an open commercial standards-based, service-oriented framework to facilitate plug and play sensors. The current development effort will produce non-proprietary deliverables, intended as a Government off the Shelf (GOTS) solution to address the U.S. and Coalition nations' inability to quickly and reliably detect, identify, map, track, and fully understand security threats and operational activities.

ProXL (Protein Cross-Linking Database): A Platform for Analysis, Visualization, and Sharing of Protein Cross-Linking Mass Spectrometry Data.

PubMed

Riffle, Michael; Jaschob, Daniel; Zelter, Alex; Davis, Trisha N

2016-08-05

ProXL is a Web application and accompanying database designed for sharing, visualizing, and analyzing bottom-up protein cross-linking mass spectrometry data with an emphasis on structural analysis and quality control. ProXL is designed to be independent of any particular software pipeline. The import process is simplified by the use of the ProXL XML data format, which shields developers of data importers from the relative complexity of the relational database schema. The database and Web interfaces function equally well for any software pipeline and allow data from disparate pipelines to be merged and contrasted. ProXL includes robust public and private data sharing capabilities, including a project-based interface designed to ensure security and facilitate collaboration among multiple researchers. ProXL provides multiple interactive and highly dynamic data visualizations that facilitate structural-based analysis of the observed cross-links as well as quality control. ProXL is open-source, well-documented, and freely available at https://github.com/yeastrc/proxl-web-app .

Live video monitoring robot controlled by web over internet

NASA Astrophysics Data System (ADS)

Lokanath, M.; Akhil Sai, Guruju

2017-11-01

Future is all about robots, robot can perform tasks where humans cannot, Robots have huge applications in military and industrial area for lifting heavy weights, for accurate placements, for repeating the same task number of times, where human are not efficient. Generally robot is a mix of electronic, electrical and mechanical engineering and can do the tasks automatically on its own or under the supervision of humans. The camera is the eye for robot, call as robovision helps in monitoring security system and also can reach into the places where the human eye cannot reach. This paper presents about developing a live video streaming robot controlled from the website. We designed the web, controlling for the robot to move left, right, front and back while streaming video. As we move to the smart environment or IoT (Internet of Things) by smart devices the system we developed here connects over the internet and can be operated with smart mobile phone using a web browser. The Raspberry Pi model B chip acts as heart for this system robot, the sufficient motors, surveillance camera R pi 2 are connected to Raspberry pi.

Development of wide area environment accelerator operation and diagnostics method

NASA Astrophysics Data System (ADS)

Uchiyama, Akito; Furukawa, Kazuro

2015-08-01

Remote operation and diagnostic systems for particle accelerators have been developed for beam operation and maintenance in various situations. Even though fully remote experiments are not necessary, the remote diagnosis and maintenance of the accelerator is required. Considering remote-operation operator interfaces (OPIs), the use of standard protocols such as the hypertext transfer protocol (HTTP) is advantageous, because system-dependent protocols are unnecessary between the remote client and the on-site server. Here, we have developed a client system based on WebSocket, which is a new protocol provided by the Internet Engineering Task Force for Web-based systems, as a next-generation Web-based OPI using the Experimental Physics and Industrial Control System Channel Access protocol. As a result of this implementation, WebSocket-based client systems have become available for remote operation. Also, as regards practical application, the remote operation of an accelerator via a wide area network (WAN) faces a number of challenges, e.g., the accelerator has both experimental device and radiation generator characteristics. Any error in remote control system operation could result in an immediate breakdown. Therefore, we propose the implementation of an operator intervention system for remote accelerator diagnostics and support that can obviate any differences between the local control room and remote locations. Here, remote-operation Web-based OPIs, which resolve security issues, are developed.

The OGC Sensor Web Enablement framework

NASA Astrophysics Data System (ADS)

Cox, S. J.; Botts, M.

2006-12-01

Sensor observations are at the core of natural sciences. Improvements in data-sharing technologies offer the promise of much greater utilisation of observational data. A key to this is interoperable data standards. The Open Geospatial Consortium's (OGC) Sensor Web Enablement initiative (SWE) is developing open standards for web interfaces for the discovery, exchange and processing of sensor observations, and tasking of sensor systems. The goal is to support the construction of complex sensor applications through real-time composition of service chains from standard components. The framework is based around a suite of standard interfaces, and standard encodings for the message transferred between services. The SWE interfaces include: Sensor Observation Service (SOS)-parameterized observation requests (by observation time, feature of interest, property, sensor); Sensor Planning Service (SPS)-tasking a sensor- system to undertake future observations; Sensor Alert Service (SAS)-subscription to an alert, usually triggered by a sensor result exceeding some value. The interface design generally follows the pattern established in the OGC Web Map Service (WMS) and Web Feature Service (WFS) interfaces, where the interaction between a client and service follows a standard sequence of requests and responses. The first obtains a general description of the service capabilities, followed by obtaining detail required to formulate a data request, and finally a request for a data instance or stream. These may be implemented in a stateless "REST" idiom, or using conventional "web-services" (SOAP) messaging. In a deployed system, the SWE interfaces are supplemented by Catalogue, data (WFS) and portrayal (WMS) services, as well as authentication and rights management. The standard SWE data formats are Observations and Measurements (O&M) which encodes observation metadata and results, Sensor Model Language (SensorML) which describes sensor-systems, Transducer Model Language (TML) which covers low-level data streams, and domain-specific GML Application Schemas for definitions of the target feature types. The SWE framework has been demonstrated in several interoperability testbeds. These were based around emergency management, security, contamination and environmental monitoring scenarios.

JSME: a free molecule editor in JavaScript.

PubMed

Bienfait, Bruno; Ertl, Peter

2013-01-01

A molecule editor, i.e. a program facilitating graphical input and interactive editing of molecules, is an indispensable part of every cheminformatics or molecular processing system. Today, when a web browser has become the universal scientific user interface, a tool to edit molecules directly within the web browser is essential. One of the most popular tools for molecular structure input on the web is the JME applet. Since its release nearly 15 years ago, however the web environment has changed and Java applets are facing increasing implementation hurdles due to their maintenance and support requirements, as well as security issues. This prompted us to update the JME editor and port it to a modern Internet programming language - JavaScript. The actual molecule editing Java code of the JME editor was translated into JavaScript with help of the Google Web Toolkit compiler and a custom library that emulates a subset of the GUI features of the Java runtime environment. In this process, the editor was enhanced by additional functionalities including a substituent menu, copy/paste, drag and drop and undo/redo capabilities and an integrated help. In addition to desktop computers, the editor supports molecule editing on touch devices, including iPhone, iPad and Android phones and tablets. In analogy to JME the new editor is named JSME. This new molecule editor is compact, easy to use and easy to incorporate into web pages. A free molecule editor written in JavaScript was developed and is released under the terms of permissive BSD license. The editor is compatible with JME, has practically the same user interface as well as the web application programming interface. The JSME editor is available for download from the project web page http://peter-ertl.com/jsme/

OpenID Connect as a security service in cloud-based medical imaging systems

PubMed Central

Ma, Weina; Sartipi, Kamran; Sharghigoorabi, Hassan; Koff, David; Bak, Peter

2016-01-01

Abstract. The evolution of cloud computing is driving the next generation of medical imaging systems. However, privacy and security concerns have been consistently regarded as the major obstacles for adoption of cloud computing by healthcare domains. OpenID Connect, combining OpenID and OAuth together, is an emerging representational state transfer-based federated identity solution. It is one of the most adopted open standards to potentially become the de facto standard for securing cloud computing and mobile applications, which is also regarded as “Kerberos of cloud.” We introduce OpenID Connect as an authentication and authorization service in cloud-based diagnostic imaging (DI) systems, and propose enhancements that allow for incorporating this technology within distributed enterprise environments. The objective of this study is to offer solutions for secure sharing of medical images among diagnostic imaging repository (DI-r) and heterogeneous picture archiving and communication systems (PACS) as well as Web-based and mobile clients in the cloud ecosystem. The main objective is to use OpenID Connect open-source single sign-on and authorization service and in a user-centric manner, while deploying DI-r and PACS to private or community clouds should provide equivalent security levels to traditional computing model. PMID:27340682

Supporting Case-Based Learning in Information Security with Web-Based Technology

ERIC Educational Resources Information Center

He, Wu; Yuan, Xiaohong; Yang, Li

2013-01-01

Case-based learning has been widely used in many disciplines. As an effective pedagogical method, case-based learning is also being used to support teaching and learning in the domain of information security. In this paper, we demonstrate case-based learning in information security by sharing our experiences in using a case study to teach security…

Fermilab Security Site Access Request Database

Science.gov Websites

Fermilab Security Site Access Request Database Use of the online version of the Fermilab Security Site Access Request Database requires that you login into the ESH&Q Web Site. Note: Only Fermilab generated from the ESH&Q Section's Oracle database on May 27, 2018 05:48 AM. If you have a question

Perceptions of Accounting Practitioners and Educators on E-Business Curriculum and Web Security Issues

ERIC Educational Resources Information Center

Ragothaman, Srinivasan; Lavin, Angeline; Davies, Thomas

2007-01-01

This research examines, through survey administration, the perceptions of accounting practitioners and educators with respect to the multi-faceted security issues of e-commerce payment systems as well as e-business curriculum issues. Specific security issues explored include misuse/theft of personal and credit card information, spam e-mails,…

Onco-STS: a web-based laboratory information management system for sample and analysis tracking in oncogenomic experiments.

PubMed

Gavrielides, Mike; Furney, Simon J; Yates, Tim; Miller, Crispin J; Marais, Richard

2014-01-01

Whole genomes, whole exomes and transcriptomes of tumour samples are sequenced routinely to identify the drivers of cancer. The systematic sequencing and analysis of tumour samples, as well other oncogenomic experiments, necessitates the tracking of relevant sample information throughout the investigative process. These meta-data of the sequencing and analysis procedures include information about the samples and projects as well as the sequencing centres, platforms, data locations, results locations, alignments, analysis specifications and further information relevant to the experiments. The current work presents a sample tracking system for oncogenomic studies (Onco-STS) to store these data and make them easily accessible to the researchers who work with the samples. The system is a web application, which includes a database and a front-end web page that allows the remote access, submission and updating of the sample data in the database. The web application development programming framework Grails was used for the development and implementation of the system. The resulting Onco-STS solution is efficient, secure and easy to use and is intended to replace the manual data handling of text records. Onco-STS allows simultaneous remote access to the system making collaboration among researchers more effective. The system stores both information on the samples in oncogenomic studies and details of the analyses conducted on the resulting data. Onco-STS is based on open-source software, is easy to develop and can be modified according to a research group's needs. Hence it is suitable for laboratories that do not require a commercial system.

Perceptions of Patient Engagement Applications During Pregnancy: A Qualitative Assessment of the Patient’s Perspective

PubMed Central

Goetz, Maren; Müller, Mitho; Matthies, Lina Maria; Hansen, Jenny; Doster, Anne; Szabo, Akos; Pauluschke-Fröhlich, Jan; Abele, Harald; Sohn, Christof

2017-01-01

Background With growing demand for medical information and health applications in pregnancy, the potential of electronic health (eHealth) and mobile health (mHealth) solutions in clinical care is increasingly unfolding. However, we still do not know how pregnant women engage with mobile apps, how such apps impact routine medical care, and whether benefit expectations are met. Whereas recent research has raised the subject of user distribution and analyzed the content of pregnancy applications, there is still a significant knowledge gap regarding what pregnant women like and dislike about pregnancy tools, along with how such interventions could be improved. Objective The aim of the study was to examine the perceptions and expectations of mobile and Web-based patient-engagement pregnancy applications. We assessed usability requirements, general acceptance of eHealth, and the impact of eHealth and mHealth pregnancy applications on the doctor-patient interaction and daily clinical routine. Methods A qualitative study was conducted at the maternity department of a major German university hospital. The sample included 30 women with low- to medium-risk pregnancies. Half of the patients were seen during outpatient care and half were hospitalized for several days. The extent and frequency of Web- and mobile phone app usage were assessed. Semistructured interviews were conducted and analyzed using systematic thematic analysis. Results Patients had a high demand for Web-based pregnancy applications. Study findings suggested a strong request for personalization, monitoring, and accessibility for frequent use as main themes derived from the interviews. Fostering patient empowerment in the doctor-patient relationship was also highly valued for a pregnancy app. Participants favored further integration of medical apps in their daily routine and pregnancy care. However, concerns were raised about content quality, trustworthiness of Web sources, and individual data security. Conclusions eHealth and mHealth applications are a highly frequented source of information. Expectations and usability requirements for those applications are also high, thus posing a challenge to interdisciplinary service providers. Patients’ attitude toward integrating apps in routine care settings was positive with a favorable influence on patient empowerment. Health care professionals should guide pregnant women toward a successful integration of these educational tools in pregnancy care. PMID:28550005

49 CFR 40.45 - What form is used to document a DOT urine collection?

Code of Federal Regulations, 2011 CFR

2011-10-01

... view this form on the Department's web site (http://www.dot.gov/ost/dapc) or the HHS web site (http... employee (other than a social security number (SSN) or other employee identification (ID) number) to a...

49 CFR 40.45 - What form is used to document a DOT urine collection?

Code of Federal Regulations, 2010 CFR

2010-10-01

... view this form on the Department's web site (http://www.dot.gov/ost/dapc) or the HHS web site (http... employee (other than a social security number (SSN) or other employee identification (ID) number) to a...

49 CFR 1560.205 - Redress process.

Code of Federal Regulations, 2010 CFR

2010-10-01

... Transportation Other Regulations Relating to Transportation (Continued) TRANSPORTATION SECURITY ADMINISTRATION... may obtain the forms and information necessary to initiate the redress process on the DHS TRIP Web... will provide the necessary forms and information to individuals through its Web site or by mail. (c...

GEMSS: grid-infrastructure for medical service provision.

PubMed

Benkner, S; Berti, G; Engelbrecht, G; Fingberg, J; Kohring, G; Middleton, S E; Schmidt, R

2005-01-01

The European GEMSS Project is concerned with the creation of medical Grid service prototypes and their evaluation in a secure service-oriented infrastructure for distributed on demand/supercomputing. Key aspects of the GEMSS Grid middleware include negotiable QoS support for time-critical service provision, flexible support for business models, and security at all levels in order to ensure privacy of patient data as well as compliance to EU law. The GEMSS Grid infrastructure is based on a service-oriented architecture and is being built on top of existing standard Grid and Web technologies. The GEMSS infrastructure offers a generic Grid service provision framework that hides the complexity of transforming existing applications into Grid services. For the development of client-side applications or portals, a pluggable component framework has been developed, providing developers with full control over business processes, service discovery, QoS negotiation, and workflow, while keeping their underlying implementation hidden from view. A first version of the GEMSS Grid infrastructure is operational and has been used for the set-up of a Grid test-bed deploying six medical Grid service prototypes including maxillo-facial surgery simulation, neuro-surgery support, radio-surgery planning, inhaled drug-delivery simulation, cardiovascular simulation and advanced image reconstruction. The GEMSS Grid infrastructure is based on standard Web Services technology with an anticipated future transition path towards the OGSA standard proposed by the Global Grid Forum. GEMSS demonstrates that the Grid can be used to provide medical practitioners and researchers with access to advanced simulation and image processing services for improved preoperative planning and near real-time surgical support.

AMP: A platform for managing and mining data in the treatment of Autism Spectrum Disorder.

PubMed

Linstead, Erik; Burns, Ryan; Duy Nguyen; Tyler, David

2016-08-01

We introduce AMP (Autism Management Platform), an integrated health care information system for capturing, analyzing, and managing data associated with the diagnosis and treatment of Autism Spectrum Disorder in children. AMP's mobile application simplifies the means by which parents, guardians, and clinicians can collect and share multimedia data with one another, facilitating communication and reducing data redundancy, while simplifying retrieval. Additionally, AMP provides an intelligent web interface and analytics platform which allow physicians and specialists to aggregate and mine patient data in real-time, as well as give relevant feedback to automatically learn data filtering preferences over time. Together AMP's mobile app, web client, and analytics engine implement a rich set of features that streamline the data collection and analysis process in the context of a secure and easy-to-use system so that data may be more effectively leveraged to guide treatment.

A Web application for the management of clinical workflow in image‐guided and adaptive proton therapy for prostate cancer treatments

PubMed Central

Boes, Peter; Ho, Meng Wei; Li, Zuofeng

2015-01-01

Image‐guided radiotherapy (IGRT), based on radiopaque markers placed in the prostate gland, was used for proton therapy of prostate patients. Orthogonal X‐rays and the IBA Digital Image Positioning System (DIPS) were used for setup correction prior to treatment and were repeated after treatment delivery. Following a rationale for margin estimates similar to that of van Herk,(1) the daily post‐treatment DIPS data were analyzed to determine if an adaptive radiotherapy plan was necessary. A Web application using ASP.NET MVC5, Entity Framework, and an SQL database was designed to automate this process. The designed features included state‐of‐the‐art Web technologies, a domain model closely matching the workflow, a database‐supporting concurrency and data mining, access to the DIPS database, secured user access and roles management, and graphing and analysis tools. The Model‐View‐Controller (MVC) paradigm allowed clean domain logic, unit testing, and extensibility. Client‐side technologies, such as jQuery, jQuery Plug‐ins, and Ajax, were adopted to achieve a rich user environment and fast response. Data models included patients, staff, treatment fields and records, correction vectors, DIPS images, and association logics. Data entry, analysis, workflow logics, and notifications were implemented. The system effectively modeled the clinical workflow and IGRT process. PACS number: 87 PMID:26103504

Interpreting User's Choice of Technologies: A Quantitative Research on Choosing the Best Web-Based Communication Tools

ERIC Educational Resources Information Center

Adebiaye, Richmond

2010-01-01

The proliferation of web-based communication tools like email clients vis-a-vis Yahoo mail, Gmail, and Hotmail have led to new innovations in web-based communication. Email users benefit greatly from this technology, but lack of security of these tools can put users at risk of loss of privacy, including identity theft, corporate espionage, and…

An offline-online Web-GIS Android application for fast data acquisition of landslide hazard and risk

NASA Astrophysics Data System (ADS)

Olyazadeh, Roya; Sudmeier-Rieux, Karen; Jaboyedoff, Michel; Derron, Marc-Henri; Devkota, Sanjaya

2017-04-01

Regional landslide assessments and mapping have been effectively pursued by research institutions, national and local governments, non-governmental organizations (NGOs), and different stakeholders for some time, and a wide range of methodologies and technologies have consequently been proposed. Land-use mapping and hazard event inventories are mostly created by remote-sensing data, subject to difficulties, such as accessibility and terrain, which need to be overcome. Likewise, landslide data acquisition for the field navigation can magnify the accuracy of databases and analysis. Open-source Web and mobile GIS tools can be used for improved ground-truthing of critical areas to improve the analysis of hazard patterns and triggering factors. This paper reviews the implementation and selected results of a secure mobile-map application called ROOMA (Rapid Offline-Online Mapping Application) for the rapid data collection of landslide hazard and risk. This prototype assists the quick creation of landslide inventory maps (LIMs) by collecting information on the type, feature, volume, date, and patterns of landslides using open-source Web-GIS technologies such as Leaflet maps, Cordova, GeoServer, PostgreSQL as the real DBMS (database management system), and PostGIS as its plug-in for spatial database management. This application comprises Leaflet maps coupled with satellite images as a base layer, drawing tools, geolocation (using GPS and the Internet), photo mapping, and event clustering. All the features and information are recorded into a GeoJSON text file in an offline version (Android) and subsequently uploaded to the online mode (using all browsers) with the availability of Internet. Finally, the events can be accessed and edited after approval by an administrator and then be visualized by the general public.

WebGLORE: a Web service for Grid LOgistic REgression

PubMed Central

Jiang, Wenchao; Li, Pinghao; Wang, Shuang; Wu, Yuan; Xue, Meng; Ohno-Machado, Lucila; Jiang, Xiaoqian

2013-01-01

WebGLORE is a free web service that enables privacy-preserving construction of a global logistic regression model from distributed datasets that are sensitive. It only transfers aggregated local statistics (from participants) through Hypertext Transfer Protocol Secure to a trusted server, where the global model is synthesized. WebGLORE seamlessly integrates AJAX, JAVA Applet/Servlet and PHP technologies to provide an easy-to-use web service for biomedical researchers to break down policy barriers during information exchange. Availability and implementation: http://dbmi-engine.ucsd.edu/webglore3/. WebGLORE can be used under the terms of GNU general public license as published by the Free Software Foundation. Contact: x1jiang@ucsd.edu PMID:24072732

77 FR 46773 - Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2012-08-06

... SECURITIES AND EXCHANGE COMMISSION Proposed Collection; Comment Request Upon Written Request, Copies Available From: Securities and Exchange Commission, Office of Investor Education and Advocacy... specified financial information to the Commission and post it on their corporate Web sites, if any, in...

Multiple-Feature Extracting Modules Based Leak Mining System Design

PubMed Central

Cho, Ying-Chiang; Pan, Jen-Yi

2013-01-01

Over the years, human dependence on the Internet has increased dramatically. A large amount of information is placed on the Internet and retrieved from it daily, which makes web security in terms of online information a major concern. In recent years, the most problematic issues in web security have been e-mail address leakage and SQL injection attacks. There are many possible causes of information leakage, such as inadequate precautions during the programming process, which lead to the leakage of e-mail addresses entered online or insufficient protection of database information, a loophole that enables malicious users to steal online content. In this paper, we implement a crawler mining system that is equipped with SQL injection vulnerability detection, by means of an algorithm developed for the web crawler. In addition, we analyze portal sites of the governments of various countries or regions in order to investigate the information leaking status of each site. Subsequently, we analyze the database structure and content of each site, using the data collected. Thus, we make use of practical verification in order to focus on information security and privacy through black-box testing. PMID:24453892

Multiple-feature extracting modules based leak mining system design.

PubMed

Cho, Ying-Chiang; Pan, Jen-Yi

2013-01-01

Over the years, human dependence on the Internet has increased dramatically. A large amount of information is placed on the Internet and retrieved from it daily, which makes web security in terms of online information a major concern. In recent years, the most problematic issues in web security have been e-mail address leakage and SQL injection attacks. There are many possible causes of information leakage, such as inadequate precautions during the programming process, which lead to the leakage of e-mail addresses entered online or insufficient protection of database information, a loophole that enables malicious users to steal online content. In this paper, we implement a crawler mining system that is equipped with SQL injection vulnerability detection, by means of an algorithm developed for the web crawler. In addition, we analyze portal sites of the governments of various countries or regions in order to investigate the information leaking status of each site. Subsequently, we analyze the database structure and content of each site, using the data collected. Thus, we make use of practical verification in order to focus on information security and privacy through black-box testing.

Securing a web-based teleradiology platform according to German law and "best practices".

PubMed

Spitzer, Michael; Ullrich, Tobias; Ueckert, Frank

2009-01-01

The Medical Data and Picture Exchange platform (MDPE), as a teleradiology system, facilitates the exchange of digital medical imaging data among authorized users. It features extensive support of the DICOM standard including networking functions. Since MDPE is designed as a web service, security and confidentiality of data and communication pose an outstanding challenge. To comply with demands of German laws and authorities, a generic data security concept considered as "best practice" in German health telematics was adapted to the specific demands of MDPE. The concept features strict logical and physical separation of diagnostic and identity data and thus an all-encompassing pseudonymization throughout the system. Hence, data may only be merged at authorized clients. MDPE's solution of merging data from separate sources within a web browser avoids technically questionable techniques such as deliberate cross-site scripting. Instead, data is merged dynamically by JavaScriptlets running in the user's browser. These scriptlets are provided by one server, while content and method calls are generated by another server. Additionally, MDPE uses encrypted temporary IDs for communication and merging of data.

32 CFR 310.32 - System notices.

Code of Federal Regulations, 2010 CFR

2010-07-01

... identified. (5) If the social security number is being collected and maintained, E.O. 9397 (“Numbering... public Web site (http://www.defenselink.mil/privacy/cfr-rules.html). (3) The individual may also be... to a public Web site (see http://www.defenselink.mil/privacy/notices). ...

32 CFR 310.32 - System notices.

Code of Federal Regulations, 2011 CFR

2011-07-01

... identified. (5) If the social security number is being collected and maintained, E.O. 9397 (“Numbering... public Web site (http://www.defenselink.mil/privacy/cfr-rules.html). (3) The individual may also be... to a public Web site (see http://www.defenselink.mil/privacy/notices). ...

FloorspaceJS - A New, Open Source, Web-Based Geometry Editor for Building Energy Modeling (BEM): Preprint

DOE Office of Scientific and Technical Information (OSTI.GOV)

Macumber, Daniel L; Horowitz, Scott G; Schott, Marjorie

Across most industries, desktop applications are being rapidly migrated to web applications for a variety of reasons. Web applications are inherently cross platform, mobile, and easier to distribute than desktop applications. Fueling this trend are a wide range of free, open source libraries and frameworks that make it incredibly easy to develop powerful web applications. The building energy modeling community is just beginning to pick up on these larger trends, with a small but growing number of building energy modeling applications starting on or moving to the web. This paper presents a new, open source, web based geometry editor formore » Building Energy Modeling (BEM). The editor is written completely in JavaScript and runs in a modern web browser. The editor works on a custom JSON file format and is designed to be integrated into a variety of web and desktop applications. The web based editor is available to use as a standalone web application at: https://nrel.github.io/openstudio-geometry-editor/. An example integration is demonstrated with the OpenStudio desktop application. Finally, the editor can be easily integrated with a wide range of possible building energy modeling web applications.« less

Role-Based And Adaptive User Interface Designs In A Teledermatology Consult System: A Way To Secure And A Way To Enhance

PubMed Central

Lin, Yi-Jung; Speedie, Stuart

2003-01-01

User interface design is one of the most important parts of developing applications. Nowadays, a quality user interface must not only accommodate interaction between machines and users, but also needs to recognize the differences and provide functionalities for users from role-to-role or even individual-to-individual. With the web-based application of our Teledermatology consult system, the development environment provides us highly useful opportunities to create dynamic user interfaces, which lets us to gain greater access control and has the potential to increase efficiency of the system. We will describe the two models of user interfaces in our system: Role-based and Adaptive. PMID:14728419

Cyber-Security Curricula for Basic Users

DTIC Science & Technology

2013-09-01

like cyberbullying , digital cheating, and safety and security concerns‖ [7]. The need to teach security principles to this age demographic is at an...addresses the following topics: Cyberbullying , Inappropriate content, 25 Predators, Revealing too much Information, Spyware, spam, and scams. Each...emerging technology, surfing the web, video gaming, the dark side – cyberbullying . Each topic is covered by providing facts for the teacher to present

75 FR 23829 - Self-Regulatory Organizations; National Stock Exchange, Inc.; Notice of Filing and Immediate...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-05-04

... Liquidity Adding Rebate for Securities Priced Under One Dollar April 28, 2010. Pursuant to Section 19(b)(1... securities priced under one dollar. The text of the proposed rule change is available on the Exchange's Web... Schedule to adjust the liquidity adding rebate for securities priced under one dollar in both the Automatic...

MedlinePlus Connect: How it Works

MedlinePlus

... it looks depends on how it is implemented. Web Application The Web application returns a formatted response ... for more examples of Web Application response pages. Web Service The MedlinePlus Connect REST-based Web service ...

Investigation Organizer

NASA Technical Reports Server (NTRS)

Panontin, Tina; Carvalho, Robert; Keller, Richard

2004-01-01

Contents include the folloving:Overview of the Application; Input Data; Analytical Process; Tool's Output; and Application of the Results of the Analysis.The tool enables the first element through a Web-based application that can be accessed by distributed teams to store and retrieve any type of digital investigation material in a secure environment. The second is accomplished by making the relationships between information explicit through the use of a semantic network-a structure that literally allows an investigator or team to "connect -the-dots." The third element, the significance of the correlated information, is established through causality and consistency tests using a number of different methods embedded within the tool, including fault trees, event sequences, and other accident models. And finally, the evidence gathered and structured within the tool can be directly, electronically archived to preserve the evidence and investigative reasoning.

Secure remote access to a clinical data repository using a wireless personal digital assistant (PDA).

PubMed

Duncan, R G; Shabot, M M

2000-01-01

TCP/IP and World-Wide-Web (WWW) technology have become the universal standards for networking and delivery of information. Personal digital assistants (PDAs), cellular telephones, and alphanumeric pagers are rapidly converging on a single pocket device that will leverage wireless TCP/IP networks and WWW protocols and can be used to deliver clinical information and alerts anytime, anywhere. We describe a wireless interface to clinical information for physicians based on Palm Corp.'s Palm VII pocket computer, a wireless digital network, encrypted data transmission, secure web servers, and a clinical data repository (CDR).

Secure remote access to a clinical data repository using a wireless personal digital assistant (PDA).

PubMed Central

Duncan, R. G.; Shabot, M. M.

2000-01-01

TCP/IP and World-Wide-Web (WWW) technology have become the universal standards for networking and delivery of information. Personal digital assistants (PDAs), cellular telephones, and alphanumeric pagers are rapidly converging on a single pocket device that will leverage wireless TCP/IP networks and WWW protocols and can be used to deliver clinical information and alerts anytime, anywhere. We describe a wireless interface to clinical information for physicians based on Palm Corp.'s Palm VII pocket computer, a wireless digital network, encrypted data transmission, secure web servers, and a clinical data repository (CDR). PMID:11079875

Eye Can See for Miles and Miles.

ERIC Educational Resources Information Center

School Planning & Management, 2002

2002-01-01

Describes how a New Hampshire school system eliminated internal school vandalism and bomb threats, and reduced the number of false alarms, by using video security software (WebEyeAlert security solution) that is accessible via a variety of methods from remote locations. (Author/EV)

Accelerating Cancer Systems Biology Research through Semantic Web Technology

PubMed Central

Wang, Zhihui; Sagotsky, Jonathan; Taylor, Thomas; Shironoshita, Patrick; Deisboeck, Thomas S.

2012-01-01

Cancer systems biology is an interdisciplinary, rapidly expanding research field in which collaborations are a critical means to advance the field. Yet the prevalent database technologies often isolate data rather than making it easily accessible. The Semantic Web has the potential to help facilitate web-based collaborative cancer research by presenting data in a manner that is self-descriptive, human and machine readable, and easily sharable. We have created a semantically linked online Digital Model Repository (DMR) for storing, managing, executing, annotating, and sharing computational cancer models. Within the DMR, distributed, multidisciplinary, and inter-organizational teams can collaborate on projects, without forfeiting intellectual property. This is achieved by the introduction of a new stakeholder to the collaboration workflow, the institutional licensing officer, part of the Technology Transfer Office. Furthermore, the DMR has achieved silver level compatibility with the National Cancer Institute’s caBIG®, so users can not only interact with the DMR through a web browser but also through a semantically annotated and secure web service. We also discuss the technology behind the DMR leveraging the Semantic Web, ontologies, and grid computing to provide secure inter-institutional collaboration on cancer modeling projects, online grid-based execution of shared models, and the collaboration workflow protecting researchers’ intellectual property. PMID:23188758

Accelerating cancer systems biology research through Semantic Web technology.

PubMed

Wang, Zhihui; Sagotsky, Jonathan; Taylor, Thomas; Shironoshita, Patrick; Deisboeck, Thomas S

2013-01-01

Cancer systems biology is an interdisciplinary, rapidly expanding research field in which collaborations are a critical means to advance the field. Yet the prevalent database technologies often isolate data rather than making it easily accessible. The Semantic Web has the potential to help facilitate web-based collaborative cancer research by presenting data in a manner that is self-descriptive, human and machine readable, and easily sharable. We have created a semantically linked online Digital Model Repository (DMR) for storing, managing, executing, annotating, and sharing computational cancer models. Within the DMR, distributed, multidisciplinary, and inter-organizational teams can collaborate on projects, without forfeiting intellectual property. This is achieved by the introduction of a new stakeholder to the collaboration workflow, the institutional licensing officer, part of the Technology Transfer Office. Furthermore, the DMR has achieved silver level compatibility with the National Cancer Institute's caBIG, so users can interact with the DMR not only through a web browser but also through a semantically annotated and secure web service. We also discuss the technology behind the DMR leveraging the Semantic Web, ontologies, and grid computing to provide secure inter-institutional collaboration on cancer modeling projects, online grid-based execution of shared models, and the collaboration workflow protecting researchers' intellectual property. Copyright © 2012 Wiley Periodicals, Inc.

Be-safe travel, a web-based geographic application to explore safe-route in an area

NASA Astrophysics Data System (ADS)

Utamima, Amalia; Djunaidy, Arif

2017-08-01

In large cities in developing countries, the various forms of criminality are often found. For instance, the most prominent crimes in Surabaya, Indonesia is 3C, that is theft with violence (curas), theft by weighting (curat), and motor vehicle theft (curanmor). 3C case most often occurs on the highway and residential areas. Therefore, new entrants in an area should be aware of these kind of crimes. Route Planners System or route planning system such as Google Maps only consider the shortest distance in the calculation of the optimal route. The selection of the optimal path in this study not only consider the shortest distance, but also involves other factors, namely the security level. This research considers at the need for an application to recommend the safest road to be passed by the vehicle passengers while drive an area. This research propose Be-Safe Travel, a web-based application using Google API that can be accessed by people who like to drive in an area, but still lack of knowledge of the pathways which are safe from crime. Be-Safe Travel is not only useful for the new entrants, but also useful for delivery courier of valuables goods to go through the safest streets.

Critical Issues of Web-Enabled Technologies in Modern Organizations.

ERIC Educational Resources Information Center

Khosrow-Pour, Mehdi; Herman, Nancy

2001-01-01

Discusses results of a Delphi study that explored issues related to the utilization and management of Web-enabled technologies by modern organizations. Topics include bandwidth restrictions; security; data integrity; inadequate search facilities; system incompatibilities; failure to adhere to standards; email; use of metadata; privacy and…

Developing Online Communities with LAMP (Linux, Apache, MySQL, PHP) - the IMIA OSNI and CHIRAD Experiences.

PubMed

Murray, Peter J; Oyri, Karl

2005-01-01

Many health informatics organisations do not seem to use, on a practical basis, for the benefit of their activities and interaction with their members, the very technologies that they often promote for use within healthcare environments. In particular, many organisations seem to be slow to take up the benefits of interactive web technologies. This paper presents an introduction to some of the many free/libre and open source (FLOSS) applications currently available and using the LAMP - Linux, Apache, MySQL, PHP architecture - as a way of cheaply deploying reliable, scalable, and secure web applications. The experience of moving to applications using LAMP architecture, in particular that of the Open Source Nursing Informatics (OSNI) Working Group of the Special Interest Group in Nursing Informatics of the International Medical Informatics Association (IMIA-NI), in using PostNuke, a FLOSS Content Management System (CMS) illustrates many of the benefits of such applications. The experiences of the authors in installing and maintaining a large number of websites using FLOSS CMS to develop dynamic, interactive websites that facilitate real engagement with the members of IMIA-NI OSNI, the IMIA Open Source Working Group, and the Centre for Health Informatics Research and Development (CHIRAD), as well as other organisations, is used as the basis for discussing the potential benefits that could be realised by others within the health informatics community.

Cloud Surprises in Moving NASA EOSDIS Applications into Amazon Web Services

NASA Technical Reports Server (NTRS)

Mclaughlin, Brett

2017-01-01

NASA ESDIS has been moving a variety of data ingest, distribution, and science data processing applications into a cloud environment over the last 2 years. As expected, there have been a number of challenges in migrating primarily on-premises applications into a cloud-based environment, related to architecture and taking advantage of cloud-based services. What was not expected is a number of issues that were beyond purely technical application re-architectures. We ran into surprising network policy limitations, billing challenges in a government-based cost model, and difficulty in obtaining certificates in an NASA security-compliant manner. On the other hand, this approach has allowed us to move a number of applications from local hosting to the cloud in a matter of hours (yes, hours!!), and our CMR application now services 95% of granule searches and an astonishing 99% of all collection searches in under a second. And most surprising of all, well, you'll just have to wait and see the realization that caught our entire team off guard!

Final Report: Sensorpedia Phases 1 and 2

DOE Office of Scientific and Technical Information (OSTI.GOV)

Gorman, Bryan L; Resseguie, David R

2010-08-01

Over the past several years, ORNL has been actively involved in research to formalize the engineering principles and best practices behind emerging social media and social networking concepts to solve real-time data sharing problems for national security and defense, public health and safety, environmental and infrastructure awareness, and disaster preparedness and response. Sensorpedia, an ORNL web site, is a practical application of several key social media principles. Dubbed the Wikipedia for sensors, Sensorpedia is currently in limited BETA testing and was selected in 2009 by Federal Computer Week as one of the government s top 10 social networking sites.

An end-to-end secure patient information access card system.

PubMed

Alkhateeb, A; Singer, H; Yakami, M; Takahashi, T

2000-03-01

The rapid development of the Internet and the increasing interest in Internet-based solutions has promoted the idea of creating Internet-based health information applications. This will force a change in the role of IC cards in healthcare card systems from a data carrier to an access key medium. At the Medical Informatics Department of Kyoto University Hospital we are developing a smart card patient information project where patient databases are accessed via the Internet. Strong end-to-end data encryption is performed via Secure Socket Layers, transparent to transmit patient information. The smart card is playing the crucial role of access key to the database: user authentication is performed internally without ever revealing the actual key. For easy acceptance by healthcare professionals, the user interface is integrated as a plug-in for two familiar Web browsers, Netscape Navigator and MS Internet Explorer.

Transportation Secure Data Center: Real-World Data for Planning, Modeling, and Analysis

DOE Office of Scientific and Technical Information (OSTI.GOV)

The Transportation Secure Data Center (TSDC) at www.nrel.gov/tsdc provides free, web-based access to detailed transportation data from a variety of travel surveys conducted across the nation. While preserving the privacy of survey participants, this online repository makes vital transportation data broadly available to users from the comfort of their own desks via a secure online connection. Data Available through the TSDC: Maintained by the U.S. Department of Energy's National Renewable Energy Laboratory (NREL) in partnership with the U.S. Department of Transportation (DOT), the TSDC houses data from travel surveys and studies conducted using global positioning system (GPS) devices. It featuresmore » millions of data points - second-by-second GPS readings, vehicle characteristics (if applicable), and demographics - for all modes of travel. NREL screens the initial data for quality control, translates each data set into a consistent format, and interprets the data for spatial analysis. NREL's processing routines add information on vehicle fuel economy and road grades and join data points to the road network.« less

The secure authorization model for healthcare information system.

PubMed

Hsu, Wen-Shin; Pan, Jiann-I

2013-10-01

Exploring healthcare system for assisting medical services or transmitting patients' personal health information in web application has been widely investigated. Information and communication technologies have been applied to the medical services and healthcare area for a number of years to resolve problems in medical management. In the healthcare system, not all users are allowed to access all the information. Several authorization models for restricting users to access specific information at specific permissions have been proposed. However, as the number of users and the amount of information grows, the difficulties for administrating user authorization will increase. The critical problem limits the widespread usage of the healthcare system. This paper proposes an approach for role-based and extends it to deal with the information for authorizations in the healthcare system. We propose the role-based authorization model which supports authorizations for different kinds of objects, and a new authorization domain. Based on this model, we discuss the issues and requirements of security in the healthcare systems. The security issues for services shared between different healthcare industries will also be discussed.

Smart sensing surveillance system

NASA Astrophysics Data System (ADS)

Hsu, Charles; Chu, Kai-Dee; O'Looney, James; Blake, Michael; Rutar, Colleen

2010-04-01

Unattended ground sensor (UGS) networks have been widely used in remote battlefield and other tactical applications over the last few decades due to the advances of the digital signal processing. The UGS network can be applied in a variety of areas including border surveillance, special force operations, perimeter and building protection, target acquisition, situational awareness, and force protection. In this paper, a highly-distributed, fault-tolerant, and energyefficient Smart Sensing Surveillance System (S4) is presented to efficiently provide 24/7 and all weather security operation in a situation management environment. The S4 is composed of a number of distributed nodes to collect, process, and disseminate heterogeneous sensor data. Nearly all S4 nodes have passive sensors to provide rapid omnidirectional detection. In addition, Pan- Tilt- Zoom- (PTZ) Electro-Optics EO/IR cameras are integrated to selected nodes to track the objects and capture associated imagery. These S4 camera-connected nodes will provide applicable advanced on-board digital image processing capabilities to detect and track the specific objects. The imaging detection operations include unattended object detection, human feature and behavior detection, and configurable alert triggers, etc. In the S4, all the nodes are connected with a robust, reconfigurable, LPI/LPD (Low Probability of Intercept/ Low Probability of Detect) wireless mesh network using Ultra-wide band (UWB) RF technology, which can provide an ad-hoc, secure mesh network and capability to relay network information, communicate and pass situational awareness and messages. The S4 utilizes a Service Oriented Architecture such that remote applications can interact with the S4 network and use the specific presentation methods. The S4 capabilities and technologies have great potential for both military and civilian applications, enabling highly effective security support tools for improving surveillance activities in densely crowded environments and near perimeters and borders. The S4 is compliant with Open Geospatial Consortium - Sensor Web Enablement (OGC-SWE®) standards. It would be directly applicable to solutions for emergency response personnel, law enforcement, and other homeland security missions, as well as in applications requiring the interoperation of sensor networks with handheld or body-worn interface devices.

Baiting Inside Attackers using Decoy Documents

DTIC Science & Technology

2008-09-16

viewed. Animated images allow the senders to monitor how long the message was displayed. The web bugs operate without alerting the user of the...Military Computer Security Policies”. IEEE Symposium on Security and Privacy, 1987. [5] Demers, A., Gehrke, J., Hong, M., Panda , B., Riedewald, M., Sharma

32 CFR 806.15 - FOIA exemptions.

Code of Federal Regulations, 2011 CFR

2011-07-01

... safeguarding social security numbers (SSN). It states: “SSNs are personal and unique to each individual... accessible DoD web sites unless to do so is clearly authorized by law and implementing regulation and policy. Personal information should not be posted at nonpublicly accessible web sites unless it is mission...

Cyberspace as a Theater of Conflict: Federal Law, National Strategy and the Departments of Defense and Homeland Security

DTIC Science & Technology

2007-06-01

short period of time. When web search organizations canvas the web looking for sites to catalog, they will discover your systems and create registry... Fingerprint & DNA Databases, INTERPOL & National Law Enforcement Communication Systems, Firearms Registration Records, Drivers License, Birth

75 FR 70957 - Self-Regulatory Organizations; Chicago Board Options Exchange, Incorporated; Order Approving...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-19

... the Financial Industry Regulatory Authority's (``FINRA'') Central Registration Depository System (``WebCRD''), and must pass the General Securities Representative examination (``Series 7'') to function... individual associated persons \\11\\ not already registered in WebCRD to register under Rule 3.6A within 60...

Marketing and Selling CD-ROM Products on the World-Wide Web.

ERIC Educational Resources Information Center

Walker, Becki

1995-01-01

Describes three companies' approaches to marketing and selling CD-ROM products on the World Wide Web. Benefits include low overhead for Internet-based sales, allowance for creativity, and ability to let customers preview products online. Discusses advertising, information delivery, content, information services, and security. (AEF)

49 CFR 393.102 - What are the minimum performance criteria for cargo securement devices and systems?

Code of Federal Regulations, 2010 CFR

2010-10-01

... chains, wire rope, steel strapping, synthetic webbing, and cordage) and other attachment or fastening... acceleration in a lateral direction. (2) Working Load limit. Tiedown assemblies (including chains, wire rope, steel strapping, synthetic webbing, and cordage) and other attachment or fastening devices used to...

49 CFR 393.102 - What are the minimum performance criteria for cargo securement devices and systems?

Code of Federal Regulations, 2011 CFR

2011-10-01

... chains, wire rope, steel strapping, synthetic webbing, and cordage) and other attachment or fastening... acceleration in a lateral direction. (2) Working Load limit. Tiedown assemblies (including chains, wire rope, steel strapping, synthetic webbing, and cordage) and other attachment or fastening devices used to...

76 FR 24848 - Submission for OMB Review; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2011-05-03

...: USDA Web Based Supply Chain Management System (WBSCMs). OMB Control Number: 0581--NEW. Summary of... using the secure Web Based Supply Chain Management System (WBSCM). Vendors must be registered, and have... assists AMS with making a determination whether a business is viable and capable of supplying product to...

Research on web-based decision support system for sports competitions

NASA Astrophysics Data System (ADS)

Huo, Hanqiang

2010-07-01

This paper describes the system architecture and implementation technology of the decision support system for sports competitions, discusses the design of decision-making modules, management modules and security of the system, and proposes the development idea of building a web-based decision support system for sports competitions.

Consumer trust to a Web site: moderating effect of attitudes toward online shopping.

PubMed

San Martín, Sonia; Camarero, Carmen

2008-10-01

In this paper, authors suggest a model that reflects the role played by the Web site characteristics and the previous level of satisfaction as determinant factors of trust in the Web site. Also, authors consider the moderating effects of consumers' motives and inhibitors to purchase online. Results show that satisfaction with previous purchases, the Web site security and privacy policies, and service quality are the main determinants of trust. Also, the motives and inhibitors the individuals perceive when buying online determine the type of signals they consider to trust.

Orchestrating BMD Control in Extended BPEL

DTIC Science & Technology

2008-05-21

Orchestration of secure WebMail , Technical Report ISE-TR-06-08, George Mason University, Fairfax, VA, August 2006. [9] E. Christensen, F. Curbera...methods to access and dissemination control, securing circuit switched (SS7) and IP based telecommunication (VoIP) systems, multimedia, security ...decorating the Business Process Execution Language (BPEL) with Quality of Service (QoS), Measures of Performance (MoP), Measures of Effectiveness (MoE

Secure Sensor Semantic Web and Information Fusion

DTIC Science & Technology

2014-06-25

data acquired and transmitted by wireless sensor networks (WSNs). In a WSN, due to a need for robustness of monitoring and low cost of the nodes...3 S. Ozdemir and Y. Xiao, “Secure data aggregation in wireless sensor networks : A comprehensive overview...Elisa Bertino, and Somesh Jha: Secure data aggregation technique for wireless sensor networks in the presence of collusion attacks. To appear in

Polymer-Polymer Bilayer Actuator

NASA Technical Reports Server (NTRS)

Su, Ji (Inventor); Harrison, Joycelyn S. (Inventor); St.Clair, Terry L. (Inventor)

2003-01-01

A device for providing an electromechanical response includes two polymeric webs bonded to each other along their lengths. At least one polymeric web is activated upon application thereto of an electric field and exhibits electrostriction by rotation of polar graft moieties within the polymeric web. In one embodiment, one of the two polymeric webs in an active web upon application thereto of the electric field, and the other polymeric web is a non-active web upon application thereto of the electric field. In another embodiment, both of the two polymeric webs are capable of being active webs upon application thereto of the electric field. However, these two polymeric webs are alternately activated and non-activated by the electric field.

The Role of the Web Server in a Capstone Web Application Course

ERIC Educational Resources Information Center

Umapathy, Karthikeyan; Wallace, F. Layne

2010-01-01

Web applications have become commonplace in the Information Systems curriculum. Much of the discussion about Web development for capstone courses has centered on the scripting tools. Very little has been discussed about different ways to incorporate the Web server into Web application development courses. In this paper, three different ways of…

Migration of the Three-dimensional Wind Field (3DWF) Model from Linux to Windows and Mobile Platforms

DTIC Science & Technology

2017-11-01

7 Fig. 10 Build executable code ........................................................................... 8 Fig. 11 3DWF GUI’s main web ...can be designed in any Windows operating system with internet access via Microsoft’s Internet Explorer (IE) web browser. For this particular project...Therefore, it is advised to have network security safeguards in place and operate only in a trusted PC. The GUI’s Hypertext Markup Language (HTML) web

Achieving Better Buying Power for Mobile Open Architecture Software Systems Through Diverse Acquisition Scenarios

DTIC Science & Technology

2016-04-30

software (OSS) and proprietary (CSS) software elements or remote services (Scacchi, 2002, 2010), eventually including recent efforts to support Web ...specific platforms, including those operating on secured Web /mobile devices.  Common Development Technology provides AC development tools and common...transition to OA systems and OSS software elements, specifically for Web and Mobile devices within the realm of C3CB. OA, Open APIs, OSS, and CSS OA

The efficacy of online communication platforms for plastic surgeons providing extended disaster relief.

PubMed

Fan, Kenneth L; Avashia, Yash J; Dayicioglu, Deniz; DeGennaro, Vincent A; Thaller, Seth R

2014-04-01

Immediately after the January 2010 earthquake in Haiti, plastic surgeons provided disaster relief services through the University of Miami Miller School of Medicine for 5 months. To improve surgical care and promote awareness of plastic surgery's role in humanitarian assistance, an online communication platform (OCP) was initiated. An OCP is a Web-based application combining Web blogging, picture uploading, news posting, and private messaging systems into a single platform. The purpose of this study was to analyze the use of OCP during disaster relief. Surgeries performed during the period from January 13 to May 28, 2010, were documented. The OCP was established with 4 priorities: ease of use, multimedia integration, organization capabilities, and security. Web traffic was documented. A 17-question survey was administered to 18 plastic surgeons who used the OCP after 1 year to assess their attitudes and perceptions. From January 13 to May 28, 2010, 413 operations were performed at the field hospital. Of the overall number of procedures, 46.9% were performed by plastic surgery teams. In a year, beginning from January 12, 2011, the OCP had 1117 visits with 530 absolute unique visitors. Of 17 plastic surgeons, 71% responded that the OCP improved follow-up and continuity of care by debriefing rotating plastic surgery teams. One hundred percent claimed that the OCP conveyed the role of plastic surgeons with the public. Results demonstrate the necessity of OCP during disaster relief. Online communication platform permitted secure exchange of surgical management details, follow-up, photos, and miscellaneous necessary recommendations. Posted experiences and field hospital progress assisted in generating substantial awareness regarding the significant role and contribution played by plastic surgeons in disaster relief.

A secure mobile crowdsensing (MCS) location tracker for elderly in smart city

NASA Astrophysics Data System (ADS)

Shien, Lau Khai; Singh, Manmeet Mahinderjit

2017-10-01

According to the UN's (United Nations) projection, Malaysia will achieve ageing population status by 2030. The challenge of the growing ageing population is health and social care services. As the population lives longer, the costs of institutional care rises and elderly who not able live independently in their own homes without caregivers. Moreover, it restricted their activity area, safety and freedom in their daily life. Hence, a tracking system is worthy for their caregivers to track their real-time location with efficient. Currently tracking and monitoring systems are unable to satisfy the needs of the community. Hence, Indoor-Outdoor Elderly Secure and Tracking care system (IOET) proposed to track and monitor elderly. This Mobile Crowdsensing type of system is using indoor and outdoor positioning system to locate elder which utilizes the RFID, NFC, biometric system and GPS aim to secure the safety of elderly within indoors and outdoors environment. A mobile application and web-based application to be designed for this system. This system able to real-time tracking by combining GPS and NFC for outdoor coverage where ideally in smart city. In indoor coverage, the system utilizes active RFID tracking elderly movement. The system will prompt caregiver wherever elderly movement or request by using the notification service which provided the real-time notify. Caregiver also can review the place that visited by elderly and trace back elderly movement.

20 CFR 401.45 - Verifying your identity.

Code of Federal Regulations, 2010 CFR

2010-04-01

....45 Employees' Benefits SOCIAL SECURITY ADMINISTRATION PRIVACY AND DISCLOSURE OF OFFICIAL RECORDS AND... online access option, such as a standard e-mail comment form on our Web site, and encryption is not being used, we alert you that personally identifiable information (such as your social security number...

20 CFR 401.45 - Verifying your identity.

Code of Federal Regulations, 2011 CFR

2011-04-01

....45 Employees' Benefits SOCIAL SECURITY ADMINISTRATION PRIVACY AND DISCLOSURE OF OFFICIAL RECORDS AND... online access option, such as a standard e-mail comment form on our Web site, and encryption is not being used, we alert you that personally identifiable information (such as your social security number...

77 FR 44306 - Service Delivery Plan

Federal Register 2010, 2011, 2012, 2013, 2014

2012-07-27

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA-2012-0048] Service Delivery Plan AGENCY: Social... publicly available. Do not include in your comments any personal information, such as Social Security... function of the Web page to find docket number SSA-2012-0048. The system will issue you a tracking number...

77 FR 16846 - Published Privacy Impact Assessments on the Web

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-22

... Security Advanced Research Projects Agency (HSARPA), S&T Directorate seeks to develop physiological and behavioral screening technologies that will enable security officials to test the effectiveness of current... FAST research is adding a new type of research, the Passive Methods for Precision Behavioral Screening...

Web-Altairis: An Internet-Enabled Ground System

NASA Technical Reports Server (NTRS)

Miller, Phil; Coleman, Jason; Gemoets, Darren; Hughes, Kevin

2000-01-01

This paper describes Web-Altairis, an Internet-enabled ground system software package funded by the Advanced Automation and Architectures Branch (Code 588) of NASA's Goddard Space Flight Center. Web-Altairis supports the trend towards "lights out" ground systems, where the control center is unattended and problems are resolved by remote operators. This client/server software runs on most popular platforms and provides for remote data visualization using the rich functionality of the VisAGE toolkit. Web-Altairis also supports satellite commanding over the Internet. This paper describes the structure of Web-Altairis and VisAGE, the underlying technologies, the provisions for security, and our experiences in developing and testing the software.

Enabling Secure XMPP Communications in Federated IoT Clouds Through XEP 0027 and SAML/SASL SSO

PubMed Central

Celesti, Antonio; Fazio, Maria; Villari, Massimo

2017-01-01

Nowadays, in the panorama of Internet of Things (IoT), finding a right compromise between interactivity and security is not trivial at all. Currently, most of pervasive communication technologies are designed to work locally. As a consequence, the development of large-scale Internet services and applications is not so easy for IoT Cloud providers. The main issue is that both IoT architectures and services have started as simple but they are becoming more and more complex. Consequently, the web service technology is often inappropriate. Recently, many operators in both academia and industry fields are considering the possibility to adopt the eXtensible Messaging and Presence Protocol (XMPP) for the implementation of IoT Cloud communication systems. In fact, XMPP offers many advantages in term of real-time capabilities, efficient data distribution, service discovery and inter-domain communication compared to other technologies. Nevertheless, the protocol lacks of native security, data confidentiality and trustworthy federation features. In this paper, considering an XMPP-based IoT Cloud architectural model, we discuss how can be possible to enforce message signing/encryption and Single-Sign On (SSO) authentication respectively for secure inter-module and inter-domain communications in a federated environment. Experiments prove that security mechanisms introduce an acceptable overhead, considering the obvious advantages achieved in terms of data trustiness and privacy. PMID:28178214

Enabling Secure XMPP Communications in Federated IoT Clouds Through XEP 0027 and SAML/SASL SSO.

PubMed

Celesti, Antonio; Fazio, Maria; Villari, Massimo

2017-02-07

Nowadays, in the panorama of Internet of Things (IoT), finding a right compromise between interactivity and security is not trivial at all. Currently, most of pervasive communication technologies are designed to work locally. As a consequence, the development of large-scale Internet services and applications is not so easy for IoT Cloud providers. The main issue is that both IoT architectures and services have started as simple but they are becoming more and more complex. Consequently, the web service technology is often inappropriate. Recently, many operators in both academia and industry fields are considering the possibility to adopt the eXtensible Messaging and Presence Protocol (XMPP) for the implementation of IoT Cloud communication systems. In fact, XMPP offers many advantages in term of real-time capabilities, efficient data distribution, service discovery and inter-domain communication compared to other technologies. Nevertheless, the protocol lacks of native security, data confidentiality and trustworthy federation features. In this paper, considering an XMPP-based IoT Cloud architectural model, we discuss how can be possible to enforce message signing/encryption and Single-Sign On (SSO) authentication respectively for secure inter-module and inter-domain communications in a federated environment. Experiments prove that security mechanisms introduce an acceptable overhead, considering the obvious advantages achieved in terms of data trustiness and privacy.

XMM-Newton Mobile Web Application

NASA Astrophysics Data System (ADS)

Ibarra, A.; Kennedy, M.; Rodríguez, P.; Hernández, C.; Saxton, R.; Gabriel, C.

2013-10-01

We present the first XMM-Newton web mobile application, coded using new web technologies such as HTML5, the Query mobile framework, and D3 JavaScript data-driven library. This new web mobile application focuses on re-formatted contents extracted directly from the XMM-Newton web, optimizing the contents for mobile devices. The main goals of this development were to reach all kind of handheld devices and operating systems, while minimizing software maintenance. The application therefore has been developed as a web mobile implementation rather than a more costly native application. New functionality will be added regularly.

Ajax Architecture Implementation Techniques

NASA Astrophysics Data System (ADS)

Hussaini, Syed Asadullah; Tabassum, S. Nasira; Baig, Tabassum, M. Khader

2012-03-01

Today's rich Web applications use a mix of Java Script and asynchronous communication with the application server. This mechanism is also known as Ajax: Asynchronous JavaScript and XML. The intent of Ajax is to exchange small pieces of data between the browser and the application server, and in doing so, use partial page refresh instead of reloading the entire Web page. AJAX (Asynchronous JavaScript and XML) is a powerful Web development model for browser-based Web applications. Technologies that form the AJAX model, such as XML, JavaScript, HTTP, and XHTML, are individually widely used and well known. However, AJAX combines these technologies to let Web pages retrieve small amounts of data from the server without having to reload the entire page. This capability makes Web pages more interactive and lets them behave like local applications. Web 2.0 enabled by the Ajax architecture has given rise to a new level of user interactivity through web browsers. Many new and extremely popular Web applications have been introduced such as Google Maps, Google Docs, Flickr, and so on. Ajax Toolkits such as Dojo allow web developers to build Web 2.0 applications quickly and with little effort.

Sirepo for Synchrotron Radiation Workshop

DOE Office of Scientific and Technical Information (OSTI.GOV)

Nagler, Robert; Moeller, Paul; Rakitin, Maksim

Sirepo is an open source framework for cloud computing. The graphical user interface (GUI) for Sirepo, also known as the client, executes in any HTML5 compliant web browser on any computing platform, including tablets. The client is built in JavaScript, making use of the following open source libraries: Bootstrap, which is fundamental for cross-platform web applications; AngularJS, which provides a model–view–controller (MVC) architecture and GUI components; and D3.js, which provides interactive plots and data-driven transformations. The Sirepo server is built on the following Python technologies: Flask, which is a lightweight framework for web development; Jinja, which is a secure andmore » widely used templating language; and Werkzeug, a utility library that is compliant with the WSGI standard. We use Nginx as the HTTP server and proxy, which provides a scalable event-driven architecture. The physics codes supported by Sirepo execute inside a Docker container. One of the codes supported by Sirepo is the Synchrotron Radiation Workshop (SRW). SRW computes synchrotron radiation from relativistic electrons in arbitrary magnetic fields and propagates the radiation wavefronts through optical beamlines. SRW is open source and is primarily supported by Dr. Oleg Chubar of NSLS-II at Brookhaven National Laboratory.« less

Web-Based Geospatial Tools to Address Hazard Mitigation, Natural Resource Management, and Other Societal Issues

USGS Publications Warehouse

Hearn,, Paul P.

2009-01-01

Federal, State, and local government agencies in the United States face a broad range of issues on a daily basis. Among these are natural hazard mitigation, homeland security, emergency response, economic and community development, water supply, and health and safety services. The U.S. Geological Survey (USGS) helps decision makers address these issues by providing natural hazard assessments, information on energy, mineral, water and biological resources, maps, and other geospatial information. Increasingly, decision makers at all levels are challenged not by the lack of information, but by the absence of effective tools to synthesize the large volume of data available, and to utilize the data to frame policy options in a straightforward and understandable manner. While geographic information system (GIS) technology has been widely applied to this end, systems with the necessary analytical power have been usable only by trained operators. The USGS is addressing the need for more accessible, manageable data tools by developing a suite of Web-based geospatial applications that will incorporate USGS and cooperating partner data into the decision making process for a variety of critical issues. Examples of Web-based geospatial tools being used to address societal issues follow.

Pervasive sensing

NASA Astrophysics Data System (ADS)

Nagel, David J.

2000-11-01

The coordinated exploitation of modern communication, micro- sensor and computer technologies makes it possible to give global reach to our senses. Web-cameras for vision, web- microphones for hearing and web-'noses' for smelling, plus the abilities to sense many factors we cannot ordinarily perceive, are either available or will be soon. Applications include (1) determination of weather and environmental conditions on dense grids or over large areas, (2) monitoring of energy usage in buildings, (3) sensing the condition of hardware in electrical power distribution and information systems, (4) improving process control and other manufacturing, (5) development of intelligent terrestrial, marine, aeronautical and space transportation systems, (6) managing the continuum of routine security monitoring, diverse crises and military actions, and (7) medicine, notably the monitoring of the physiology and living conditions of individuals. Some of the emerging capabilities, such as the ability to measure remotely the conditions inside of people in real time, raise interesting social concerns centered on privacy issues. Methods for sensor data fusion and designs for human-computer interfaces are both crucial for the full realization of the potential of pervasive sensing. Computer-generated virtual reality, augmented with real-time sensor data, should be an effective means for presenting information from distributed sensors.

Design, construction, and technical implementation of a web-based interdisciplinary symptom evaluation (WISE) - a heuristic proposal for orofacial pain and temporomandibular disorders.

PubMed

Ettlin, Dominik A; Sommer, Isabelle; Brönnimann, Ben; Maffioletti, Sergio; Scheidt, Jörg; Hou, Mei-Yin; Lukic, Nenad; Steiger, Beat

2016-12-01

Medical symptoms independent of body location burden individuals to varying degrees and may require care by more than one expert. Various paper and computer-based tools exist that aim to comprehensively capture data for optimal clinical management and research. A web-based interdisciplinary symptom evaluation (WISE) was newly designed, constructed, and technically implemented. For worldwide applicability and to avoid copyright infringements, open source software tools and free validated questionnaires available in multiple languages were used. Highly secure data storage limits access strictly to those who use the tool for collecting, storing, and evaluating their data. Concept and implementation is illustrated by a WISE sample tailored for the requirements of a single center in Switzerland providing interdisciplinary care to orofacial pain and temporomandibular disorder patients. By combining a symptom- burden checklist with in-depth questionnaires serving as case-finding instruments, an algorithm was developed that assists in clarifying case complexity and need for targeted expert evaluation. This novel modular approach provides a personalized, response-tailored instrument for the time- and cost-effective collection of symptom-burden focused quantitative data. The tool includes body drawing options and instructional videos. It is applicable for biopsychosocial evaluation in a variety of clinical settings and offers direct feedback by a case report summary. In clinical practice, the new instrument assists in clarifying case complexity and referral need, based on symptom burden and response -tailored case finding. It provides single-case summary reports from a biopsychosocial perspective and includes graphical symptom maps. Secure, centrally stored data collection of anonymous data is possible. The tool enables personalized medicine, facilitates interprofessional education and collaboration, and allows for multicenter patient-reported outcomes research.

Research on the technology of detecting the SQL injection attack and non-intrusive prevention in WEB system

NASA Astrophysics Data System (ADS)

Hu, Haibin

2017-05-01

Among numerous WEB security issues, SQL injection is the most notable and dangerous. In this study, characteristics and procedures of SQL injection are analyzed, and the method for detecting the SQL injection attack is illustrated. The defense resistance and remedy model of SQL injection attack is established from the perspective of non-intrusive SQL injection attack and defense. Moreover, the ability of resisting the SQL injection attack of the server has been comprehensively improved through the security strategies on operation system, IIS and database, etc.. Corresponding codes are realized. The method is well applied in the actual projects.

Filtering SPAM in P2PSIP Communities with Web of Trust

NASA Astrophysics Data System (ADS)

Heikkilä, Juho; Gurtov, Andrei

Spam is a dominant problem on email systems today. One of the reasons is the lack of infrastructure for security and trust. As Voice over IP (VoIP) communication becomes increasingly popular, proliferation of spam calls is only a matter of time. As SIP identity scheme is practically similar to email, those share the same threats. We utilized Host Identity Protocol (HIP) to provide basic security, such as end-to-end encryption. To provide call filtering, however, other tools are needed. In this paper, we suggest applying trust paths familiar from the PGP web of trust to prevent unwanted communication in P2PSIP communities.

17 CFR 240.6a-4 - Notice of registration under Section 6(g) of the Act, amendment to such notice, and supplemental...

Code of Federal Regulations, 2012 CFR

2012-04-01

... this section is available continuously on an Internet web site controlled by a Security Futures Product... 17 Commodity and Securities Exchanges 3 2012-04-01 2012-04-01 false Notice of registration under... registered under Section 6(g) of the Act. 240.6a-4 Section 240.6a-4 Commodity and Securities Exchanges...

17 CFR 240.6a-4 - Notice of registration under Section 6(g) of the Act, amendment to such notice, and supplemental...

Code of Federal Regulations, 2011 CFR

2011-04-01

... this section is available continuously on an Internet web site controlled by a Security Futures Product... 17 Commodity and Securities Exchanges 3 2011-04-01 2011-04-01 false Notice of registration under... registered under Section 6(g) of the Act. 240.6a-4 Section 240.6a-4 Commodity and Securities Exchanges...

CrossTalk: The Journal of Defense Software Engineering. Volume 19, Number 5

DTIC Science & Technology

2006-05-01

Coming Events Web Sites Call for Articles Visit CrossTalk at the SSTC BackTalk Transforming: Business , Security ,Warfighting CrossTalk 76 SMXG CO-SPONSOR...theme “Transforming: Business , Security , Warfighting.” Transformation is not just the current buzzword: Many industries and the military have...systems. Transforming: Business , Security ,Warfighting Characteristic edocfosenilnoillim001-01eziS Number of external interfaces 30-300 Number of

Web data mining

NASA Astrophysics Data System (ADS)

Wibonele, Kasanda J.; Zhang, Yanqing

2002-03-01

A web data mining system using granular computing and ASP programming is proposed. This is a web based application, which allows web users to submit survey data for many different companies. This survey is a collection of questions that will help these companies develop and improve their business and customer service with their clients by analyzing survey data. This web application allows users to submit data anywhere. All the survey data is collected into a database for further analysis. An administrator of this web application can login to the system and view all the data submitted. This web application resides on a web server, and the database resides on the MS SQL server.

78 FR 63159 - Amendment to Certification of Nebraska's Central Filing System

Federal Register 2010, 2011, 2012, 2013, 2014

2013-10-23

... system for Nebraska to permit the conversion of all debtor social security and taxpayer identification... automatically convert social security numbers and taxpayer identification numbers into ten number unique... certified central filing systems is available through the Internet on the GIPSA Web site ( http://www.gipsa...

75 FR 77876 - Sunshine Act Meeting

Federal Register 2010, 2011, 2012, 2013, 2014

2010-12-14

... the Board's Web page at http://www.federalreserve.gov on the day of the meeting. If you plan to attend..., and social security number (SSN) or passport number. You may provide this information by calling (202... voluntary; however, failure to provide your name, date of birth, and social security number or passport...

Automatic Web-based Calibration of Network-Capable Shipboard Sensors

DTIC Science & Technology

2007-09-01

Server, Java , Applet, and Servlet . 16. PRICE CODE 17. SECURITY CLASSIFICATION OF REPORT Unclassified 18. SECURITY CLASSIFICATION OF THIS PAGE...49 b. Sensor Applet...........................................................................49 3. Java Servlet ...Table 1. Required System Environment Variables for Java Servlet Development. ......25 Table 2. Payload Data Format of the POST Requests from

U.S.-Mexican Security Cooperation: the Merida Initiative and Beyond

DTIC Science & Technology

2010-07-29

Department to USAID for implementation. 71 “Cárteles Perturban al Sistema Carcelario,” El Universal, June 18, 2010. 72 Silvia Otero, “No Investigan 95...a Web .” Milenio. July 28, 2010. U.S.-Mexican Security Cooperation: the Mérida Initiative and Beyond Congressional Research Service 27 Similar

U.S.- Mexican Security Cooperation: The Merida Initiative and Beyond

DTIC Science & Technology

2010-07-29

Department to USAID for implementation. 71 “Cárteles Perturban al Sistema Carcelario,” El Universal, June 18, 2010. 72 Silvia Otero, “No Investigan 95...a Web .” Milenio. July 28, 2010. U.S.-Mexican Security Cooperation: the Mérida Initiative and Beyond Congressional Research Service 27 Similar

U.S.-Mexican Security Cooperation: the Merida Initiative and Beyond

DTIC Science & Technology

2010-08-16

2010, those funds had yet to be transferred from the State Department to USAID for implementation. 71 “Cárteles Perturban al Sistema Carcelario,” El...Quejas a Web .” Milenio. July 28, 2010. U.S.-Mexican Security Cooperation: the Mérida Initiative and Beyond Congressional Research Service 27

5 CFR 2606.201 - Requests for access.

Code of Federal Regulations, 2011 CFR

2011-01-01

... on OGE's Web site at http://www.usoge.gov, or upon request from OGE's Office of General Counsel and... Office of Federal Register at the GPO Access Web site (http://www.access.gpo.gov/su_docs/aces/PrivacyAct... individual's full name (including her maiden name, if pertinent), dates of employment, social security number...

32 CFR 537.12 - Settlement authority.

Code of Federal Regulations, 2010 CFR

2010-07-01

... samples posted at the USARCS Web site (for the address see the Note to § 537.1). USARCS may waive the... Affairs, Social Security disability, and any other government benefits accruing to the injured party. (iv... to the sample posted at the USARCS Web site (for the address see the Note to § 537.1). However, the...

6 CFR 5.21 - Requests for access to records.

Code of Federal Regulations, 2011 CFR

2011-01-01

... accessed electronically at the Government Printing Office's World Wide Web site (which can be found at http... Printing Office's World Wide Web site (which can be found at http://www.access.gpo.gov/su_docs). (c... requested records, you may also, at your option, include your social security number. (e) Verification of...

28 CFR 16.41 - Requests for access to records.

Code of Federal Regulations, 2010 CFR

2010-07-01

... the Government Printing Office's World Wide Web site (which can be found at http://www.access.gpo.gov... accessed electronically at the Government Printing Office's World Wide Web site (which can be found at http... requested records, you may also, at your option, include your social security number. (e) Verification of...

12 CFR Appendix A to Part 216 - Model Privacy Form

Code of Federal Regulations, 2011 CFR

2011-01-01

... information that the institution collects and shares. All institutions must use the term “Social Security... appropriate. An institution that allows consumers to opt out online must provide either a specific Web address that takes consumers directly to the opt-out page or a general Web address that provides a clear and...

32 CFR 537.12 - Settlement authority.

Code of Federal Regulations, 2011 CFR

2011-07-01

... samples posted at the USARCS Web site (for the address see the Note to § 537.1). USARCS may waive the... Affairs, Social Security disability, and any other government benefits accruing to the injured party. (iv... to the sample posted at the USARCS Web site (for the address see the Note to § 537.1). However, the...

76 FR 31968 - Agency Information Collection Activities: Proposed Collection; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2011-06-02

.... Proposed Project: SAMHSA SOAR Web-Based Data Form--NEW In 2009 the Substance Abuse and Mental Health... in all states. SOAR's primary objective is to improve the allowance rate for Social Security... Center under SAMHSA's direction developed a web-based data form that case managers can use to track the...

6 CFR 5.21 - Requests for access to records.

Code of Federal Regulations, 2010 CFR

2010-01-01

... accessed electronically at the Government Printing Office's World Wide Web site (which can be found at http... Printing Office's World Wide Web site (which can be found at http://www.access.gpo.gov/su_docs). (c... requested records, you may also, at your option, include your social security number. (e) Verification of...

28 CFR 16.41 - Requests for access to records.

Code of Federal Regulations, 2011 CFR

2011-07-01

... the Government Printing Office's World Wide Web site (which can be found at http://www.access.gpo.gov... accessed electronically at the Government Printing Office's World Wide Web site (which can be found at http... requested records, you may also, at your option, include your social security number. (e) Verification of...

76 FR 51044 - Agency Information Collection Activities: Submission for OMB Review; Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2011-08-17

.... Project: SAMHSA SOAR Web-Based Data Form--NEW In 2009 the Substance Abuse and Mental Health Services... states. SOAR's primary objective is to improve the allowance rate for Social Security Administration (SSA... SAMHSA's direction developed a web-based data form that case managers can use to track the progress of...

49 CFR 571.209 - Standard No. 209; Seat belt assemblies.

Code of Federal Regulations, 2010 CFR

2010-10-01

.... (1) Eye bolts, shoulder bolts, or other bolt used to secure the pelvic restraint of seat belt... connecting webbing to an eye bolt shall be provided with a retaining latch or keeper which shall not move...) Single attachment hook for connecting webbing to any eye bolt shall be tested in the following manner...

49 CFR 393.104 - What standards must cargo securement devices and systems meet in order to satisfy the...

Code of Federal Regulations, 2010 CFR

2010-10-01

... tiedown assemblies. Tiedown assemblies (including chains, wire rope, steel strapping, synthetic webbing... . . . Must conform to . . . (1) Steel strapping 1,2 Standard Specification for Strapping, Flat Steel and... Association of Chain Manufacturers' Welded Steel Chain Specifications, dated September 28, 2005. 4 (3) Webbing...

49 CFR 393.104 - What standards must cargo securement devices and systems meet in order to satisfy the...

Code of Federal Regulations, 2011 CFR

2011-10-01

... tiedown assemblies. Tiedown assemblies (including chains, wire rope, steel strapping, synthetic webbing... . . . Must conform to . . . (1) Steel strapping 1,2 Standard Specification for Strapping, Flat Steel and... Association of Chain Manufacturers' Welded Steel Chain Specifications, dated September 28, 2005. 4 (3) Webbing...

76 FR 75890 - Agency Information Collection Activities: Solicitation of Proposal Information for Award of...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-12-05

... burden. DHS S&T uses a secure Web site which the public can propose SBIR research topics and submit... submit SBIR research topics and submit response to DHS SBIR solicitations. Additionally, electronic web... Innovative Research (SBIR) and Small Business Technology Transfer (STTR) programs 15 U.S.C. 628. For...

75 FR 71475 - Self-Regulatory Organizations; International Securities Exchange, LLC; Notice of Filing and...

Federal Register 2010, 2011, 2012, 2013, 2014

2010-11-23

... the Exchange's Web site http://www.ise.com , at the principal office of the Exchange, and at the...'') and various forms of alternative trading systems (``ATSs''), including dark pools and electronic..., please use only one method. The Commission will post all comments on the Commissions Internet Web site...

78 FR 3940 - Self-Regulatory Organizations; The NASDAQ Stock Market LLC; Notice of Filing and Immediate...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-01-17

... Report regarding a Nasdaq security through the NasdaqTrader.com Web site shall be determined in... improvement of web functionality and the inclusion of supplementary equity information, but has not increased... dark pools and electronic communication networks (``ECNs''). Each SRO market competes to produce...

Multimedia Information eXchange for I-NET, Inc. at the Kennedy Space Center: A continuing study of the application of worldwideweb technology

NASA Technical Reports Server (NTRS)

Metcalf, David

1995-01-01

Multimedia Information eXchange (MIX) is a multimedia information system that accommodates multiple data types and provides consistency across platforms. Information from all over the world can be accessed quickly and efficiently with the Internet-based system. I-NET's MIX uses the World Wide Web and Mosaic graphical user interface. Mosaic is available on all platforms used at I-NET's Kennedy Space Center (KSC) facilities. Key information system design concepts and benefits are reviewed. The MIX system also defines specific configuration and helper application parameters to ensure consistent operations across the entire organization. Guidelines and procedures for other areas of importance in information systems design are also addressed. Areas include: code of ethics, content, copyright, security, system administration, and support.

Countermeasures for Time-Cheat Detection in Multiplayer Online Games

NASA Astrophysics Data System (ADS)

Ferretti, Stefano

Cheating is an important issue in games. Depending on the system over which the game is deployed, several types of malicious actions may be accomplished so as to take an unfair and unexpected advantage over the game and over the (digital, human) adversaries. When the game is a standalone application, cheats typically just relate to the specific software code being developed to build the application. It is not a surprise to find (in the Web and in specialized magazines) people that explain cheats on specific games stating, for instance, which configuration files can be altered (and how to do it) to automatically gain some bonus during the game. To avoid this, game developers are hence motivated to build stable code, with related data that should be securely managed and made difficult to alter.

The Password Problem

DOE Office of Scientific and Technical Information (OSTI.GOV)

Walkup, Elizabeth

Passwords are an ubiquitous, established part of the Internet today, but they are also a huge security headache. Single sign-on, OAuth, and password managers are some of the solutions to this problem. OAuth is a new, popular method that allows people to use large, common authentication providers for many web applications. However, it comes at the expense of some privacy: OAuth makes users easy to track across websites, applications, and devices. Password managers put the power in the hands of the users, but this vulnerability survey reveals that you have to be extremely careful which program you choose. All inmore » all, password managers are the solution of choice for home users and small organizations, but large companies will probably want to invest in their own SSO solutions.« less

Privacy and anonymity in the information society - challenges for the European Union.

PubMed

Tsoukalas, Ioannis A; Siozos, Panagiotis D

2011-03-01

Electronic information is challenging traditional views on property and privacy. The explosion of digital data, driven by novel web applications, social networking, and mobile devices makes data security and the protection of privacy increasingly difficult. Furthermore, biometric data and radiofrequency identification applications enable correlations that are able to trace our cultural, behavioral, and emotional states. The concept of privacy in the digital realm is transformed and emerges as one of the biggest risks facing today's Information Society. In this context, the European Union (EU) policy-making procedures strive to adapt to the pace of technological advancement. The EU needs to improve the existing legal frameworks for privacy and data protection. It needs to work towards a "privacy by education" approach for the empowerment of "privacy-literate" European digital citizens.

Access and privacy rights using web security standards to increase patient empowerment.

PubMed

Falcão-Reis, Filipa; Costa-Pereira, Altamiro; Correia, Manuel E

2008-01-01

Electronic Health Record (EHR) systems are becoming more and more sophisticated and include nowadays numerous applications, which are not only accessed by medical professionals, but also by accounting and administrative personnel. This could represent a problem concerning basic rights such as privacy and confidentiality. The principles, guidelines and recommendations compiled by the OECD protection of privacy and trans-border flow of personal data are described and considered within health information system development. Granting access to an EHR should be dependent upon the owner of the record; the patient: he must be entitled to define who is allowed to access his EHRs, besides the access control scheme each health organization may have implemented. In this way, it's not only up to health professionals to decide who have access to what, but the patient himself. Implementing such a policy is walking towards patient empowerment which society should encourage and governments should promote. The paper then introduces a technical solution based on web security standards. This would give patients the ability to monitor and control which entities have access to their personal EHRs, thus empowering them with the knowledge of how much of his medical history is known and by whom. It is necessary to create standard data access protocols, mechanisms and policies to protect the privacy rights and furthermore, to enable patients, to automatically track the movement (flow) of their personal data and information in the context of health information systems. This solution must be functional and, above all, user-friendly and the interface should take in consideration some heuristics of usability in order to provide the user with the best tools. The current official standards on confidentiality and privacy in health care, currently being developed within the EU, are explained, in order to achieve a consensual idea of the guidelines that all member states should follow to transfer such principles into national laws. A perspective is given on the state of the art concerning web security standards, which can be used to easily engineer health information systems complying with the patient empowering goals. In conclusion health systems with the characteristics thus described are technically feasible and should be generally implemented and deployed.

Joint Force Quarterly. Issue 62, 3rd Quarter, July 2011

DTIC Science & Technology

2011-07-01

academic publishing house. It publishes books, journals, policy briefs, occasional papers , monographs, and special reports on national security strategy...to the link on the NDU Press Web site or write to: Editor, Joint Force Quarterly National Defense University Press 260 Fifth Avenue, S.W. (Building...military professionalism and has made them available on its Web site.1 INSEL is in the process of posting on its Web site a video of all the conference

GLobal Integrated Design Environment (GLIDE): A Concurrent Engineering Application

NASA Technical Reports Server (NTRS)

McGuire, Melissa L.; Kunkel, Matthew R.; Smith, David A.

2010-01-01

The GLobal Integrated Design Environment (GLIDE) is a client-server software application purpose-built to mitigate issues associated with real time data sharing in concurrent engineering environments and to facilitate discipline-to-discipline interaction between multiple engineers and researchers. GLIDE is implemented in multiple programming languages utilizing standardized web protocols to enable secure parameter data sharing between engineers and researchers across the Internet in closed and/or widely distributed working environments. A well defined, HyperText Transfer Protocol (HTTP) based Application Programming Interface (API) to the GLIDE client/server environment enables users to interact with GLIDE, and each other, within common and familiar tools. One such common tool, Microsoft Excel (Microsoft Corporation), paired with its add-in API for GLIDE, is discussed in this paper. The top-level examples given demonstrate how this interface improves the efficiency of the design process of a concurrent engineering study while reducing potential errors associated with manually sharing information between study participants.

PalmCIS: A Wireless Handheld Application for Satisfying Clinician Information Needs

PubMed Central

Chen, Elizabeth S.; Mendonça, Eneida A.; McKnight, Lawrence K.; Stetson, Peter D.; Lei, Jianbo; Cimino, James J.

2004-01-01

Wireless handheld technology provides new ways to deliver and present information. As with any technology, its unique features must be taken into consideration and its applications designed accordingly. In the clinical setting, availability of needed information can be crucial during the decision-making process. Preliminary studies performed at New York Presbyterian Hospital (NYPH) determined that there are inadequate access to information and ineffective communication among clinicians (potential proximal causes of medical errors). In response to these findings, the authors have been developing extensions to their Web-based clinical information system including PalmCIS, an application that provides access to needed patient information via a wireless personal digital assistant (PDA). The focus was on achieving end-to-end security and developing a highly usable system. This report discusses the motivation behind PalmCIS, design and development of the system, and future directions. PMID:14527976

A Weakest Precondition Approach to Robustness

NASA Astrophysics Data System (ADS)

Balliu, Musard; Mastroeni, Isabella

With the increasing complexity of information management computer systems, security becomes a real concern. E-government, web-based financial transactions or military and health care information systems are only a few examples where large amount of information can reside on different hosts distributed worldwide. It is clear that any disclosure or corruption of confidential information in these contexts can result fatal. Information flow controls constitute an appealing and promising technology to protect both data confidentiality and data integrity. The certification of the security degree of a program that runs in untrusted environments still remains an open problem in the area of language-based security. Robustness asserts that an active attacker, who can modify program code in some fixed points (holes), is unable to disclose more private information than a passive attacker, who merely observes unclassified data. In this paper, we extend a method recently proposed for checking declassified non-interference in presence of passive attackers only, in order to check robustness by means of weakest precondition semantics. In particular, this semantics simulates the kind of analysis that can be performed by an attacker, i.e., from public output towards private input. The choice of semantics allows us to distinguish between different attacks models and to characterize the security of applications in different scenarios.

77 FR 74278 - Proposed Information Collection (Internet Student CPR Web Registration Application); Comment Request

Federal Register 2010, 2011, 2012, 2013, 2014

2012-12-13

... (Internet Student CPR Web Registration Application); Comment Request AGENCY: Veterans Health Administration... web registration application. DATES: Written comments and recommendations on the proposed collection.... Title: Internet Student CPR Web Registration Application, VA Form 10-0468. OMB Control Number: 2900-0746...

Geothopica and the interactive analysis and visualization of the updated Italian National Geothermal Database

NASA Astrophysics Data System (ADS)

Trumpy, Eugenio; Manzella, Adele

2017-02-01

The Italian National Geothermal Database (BDNG), is the largest collection of Italian Geothermal data and was set up in the 1980s. It has since been updated both in terms of content and management tools: information on deep wells and thermal springs (with temperature > 30 °C) are currently organized and stored in a PostgreSQL relational database management system, which guarantees high performance, data security and easy access through different client applications. The BDNG is the core of the Geothopica web site, whose webGIS tool allows different types of user to access geothermal data, to visualize multiple types of datasets, and to perform integrated analyses. The webGIS tool has been recently improved by two specially designed, programmed and implemented visualization tools to display data on well lithology and underground temperatures. This paper describes the contents of the database and its software and data update, as well as the webGIS tool including the new tools for data lithology and temperature visualization. The geoinformation organized in the database and accessible through Geothopica is of use not only for geothermal purposes, but also for any kind of georesource and CO2 storage project requiring the organization of, and access to, deep underground data. Geothopica also supports project developers, researchers, and decision makers in the assessment, management and sustainable deployment of georesources.

Development of a Smart Mobile Data Module for Fetal Monitoring in E-Healthcare.

PubMed

Houzé de l'Aulnoit, Agathe; Boudet, Samuel; Génin, Michaël; Gautier, Pierre-François; Schiro, Jessica; Houzé de l'Aulnoit, Denis; Beuscart, Régis

2018-03-23

The fetal heart rate (FHR) is a marker of fetal well-being in utero (when monitoring maternal and/or fetal pathologies) and during labor. Here, we developed a smart mobile data module for the remote acquisition and transmission (via a Wi-Fi or 4G connection) of FHR recordings, together with a web-based viewer for displaying the FHR datasets on a computer, smartphone or tablet. In order to define the features required by users, we modelled the fetal monitoring procedure (in home and hospital settings) via semi-structured interviews with midwives and obstetricians. Using this information, we developed a mobile data transfer module based on a Raspberry Pi. When connected to a standalone fetal monitor, the module acquires the FHR signal and sends it (via a Wi-Fi or a 3G/4G mobile internet connection) to a secure server within our hospital information system. The archived, digitized signal data are linked to the patient's electronic medical records. An HTML5/JavaScript web viewer converts the digitized FHR data into easily readable and interpretable graphs for viewing on a computer (running Windows, Linux or MacOS) or a mobile device (running Android, iOS or Windows Phone OS). The data can be viewed in real time or offline. The application includes tools required for correct interpretation of the data (signal loss calculation, scale adjustment, and precise measurements of the signal's characteristics). We performed a proof-of-concept case study of the transmission, reception and visualization of FHR data for a pregnant woman at 30 weeks of amenorrhea. She was hospitalized in the pregnancy assessment unit and FHR data were acquired three times a day with a Philips Avalon® FM30 fetal monitor. The prototype (Raspberry Pi) was connected to the fetal monitor's RS232 port. The emission and reception of prerecorded signals were tested and the web server correctly received the signals, and the FHR recording was visualized in real time on a computer, a tablet and smartphones (running Android and iOS) via the web viewer. This process did not perturb the hospital's computer network. There was no data delay or loss during a 60-min test. The web viewer was tested successfully in the various usage situations. The system was as user-friendly as expected, and enabled rapid, secure archiving. We have developed a system for the acquisition, transmission, recording and visualization of RCF data. Healthcare professionals can view the FHR data remotely on their computer, tablet or smartphone. Integration of FHR data into a hospital information system enables optimal, secure, long-term data archiving.