Least Privileges and Role’s Inheritance of RBAC

The main advantages of role-based access control （RBAC） are able to support the well-known security principles and roles＇inheritance. But for there remains a lack of specific definition and the necessary formalization for RBAC, it is hard to realize RBAC in practical work. Our contribution here is to formalize the main relations of RBAC and take first step to propose concepts of action closure and deta closure of a role, based on which we got the specification and algorithm for the least privileges of a role. We propose that roles＇ inheritance should consist of inheritance of actions and inheritance of data, and then we got the inheritance of privileges among roles, which can also be supported by existing exploit tools.

MEMBER PRIVILEGES——Each of the Shanghai Cooperation Organization members finds its own national interests served within the regional organization

Facing common security threats, leaders of six countries-Russia, China, Kazakhstan, Kyrgyzstan, Tajikistan and Uzbekistan-established the Shanghai Cooperation Organization in June 2001 to maintain regional stability and security, fight terrorism and extremism, prevent conflicts and enhance economic cooperation. The SCO's primary goals are economic cooperation and fighting terrorism.

IAM Excellence: Exploring Saviynt’s Role in Modern Information Technology

Organizations may increase data security and operational efficiency by connecting Salesforce with Identity and Access Management (IAM) systems like Saviynt. This study delves deeply into the details of this revolution that is being encouraged to shift towards IAM software and potential drawbacks such as excessive provisioning and implementation issues. The study illuminated excellent practices and emphasized the importance of constant monitoring by using secondary theme analysis and qualitative research as proof. The findings indicate Saviynt as a viable solution and provide detailed information for firms seeking a smooth and secure integration path.

Logical Image Acquisition and Analysis of Android Smartphones

Android smartphones largely dominate the smartphone market. For this reason, it is very important to examine these smartphones in terms of digital forensics since they are often used as evidence in trials. It is possible to acquire a physical or logical image of these devices. Acquiring physical and logical images has advantages and disadvantages compared to each other. Creating the logical image is done at the file system level. Analysis can be made on this logical image. Both logical image acquisition and analysis of the image can be done by software tools. In this study, the differences between logical image and physical image acquisition in Android smartphones, their advantages and disadvantages compared to each other, the difficulties that may be encountered in obtaining physical images, which type of image contributes to obtaining more useful and effective data, which one should be preferred for different conditions, and the benefits of having root authority are discussed. The practice of getting the logical image of the Android smartphones and making an analysis on the image is also included. Although root privileges are not required for logical image acquisition, it has been observed that very limited data will be obtained with the logical image created without root privileges. Nevertheless, logical image acquisition has advantages too against physical image acquisition.

Saviynt Meets GCP: A Deep Dive into Integrated IAM for Modern Cloud Security

The Google Cloud Platform (GCP) is a popular choice for companies seeking a comprehensive cloud computing solution because it provides everything from essential computing resources to powerful data analytics and machine learning capabilities. Saviynt is a cloud-based Identity and Access Management (IAM) system that integrates with Google Cloud Platform (GCP) and other services for additional functionality. However, other problems are associated with the transition, such as the requirement to correctly integrate IAM Saviynt into current IT infrastructures and provide comprehensive training to users on the new system. The paper will give a detailed review of the advantages, disadvantages, and best practices related to this transition.

Stricter national standards are required for credentialing of endoscopic-retrograde-cholangiopan-creatography in the United States

Endoscopic-retrograde-cholangiopancreatography(ERCP) is now a vital modality with primarily therapeutic and occasionally solely diagnostic utility for numerous biliary/pancreatic disorders. It has a significantly steeper learning curve than that for other standard gastrointestinal(GI) endoscopies, such as esophagogastroduodenoscopy or colonoscopy, due to greater technical difficulty and higher risk of complications. Yet, GI fellows have limited exposure to ERCP during standard-three-year-GI-fellowships because ERCP is much less frequently performed than esophagogastroduodenoscopy/colonoscopy. This led to adding an optional year of training in therapeutic endoscopy. Yet many graduates from standard three-year-fellowships without advanced training intensely pursue independent/unsupervised ERCP privileges despite inadequate numbers of performed ERCPs and unacceptably low rates of successful selective cannulation of desired(biliary or pancreatic) duct. Hospital credentialing committees have traditionally performed ERCP credentialing, but this practice has led to widespread flouting of recommended guidelines(e.g., planned privileging of applicant with 20% successful cannulation rate, or after performing only 7 ERCPs);and intense politicking of committee members by applicants, their practice groups, and potential competitors. Consequently, some gastroenterologists upon completing standard fellowships train and learn ERCP 'on the job' during independent/unsupervised practice, which can result in bad outcomes: high rates of failed bile duct cannulation. This severe clinical problem is indicated by publication of ≥ 12 ERCP competency studies/guidelines during last 5 years. However, lack of mandatory, quantitative, ERCP credentialing criteria has permitted neglect of recommended guidelines. This work comprehensively reviews literature on ERCP credentialing;reviews rationales for proposed guidelines;reports problems with current system;and proposes novel criteria for competency. This work advocates for mandatory, national, written,minimum, quantitative, standards, including cognitive skills(possibly assessed by a nationwide examination), and technical skills, assessed by number performed(≥ 200-250 ERCPs), types of ERCPs, success rate(approximately ≥ 90%cannulation of desired duct), and letters of recommendation by program director/ERCP mentor. Mandatory criteria should ideally not be monitored by a hospital committee subjected to intense politicking by applicants, their employers, and sometimes even competitors, but an independent national entity,like the National Board of Medical Examiners/American Board of Internal Medicine.

Fas ligand expression in colon cancer:A possible mechanism of tumor immune privilege

AIM: To detect the expression of Fas ligand (FasL) in colon cancer tissues and cell lines and analyze the function of FasL-expressing colon cancer cells in inducing Fas-sensitive T lymphocyte apoptosis. METHODS: Ninety surgically resected colon cancer tissues and 15 hepatic metastasis specimens were investigatedby immunohistochemical method with normal colon mucosa and colon adenoma as control. The relationship between FasL expression and pathologic features was also analyzed.FasL expression of 4 colon cancer cell lines, SW620, Lovo, LS-174T and SW1116, were detected by Western blotting assay. The function of FasL expressed on colon cancer cells was determined by coculture assay with Jurkat T lymphocytes, the apoptotic rate of which was detectedby flow cytometry assay.RESULTS: Fifty-six (62.22%) cases of all the 90 colon cancer tissues and all (100%) the liver metastasis specimens expressed FasL, significantly higher than normal colon mucosa and colonic adenoma. Higher expression of FasL was found in more advanced stage of colon cancer and in cancer tissues with lymphatic or hepatic metastasis.All the colon cancer cell lines were found to express FasL.After coculture with the SW1116 cells for 24 h with an effector: target ratio 10:1, the rate of apoptosis of Jurkat cells rose from 1.9% to 21.0%.CONCLUSION: The expression of FasL is upregulated in colon cancer and the functionally expressed FasL can induce apoptosis of Fas-expressing T lymphocytes.

Privilege Flow Oriented Intrusion Detection Based on Hidden Semi-MarkovModel

A privilege flow oriented intrusion detection method based on HSMM (Hidden semi-Markov Model) is discussed. The privilege flow model and HSMM are incorporated in the implementation of an anomaly detection IDS (Intrusion Detection System). Using the dataset of DARPA 1998, our experiment results reveal good detection performance and acceptable computation cost.

A Privilege Separation Method for Security Commercial Transactions

Privilege user is needed to manage the commercial transactions, but a super-administrator may have monopolize power and cause serious security problem. Relied on trusted computing technology, a privilege separation method is proposed to satisfy the security management requirement for information systems. It authorizes the system privilege to three different managers, and none of it can be interfered by others. Process algebra Communication Sequential Processes is used to model the three powers mechanism, and safety effect is analyzed and compared.

Database Security and Supervisory Method in Oracle

This paper discusses how to use the security measurements, such as privileges, roles, views, stored procedures and triggers, to ensure the safety of a database system. This paper also gives an example of making use of some special views of ORACLE DATA DICTIONARY to track the security records of a database system.

Research on User Permission Isolation for Multi-Users Service-Oriented Program

For the super user privilege control problem in system services, a user permission isolation method is proposed. Based on virtualization technology, the permission limited environments are constructed for different users. According to privilege sets, the users, mapping relations are built among users, isolated domains and program modules. Besides, we give an algorithm for division of program permissions based on Concept Lattices. And the security strategies are designed for different isolated domains. Finally, we propose the implications of least privilege, and prove that the method eliminates the potential privileged users in system services.

Effect of Vasocation Intestinal Peptide on Immune Privilege of the Rat Testis

Objective To study the effect of vasocation intestinal peptide （VIP） on immune privilege of the rat testis. Methods The UU infected SD rats and Leydig cells were intervened by VIP, the secretion of TGF-β and the expression of FasL in rat Leydig cells were compared between VIP-intervened group and control group to test the effect of VIP on immune privilege of the rat testis in vitro and in vivo. Results In vitro, the secretion of TGF-β in Leydig cells could be increased by low dosage of VIP while inhibitited by high dosage of VIP; expression of FasL mRNA in Leydig cells could be decreased by VIP In vivo, increased expression of TGF-β mRNA and decreased FasL mRNA were observed in VIP group in 2-3 weeks after infected by UU. In addition, the apoptosis of Jurkat cells mediated by Leydig cells could be prevented by VIP Conclusion When Leydig cells or testis infected by UU, VIP could regulate the immune function of rat Leydig cells and participate in the regulation of immune privilege of testis through the regulation of TGF-β secretion and FasL expression pattern of Leydig cells.

Effects of Ureaplasma Urealyticum on Fas Ligand Expression in Rat Sertoli Cell

To investigate the effect of ureaplasma urealyticum (UU) on the expression of Fas ligand (FasL) on rat Sertoli cell Materials & Method Isolated rat Sertoli cells were infected by living UU, UU super- natants, inactivated UU, then Fluorescence Activated Cell Sorter and observed fluores- cence microscopy were used to assay for the FasL expression on the surface of Sertoli cells. Results UU infection could increase the expression of FasL in Sertoli cell. Conclusion The functional expression of FasL is related to the immune privilege and can give the immune regulation on the testis.

Endoscopic retrograde cholangiopancreatography,lights and shadows:Handle with care

The role of endoscopic retrograde cholangiopancreatography(ERCP) has dramatically changed in the last years, mainly into that of a therapeutic procedure. The treatment of benign biliary disease, like "difficult"choledocolithiasis, with endoscopic papillary large balloon dilation combined with endoscopic sphinterotomy has proven an effective and safe technique.Moreover, safety in ERCP has improved as well, with the prevention of postERCP pancreatitis and patient-to-patient transmission of infections. The advent of self-expandable metal stenting has radically changed the management of biliopancreatic malignant strictures, while the role for therapy of benign strictures is still controversial. In addition, cholangioscopy(though the direct visualization of the biliopancreatic ductal system) has allowed for characterization of indeterminate biliary strictures and facilitated rescue therapy of large biliary stones deemed removable. Encouraging data from tissue ablation techniques, such as photodynamic therapy and radiofrequency ablation, need to be confirmed by large sample size clinical controlled trials. On the other hand, we have no drug-coated stents yet available to implant and evidence for the use of biodegradable stents is still weak. The competency and privileging of ERCP and endoscopic ultrasonography have been analyzed longer but the switch between the two procedures, at the same time, is becoming ordinary; as such, the endoscopist interested in this field should undergo parallel edification through training plans. Finally, the American Society for Gastrointestinal Endoscopy's statement on non-anesthesiologist administration of propofol for gastrointestinal endoscopy is not actually endorsed by the European Society of Anaesthesiology,having many medical-legal implications in some European countries.

The effect of FasL gene transfer to islet cells on pancreatic islet allografts

OBJECTIVE: To investigate the effect of FasL gene transfer to islet cells on pancreatic islet allografts. METHODS: A recombinant and replication-deficient type-5 adenovirus encoding murine FasL (AdV- FasL) was constructed by the method of calcium phosphate precipitation. Pancreatic islets were infected with the recombinant adenovirus AdV-FasL, and transplanted into diabetic recipients. FasL expression was detected by RT-PCR and immunohistochemistry. The survival of allografts and the apoptosis of gene transferred islet allografts were analyzed. RESULTS: All animals receiving islet allograft alone returned to a diabetic state by several days (mean survival time 6.3±0.6 days). Compared with the control group, no delayed rejection and prolonged survival of allografts were observed in the group of FasL gene transfer. The rejection was accelerated and the allograft survival was shortened to 3.4±0.2 days (P<0.05). Pancreatic islets infected with AdV- FasL demonstrated positive staining of FasL at 24 h, with an increased intensity at 48 h, but not in AdV-5 infected or uninfected islets. TUNEL labeling of pancreatic islet allografts at 24, 48 h revealed apoptosis that was not in AdV-5 infected allografts. CONCLUSIONS: Though co-transplantation of FasL-expressing testicular cells can induce privilege of islet allografts and prolong allograft survival, direct expression of FasL on islet allografts infected with AdV-FasL may accelerate islets rejection by islet apoptosis and granulocyte infiltration.

A Cache Considering Role-Based Access Control and Trust in Privilege Management Infrastructure

PMI （privilege management infrastructure） is used to perform access control to resource in an E-commerce or E-government system. With the ever-increasing need for secure transaction, the need for systems that offer a wide variety of QoS （quality-of-service） features is also growing. In order to improve the QoS of PMI system, a cache based on RBAC （Role-based Access control） and trust is proposed. Our system is realized based on Web service. How to design the cache based on RBAC and trust in the access control model is deseribed in detail. The algorithm to query role permission in cache and to add records in cache is dealt with. The policy to update cache is introduced also.

Use and Abuse of Privileged Information in Italian Listed Companies

Privileged information has significant importance to listed companies, given both the extent of the markets in which it is used and the relevant effects that it can produce on the prices of financial instruments. The term “privileged information” means information that has not yet been made known to the public, which, if disclosed, is able to affect significantly the prices of the securities of listed issuers. This article aims to prove that in many cases, the effects of privileged information can be adequately represented in financial statements, despite their “confidential” nature. For this purpose, this research proposes the existence of a relationship—which can be virtuous or vicious—between financial statements and privileged information. In order to demonstate this thesis, the author carried out an empirical survey concerning both the economic and the legal sector. For the first one, the research considered the price-sensitive information published by companies listed on the Italian Stock Exchange during the first half of 2018, and the result shows that a lot of privileged information is able to generate accounting effects;for the second one, the empirical survey analyzed some significant judgments passed by the Italian Court of Cassation in the 2000s which confirm the companies’ violation of the duty to present privileged information in financial statements.

Farmers' Privilege under the Protection of New Plant Varieties

This paper studies farmers'privilege under the protection of new plant varieties,and points out that farmers'privilege is given to balance interests of plant breeders and relevant public.Based on this,it analyzes shortcomings of farmers'privilege regulations,and puts forward that it is required to improve farmers'privilege regulations in subjects,objects and contents of rights on the basis of learning from advanced legislation experience of foreign countries,and build the interest sharing mechanism between breeders and farmers.

Identity Governance Framework for Privileged Users

Information technology companies have grown in size and recognized the need to protect their valuable assets.As a result,each IT application has its authentication mechanism,and an employee needs a username and password.As the number of applications increased,as a result,it became increasingly complex to manage all identities like the number of usernames and passwords of an employee.All identities had to be retrieved by users.Both the identities and the access rights associated with those identities had to be protected by an administrator.Management couldn’t even capture such access rights because they couldn’t verify things like privacy and security.Identity management can help solve this problem.The concept behind identity management is to centralize identity management and manage access identity centrally rather than multiple applications with their authentication and authorization mechanisms.In this research work,we develop governance and an identity management framework for information and technology infrastructures with privileged access management,consisting of cybersecurity policies and strategies.The results show the efficiency of the framework compared to the existing information security components.The integrated identity and access management and privileged access management enable organizations to respond to incidents and facilitate compliance.It can automate use cases that manage privileged accounts in the real world.