367 research outputs found
Encrypted Shared Data Spaces
The deployment of Share Data Spaces in open, possibly hostile, environments arises the need of protecting the confidentiality of the data space content. Existing approaches focus on access control mechanisms that protect the data space from untrusted agents. The basic assumption is that the hosts (and their administrators) where the data space is deployed have to be trusted. Encryption schemes can be used to protect the data space content from malicious hosts. However, these schemes do not allow searching on encrypted data. In this paper we present a novel encryption scheme that allows tuple matching on completely encrypted tuples. Since the data space does not need to decrypt tuples to perform the search, tuple confidentiality can be guaranteed even when the data space is deployed on malicious hosts (or an adversary gains access to the host). Our scheme does not require authorised agents to share keys for inserting and retrieving tuples. Each authorised agent can encrypt, decrypt, and search encrypted tuples without having to know other agents’ keys. This is beneficial inasmuch as it simplifies the task of key management. An implementation of an encrypted data space based on this scheme is described and some preliminary performance results are given
Omalizumab, an anti-immunoglobulin E antibody: state of the art
Cristoforo Incorvaia,1 Marina Mauro,2 Marina Russello,2 Chiara Formigoni,3 Gian Galeazzo Riario-Sforza,1 Erminia Ridolo41Allergy/Pulmonary Rehabilitation, Istituti Clinici di Perfezionamento Hospital, Milan, Italy; 2Allergy Unit, 3Scientific Library, Sant'Anna Hospital, Como, Italy; 4Department of Clinical and Experimental Medicine, University of Parma, Parma, ItalyAbstract: A large number of trials show that the anti-immunoglobulin (Ig) E antibody omalizumab is very effective in patients with severe allergic asthma. This is acknowledged in consensus documents. The drug also has a good safety profile and a pharmacoeconomic advantage due to a reduction in the number of hospitalizations for asthma attacks. In recent years, some studies have shown that omalizumab is effective also in nonallergic asthma. Effects on the complex signaling mechanisms leading to activation of effector cells and to mediator release may account for this outcome. Indeed, omalizumab has been reported to be effective in a number of IgE-mediated and non-IgE-mediated disorders. Concerning the former, clinical efficacy has been observed in rhinitis, allergic bronchopulmonary aspergillosis, latex allergy, atopic dermatitis, allergic urticaria, and anaphylaxis. In addition, omalizumab has been demonstrated to be able to prevent systemic reactions to allergen immunotherapy, thus enabling completion of treatment in patients who otherwise would have to stop it. Concerning non-IgE-mediated disorders, omalizumab has been reported to be effective in nasal polyposis, autoimmune urticaria, chronic idiopathic urticaria, physical urticaria, idiopathic angioedema, and mastocytosis. Current indications for treatment with omalizumab are confined to severe allergic asthma. Consequently, any other prescription can only be off-label. However, it is reasonable to expect that the use of omalizumab will be approved for particularly important indications, such as anaphylaxis, in the near future.Keywords: hypersensitivity, immunoglobulin E, anti-IgE, omalizumab, asthma, atopic dermatitis, anaphylaxis, urticaria, mastocytosi
A Consent-based Workflow System for Healthcare Systems
In this paper, we describe a new framework for healthcare systems where patients are able to control the disclosure of their medical data. In our framework, the patient's consent has a pivotal role in granting or removing access rights to subjects accessing patient's medical data. Depending on the context in which the access is being executed, different consent policies can be applied. Context is expressed in terms of workflows. The execution of a task in a given workflow carries the necessary information to infer whether the consent can be implicitly retrieved or should be explicitly requested from a patient. However, patients are always able to enforce their own decisions and withdraw consent if necessary. Additionally, the use of workflows enables us to apply the need-to-know principle. Even when the patient's consent is obtained, a subject should access medical data only if it is required by the actual situation. For example, if the subject is assigned to the execution of a medical diagnosis workflow requiring access to the patient's medical record. We also provide a complex medical case study to highlight the design principles behind our framework. Finally, the implementation of the framework is outlined
Flexible Resolution of Authorisation Conflicts in Distributed Systems
Flexible Resolution of Authorisation Conflicts in Distributed System
Intra- and Inter-Population Genetic Diversity of “Russello” and “Timilia” Landraces from Sicily: A Proxy towards the Identification of Favorable Alleles in Durum Wheat
Climate change and global population growth call for urgent recovery of genetic variation from underexploited or unexplored durum wheat (Triticum turgidum ssp. durum) landraces. Indeed, these untapped genetic resources can be a valuable source of favorable alleles for environmental adaptation and tolerance or resistance to (a)biotic stress. In southern Italy, in addition to the widespread modern and highly productive durum wheat cultivars, various landraces have been rediscovered and reused for their adaptation to sustainable and low-input cropping systems and for their peculiar qualitative characteristics. Sicily is a semiarid area rich in landraces, some of which are independently reproduced by many farmers. Among these, “Timilia” and “Russello” have been independently grown in various areas and are now cultivated, mostly under organic systems, for their hypothetical greater benefits and height, which give them a high level of competitiveness against weeds despite their low yield potential. So far, there is little information on the genetic variations of “Timilia” and “Russello” despite their putative origin from a common funder. This work aims to dissect the genetic variation patterns of two large germplasm collections of “Timilia” and “Russello” using SNP genotyping. The analysis of intra- and inter-population genetic variation and the identification of divergent loci between genetic groups showed that (i) there are two “Russello” genetic groups associated with different Sicilian geographical areas, which differ in important traits related to gluten quality and adaptation, and (ii) the individuals of “Timilia”, although presenting wide genetic variation, have undergone a conservative selection, likely associated with their distinctive traits. This work paves the way for a deeper exploration of the wide genetic diversity in Sicilian landraces, which could be conveniently exploited in future breeding programs, and points out that intra-population genetic diversity should be taken into account when ‘conservation varieties’ are to be registered in national registers of crops
Emergency access control management via attribute based encrypted QR codes
In dynamic environments such as disaster management, mechanisms for the controlled override of access restrictions, a.k.a. break-glass need to be supported. These access control mechanisms should ensure access to facilities, for example, an office building, in an emergency situation, without relying on the use of an online authentication server as connectivity might not be available. In this paper, we propose a break-glass access control mechanism based on a novel use of QR codes, Shamir's Secret Sharing Scheme and Attribute Based Encryption. Our proposed solution is such that a secret access key is split using Shamir's secret sharing scheme and encrypted using attribute based encryption, then encoded in a QR code. Subsequently, emergency actors scan the QR code and recover the individual secret key using their attributes satisfying an access policy associated with the ciphertext. The novelty of our solution lies in the fact that a flexible access control is ensured only when a sufficient number of authorized users collaborate to get access to a building without requiring an online third party. In addition, the access secret key is only decrypted by the authorized users thanks to the use of an attribute based encryption scheme. Finally, we demonstrate the feasibility and the efficiency of the solution by implementing a prototype and analysing its performance
ESPOONERBAC: Enforcing Security Policies in Outsourced Environments
Data outsourcing is a growing business model offering services to individuals and enterprises for processing and storing a huge amount of data. It is not only economical but also promises higher availability, scalability, and more effective quality of service than in-house solutions. Despite all its benefits, data outsourcing raises serious security concerns for preserving data confidentiality. There are solutions for preserving confidentiality of data while supporting search on the data stored in outsourced environments. However, such solutions do not support access policies to regulate access to a particular subset of the stored data. For complex user management, large enterprises employ Role-Based Access Controls (RBAC) models for making access decisions based on the role in which a user is active in. However, RBAC models cannot be deployed in outsourced environments as they rely on trusted infrastructure in order to regulate access to the data. The deployment of RBAC models may reveal private information about sensitive data they aim to protect. In this paper, we aim at filling this gap by proposing ESPOON"E"R"B"A"C for enforcing RBAC policies in outsourced environments. ESPOON"E"R"B"A"C enforces RBAC policies in an encrypted manner where a curious service provider may learn a very limited information about RBAC policies. We have implemented ESPOON"E"R"B"A"C and provided its performance evaluation showing a limited overhead, thus confirming viability of our approach
- …
