1,720,978 research outputs found
A matter of confidence : privacy compliance for connected-up enterprises
No full textGovernments around the world are increasingly investing in information and communications technology (ICT) as a means of improving service delivery to citizens. Government ICT adoption is also being driven by a desire to streamline information accessibility and information flows within government - both between different levels of government and between different departments at the same level. Increasing the availability of information internally and to citizens has clear and compelling benefits but it also carries risks that must be carefully managed. This talk will examine the implications of such E-government initiatives for a range of compliance obligations, with a focus on information privacy. It will review recent developments in the area of systems-based enforcement of privacy policies and the particular privacy challenges presented by the aggregation of geospatial information
Delegation constraint management
No full textThe paper addresses the issue of providing\ud
access control via delegation and constraint management across multiple security domains. Specifically, this\ud
paper proposes a novel Delegation Constraint Management model to manage and enforce delegation constraints\ud
across security domains. An algorithm to trace the authority of delegation constraints is introduced as well\ud
as an algorithm to form a delegation constraint set and\ud
detect/prevent potential conflicts. The algorithms and\ud
the management model are built upon a set of formal\ud
definitions of delegation constraints. In addition, a constraint profile based on XACML is proposed as a means\ud
to express the delegation constraint. The paper also includes a protocol to exchange delegation constraints (in\ud
the form of user commitments) between the involved\ud
entities in the delegation process
Access control : allocating resources to selfish agents
No full textThe ultimate goal of an authorisation system is to allocate each user the level of access they need to complete their job - no more and no less. This proves to be challenging in an organisational setting because on one hand employees need enough access to perform their tasks, while on the other hand more access will bring about an increasing risk of misuse - either intentionally, where an employee uses the access for personal benefit, or unintentionally through carelessness, losing the information or being socially engineered to give access to an adversary. With the goal of developing a more dynamic authorisation model, we have adopted a game theoretic framework to reason about the factors that may affect users’ likelihood to misuse a permission at the time of an access decision. Game theory provides a useful but previously ignored perspective in authorisation theory: the notion of the user as a self-interested player who selects among a range of possible actions depending on their pay-offs
Security Considerations for Conducted and Radiated Emissions
No full textUseful information may be leaked by digital electronic circuits in their conducted and radiated electromagnetic emissions. The leakage signals can be captured and analysed using side-channel analysis techniques. This paper describes a current research project to explore the application of statistical analysis to measured electromagnetic emissions from a smart card system. Experimental results showed that logic state switching transient currents contain information related to the hamming weights of processed data. A differential side channel analysis (DSCA) technique was applied and it demonstrated that good correlation could be obtained when a correct sub-key was encountered
Going Beyond Counting First Authors in Author Co-citation Analysis
Full text linkThe present study examines one of the fundamental aspects of author co-citation analysis (ACA) - the way co-citation
counts are defined. Co-citation counting provides the data on which all subsequent statistical analyses and mappings
are based, and we compare ACA results based on two different types of co-citation counting - the traditional type that
only counts the first one among a cited work's authors on the one hand and a non-traditional type that takes into
account the first 5 authors of a cited work on the other hand. Results indicate that the picture produced through this non-traditional author co-citation counting contains more coherent author groups and is therefore considerably clearer. However, this picture represents fewer specialties in the research field being studied than that produced through the traditional first-author co-citation counting when the same number of top-ranked authors is selected and analyzed. Reasons for these effects are discussed
Towards authorisation models for secure information sharing : a survey and research agenda
No full textThis article presents a survey of authorisation models and considers their ‘fitness-for-purpose’ in facilitating information sharing. Network-supported information sharing is an important technical capability that underpins collaboration in support of dynamic and unpredictable activities such as emergency response, national security, infrastructure protection, supply chain integration and emerging business models based on the concept of a ‘virtual organisation’. The article argues that present authorisation models are inflexible and poorly scalable in such dynamic environments due to their assumption that the future needs of the system can be predicted, which in turn justifies the use of persistent authorisation policies. The article outlines the motivation and requirement for a new flexible authorisation model that addresses the needs of information sharing. It proposes that a flexible and scalable authorisation model must allow an explicit specification of the objectives of the system and access decisions must be made based on a late trade-off analysis between these explicit objectives. A research agenda for the proposed Objective-based Access Control concept is presented
An administrative model for UCON
No full textUCON is an emerging access control framework that lacks an administration model. In this paper we define the problem of administration and propose a novel administrative model. At the core of this model is the concept of attribute, which is also the central component of UCON. In our model, attributes are created by the assertions of subjects, which ascribe properties/rights to other subjects or objects. Through such a treatment of attributes, administration capabilities can be delegated from one subject to another and as a consequence UCON is improved in three aspects. First, immutable attributes that are currently considered as external to the model can be incorporated and thereby treated as mutable at- tributes. Second, the current arbitrary categorisation of users (as modifiers of attributes), to system and administrator can be removed. Attributes and objects are only modifiable by those who possess administration capability over them. Third, the delegation of administration over objects and properties that is not currently expressible in UCON is made possible
Digital rights management (DRM) : managing digital rights for open access
No full textWhen one mentions the term digital rights management (DRM), the immediate perception is of a copyright owner seeking to further exploit their product for economic reward. This article explains the nonrivalrous nature of information and how intellectual property rights can also be used to manage digital content for open access. In short DRM should be seen as being capable of facilitating not only restricted access but also facilitating open access. The paradigm shift proposed is for us to conceptualise DRM as being about the management of intellectual propert rights either for an open or restrictive purpose
Variations on the Author
Full text link“Variations on the Author” discusses two of Eduardo Coutinho’s recent films (Um Dia na Vida, from 2010, and Últimas Conversas, posthumously released in 2015) and their contribution to the general question of documentary authorship. The director’s filmography is characterized by a consistent yet self-effacing form of authorial self-inscription: Coutinho often features as an interviewer that rather than express opinions propels discourses; an interviewer that is good at listening. This mode of self-inscription characterizes him as an author who is not expressive but who is nonetheless markedly present on the screen. In Um Dia na Vida, however, Coutinho is completely absent form the image, while Últimas Conversas, on the contrary, includes a confessional prologue that moves the director from the margins to the center of his films. This article examines the ways in which these works stand out in the filmography of a director who offers new insights into the notion of cinematic authorship
- …
