An Enhanced Access Control Mechanism for Mobile Cloud Computing

Cloud computing is the emerging technology where resources are available pay as you go basis. Cloud storage technology provides the large pool of storage capacity to the cloud users. Providing security to the data stored in cloud is the major concern. So, Security can be enhanced by providing access control to the authorized users. Access control gives the authorization to the users which gives the access privileges on data and other resources. Access control can be enabled in most of the computing environment such as Peer to Peer, Grid and Cloud.Access control is an important measure for the protection of information and system resources to prevent illegitimate users from getting access to protected objects and legitimate users from attempting to access the objects in ways that exceed what they are allowed. The restriction placed on access from a subject to an object is determined by the access policy. With the rapid development of cloud computing, cloud security has increasingly become a common concern and should be dealt with seriously. In this paper, an enhanced access control mechanism is proposed with hierarchical attribute-based access control method.

Controllable and decomposable multidirectional synchronizations

Studying large-scale collaborative systems engineering projects across teams with differing intellectual property clearances, or healthcare solutions where sensitive patient data needs to be partially shared, or similar multi-user information systems over databases, all boils down to a common mathematical framework. Updateable views (lenses) and more generally bidirectional transformations are abstractions to study the challenge of exchanging information between participants with different read access privileges. The view provided to each participant must be different due to access control or other limitations, yet also consistent in a certain sense, to enable collaboration towards common goals. A collaboration system must apply bidirectional synchronization to ensure that after a participant modifies their view, the views of other participants are updated so that they are consistent again. While bidirectional transformations (synchronizations) have been extensively studied, there are new challenges that are unique to the multidirectional case. If complex consistency constraints have to be maintained, synchronizations that work fine in isolation may not compose well. We demonstrate and characterize a failure mode of the emergent behaviour, where a consistency restoration mechanism undoes the work of other participants. On the other end of the spectrum, we study the case where synchronizations work especially well together: we characterize very well-behaved multidirectional transformations, a non-trivial generalization from the bidirectional case. For the former challenge, we introduce a novel concept of controllability, while for the latter one, we propose a novel formal notion of faithful decomposition. Additionally, the paper proposes several novel properties of multidirectional transformations.

Practical Multiauthority Attribute-Based Access Control for Edge-Cloud-Aided Internet of Things

With the assistance of edge computing which reduces the heavy burden of the cloud center server by using the network edge servers, the Internet of Things (IoTs) architectures enable low latency for real-time devices and applications. However, there still exist security challenges on data access control for the IoT. Multiauthority attribute-based encryption (MA-ABE) is a promising technique to achieve access control over encrypted data in cross-domain applications. Based on the characteristics and technical requirements of the IoT, we propose an efficient fine-grained revocable large universe multiauthority access control scheme. In the proposed scheme, the most expensive encryption operations have been executed in the user’s initialization phase by adding a reusable ciphertext pool besides splitting the encryption algorithm to online encryption and offline encryption. Massive decryption operations are outsourced to the near-edge servers for reducing the computation overhead of decryption. An efficient revocation mechanism is designed to change users’ access privileges dynamically. Moreover, the scheme supports ciphertext verification. Only valid ciphertext can be stored and transmitted, which saves system resources. With the help of the chameleon hash function, the proposed scheme is proven CCA2-secure under the q-DPBDHE2 assumption. The performance analysis results indicate that the proposed scheme is efficient and suitable in edge computing for the IoT.

Remote introductory pharmacy practice experiences focused on veterans prescribed chronic opioid therapy

Purpose The Department of Veterans Affairs (VA) Northern California Health Care System (NCHCS) uses a dashboard to identify monitoring needs for veterans prescribed chronic opioid therapy (COT). Schools of pharmacy require introductory pharmacy practice experiences (IPPEs); however, resources for providing IPPEs at medical facilities are limited. This article describes collaboration by a primary care service and a school of pharmacy to provide services for patients prescribed COT through remote access to the VA electronic health record (EHR) system. Summary Pharmacy students in a required population health IPPE provided clinical services for veterans remotely. Students were supervised by VA clinical pharmacists and granted remote EHR access privileges. Using personally owned laptops and VA cell phones, students performed prescription drug monitoring program (PDMP) activities, reviewed urine drug screening (UDS) results, called patients to assess pain, and documented progress notes. Students completed an assessment on the first and final days of the experience; a retrospective analysis was conducted to examine differences in student knowledge of and confidence in providing COT-focused services. The dashboard scorecard and student workload were tracked over a 1-year period. In that year, 143 students wrote 7,001 PDMP notes, reviewed 6,130 UDS results, and documented 202 pain assessments. Statistically significant improvements were reported in students’ level of confidence in performing population health activities for patients prescribed COT, including interpreting PDMP and UDS results and talking with patients. Conclusion The ongoing collaboration provides real-world population management experiences for future pharmacists and supports monitoring requirements for veterans prescribed COT. The program has helped NCHCS accomplish its teaching mission without dedicating clinic workspace or computers and gain an additional team to address quality measures and support population health activities.

Survey on Identity and Access Management for Internet of Things

The Internet of Things (IoT) encompasses a large number of connected devices, generating and sharing different types of data among themselves. These data enable the creation of society-changing applications, such as health monitoring and autonomous vehicles. Under this context, protecting the access of these connected devices and their data is critical to IoT applications’ success, since a single data breach can incur into a cascade effect, which leads to devastating consequences. Identity and Access Management (IAM) systems provide mechanisms to identify individuals at the network and determine their access privileges, thus avoiding inappropriate access. However, the current IAMs system struggles to provide the scale or manage the complex relationships that IoT brings. In this work, we present a comprehensive state-of-the-art survey of IAMs and the main concepts and challenges when applied to IoT. First, we overview the IoT technology, giving its essential characteristics and communication architectures and its main applications. Then, we present IAMs state-of-the-art and the main concepts, existing architectures, and challenges. Finally, we focus on current IAMs that aims to tackle the IoT complexity, along with an in-depth analysis of their proposals and future directions in the field.

PRIVACY AND SECURITY FOR TELEHEALTH DEVICES

In this research, we study the privacy and security capabilities provided by telehealth devices. Our aim is to evaluate how vulnerable these popular devices are in the presence of malicious cyber attackers. As older adults increasingly rely on telehealth devices, it is crucial that cybersecurity aspects of these devices are clearly communicated to them. Moreover, older adults frequently lack the technical expertise to evaluate the security and privacy capabilities of the devices. The lack of control over telehealth devices is a major concern for older adults. Older adults view certain limitations within these devices as decreasing their privacy and security. These limitations include the lack of control over accepting calls, taking screenshots, and assigning access privileges. For large scale adaptation of telehealth devices by older adults, it is crucial that these devices not only satisfy their intended purpose but also exhibit user friendly features and strong security and privacy capabilities. Modeling cyber threats against telehealth devices is not studied sufficiently . Malicious actors may compromise telehealth devices and create further threats to security and privacy of the users. In this research, we studied the cyber threats against telehealth devices. We built a threat model that ranks cyber threats based on their impact. We investigated how the operating system of popular devices supports access control. We found that none of the current technologies support location-based access control. We claim that this represents a major limitation and that supporting location-based access control is necessary to ensure users’ privacy in their own home.

Canadian Supercomputer Threat Assessment and Potential Responses

Four key events are addressed in this briefing note. Key event one is the announcement in April and May of 2017 with the launch of two supercomputers in Canada (Graham at University of Waterloo; Cedar at Simon Fraser University) and a third (Niagara at The University of Toronto) using Compute Canada’s Resources Allocation (Compute Canada, 2018a). Key event two is the announcement that Huawei Canada is building Graham’s operating system (Feldman, 2017). Key event three entails CSIS being warned by the US Senators (Rep. Sen Marco Rubio and Dem. Sen Mark Warner) about the possibility of China and Russia spying on Canada. Key event four, the United States has reportedly banned sales of Huawei products on US military bases (Bronskill, 2018; Collins, 2018). This briefing note is particularly relevant as Compute Canada is now preparing for 2019 resource allocation; there may be a raised/elevated security risk of economic espionage intellectual property theft and abusing education access privileges which need to be considered (SFU Innovates Staff, 2018).