Browsing by Subject "Security"
Now showing 1 - 10 of 10
Results Per Page
Sort Options
- PublicationOpen AccessA Comprehensive Model for Securing Sensitive Patient Data in a Clinical Scenario(IEEE, 2023-11-30) López Martínez, Antonio; Gil Pérez, Manuel; Ruiz-Martínez, Antonio; Ingeniería de la Información y las ComunicacionesThe clinical environment is one of the most important sources of sensitive patient data in healthcare. These data have attracted cybercriminals who pursue the theft of this information for personal gain. Therefore, protecting these data is a critical issue. This paper focuses on an analysis of the clinical environment, presents its general ecosystem and stakeholders, and inspects the main protocols implemented between the clinical components from a security and privacy perspective. Additionally, this article defines a complete use case to describe the typical workflow within a clinical setting: the life cycle of a patient sample. Moreover, we present and categorize crucial clinical information and divide it into two sensitivity levels: High and Very Sensitive, while considering the severe risks of cybercriminal access. The threat model for the use case has also been identified, in conjunction with the use case’s security and privacy needs. This work served us as basis to develop the minimum security and privacy requirements to protect the use case. Accordingly, we have defined protection mechanisms for each sensitivity level with the enabling technologies needed to satisfy each requirement. Finally, the main challenges and future steps for the use case are presented.
- PublicationEmbargoA first exploration of fine-grain coherence for integrity metadata(IEEE Computer Society, 2024-11-05) Ekemark, Per; Ros Bardisa, Alberto; Sagonas, Konstantinos; Kaxiras, Stefanos; Ingeniería y Tecnología de ComputadoresMemory integrity protection is intended for secure execution, and it is typically associated with programs running on a single core. However, with the emergence of multi-processor systems-on-chip and chiplets, extending memory integrity protection to cache-coherent multiprocessors becomes essential. In this work, we explore for the first time the design space for maintaining coherence in fine-grain integrity metadata at the block level. We discuss various policies for updating the integrity tree using the underlying coherence protocol, and examine how these policies affect coherence traffic. We introduce the concepts of proactive and reactive update initiation, and discuss their implications for data and integrity-tree blocks. We also investigate the trade-offs between eager and lazy update propagation policies, focusing on coherence transactions such as invalidations and downgrades to analyse the pros and cons of different approaches. What we observe is that for some benchmarks the choice between the eager and the lazy update initiation policy does not make much difference, while for many other benchmarks one policy is better over the other, depending on how the benchmark shares its data.
- PublicationOpen AccessA Trusted Approach for Decentralised and Privacy-Preserving Identity Management(2021) Torres, R.; Garcia Rodriguez, J.; Bernal Bernabé, Jorge; Skarmeta Gomez, A. F.; Ingeniería y Tecnología de ComputadoresIdentity Management (IdM) systems have traditionally relied on a centralized model prone to privacy, trust, and security problems, like potential massive data breaches or identity spoofing. Identity providers accumulate excessive power that might allow them to become a big brother, analyzing and storing as much data as possible. Users should be able to trust identity providers and manage their personal information straightforwardly without compromising their privacy. The European OLYMPUS project introduces a distributed approach for IdM based on enhanced Attribute-Based Credentials (ABC) that splits the role of Identity Provider to limit their influence and chances to become a unique point of failure. However, the trust relationship between service providers, users, and identity providers is still a gap in those kinds of privacy-preserving ABC systems. Decentralized technologies are an opportunity to break away from the centralized model and propose systems that respect privacy while increasing users’ trust. This paper presents an evolution of the OLYMPUS architecture, maintaining all the privacy features and incorporating distributed ledger technologies to enhance trust and security in online transactions and IdM systems. The proposed system has been implemented, tested, and validated, showing its performance and feasibility to manage user’s identity in a fully privacy-preserving, distributed and reliable way.
- PublicationOpen AccessAntecedentes históricos en la organización de la información y la documentación aplicada a la seguridad y la defensa de los estados.(Murcia, Universidad de Murcia, Servicio de Publicaciones, 2007) Navarro Bonilla, Diego; Facultad de Comunicación y DocumentaciónSe exponen las líneas maestras de una vinculación histórica entre procesos de obtención, análisis y gestión de información y toma de decisiones en los ám-bitos relacionados con la seguridad y la defensa a lo largo de los siglos. La metodo-logía de los procesos de generación de conocimiento dentro de las funciones de los organismos de información e inteligencia sirve de base para verificar la aplicación de los fundamentos y principios de las ciencias de la documentación en este campo de estudio.
- PublicationOpen AccessCompetencias digitales en neouniversitarios de carreras de formación docente en una universidad ecuatoriana(Universidad de Murcia, Servicio de Publicaciones, 2024-12-01) Benavides-Sellan, Luis ErnestoEl desarrollo de las competencias digitales es una responsabilidad ineludible de las instituciones educativas por su relevancia para el progreso de las sociedades. En base al modelo DigComp 2.1, el estudio ha pretendido caracterizar los niveles de autopercepción de competencia digital en neouniversitarios de las carreras de formación docente en una universidad ecuatoriana. La metodología empleada es cuantitativa con enfoque no experimental y descriptivo, para la recolección de datos se diseñó un cuestionario de tipo ad hoc que fue sometido a valoración mediante juicio de expertos. La población estudiada la constituyeron neouniversitarios de carreras de formación docente. Los resultados generales evidenciaron niveles de autopercepción de competencia digital media entre los participantes, no obstante, en algunas de las competencias e indicadores indagados se obtuvieron niveles entre medio y bajo. Estos elementos fueron el análisis y aporte crítico de la información digital, la creación de contenidos digitales, manejo de perfiles de red, seguridad digital y resolución de problemas. Se establece como conclusión que se requieren fortalecer las áreas de competencia digital con menores niveles de autopercepción y que aspectos como la formación previa y las políticas educativas inciden en esta autopercepción. Ante esto, es importante orientar, desde la educación formal, a los denominados nativos digitales para el desarrollo adecuado de sus competencias digitales.
- PublicationOpen AccessLa gubernamentalidad como poder a distancia: Foucault y la crisis de las disciplinas(Universidad de Murcia. Servicio de Publicaciones, 2019) Sánchez Santiago, AlfredoSobre la base de las modificaciones que tienen lugar en la noción de poder de Michel Foucault entre 1975 y 1979, este trabajo pretende ofrecer algunas claves de análisis de las nuevas modalidades de control político características de las sociedades del capitalismo avanzado. El planteamiento en 1978 de la serie libertad–mecanismos de seguridad–gobierno conduce a Foucault a evacuar el modelo disciplinario como esquema único de inteligibilidad del ejercicio del poder. Queda abierta de esta forma la posibilidad de avanzar en la conceptualización de la gubernamentalidad neoliberal vigente en nuestras sociedades como un poder indirecto o un “gobierno a distancia” que preserva intocada –y declara intocable– la materialidad misma de los cuerpos.
- PublicationOpen AccessUna propuesta de nivel cero en la didáctica de los Estudios Franceses desde las TIC.(Universidad de Murcia, Servicio de Publicaciones, 2021) Vicente Castañares, EsmeraldaThe tearing easiness of access to any web content, as well as its huge quantity, make complex the application of a cero level quality informative filter. We consider this ICT screening should be done whenever students are going to use it for their own researching tasks in French Studies. This study’s essential target would like to focus on the students’ acquisition of guide ICT tools, which could help them to develop or increase a critical and selective thinking. This would enable them to take suitable decisions whenever making a choice and using ICT in a responsible, sure, collaborative, cooperative way. In order to attain these goals, we would start from a previous survey among students, with the aim to compile their possible knowledge concerning these “guide ICT tools” (example: Agencia Española de Protección de Datos’ web and its “Lista Robinson”).
- PublicationOpen AccessSecurity in digital markets(2019-01-14) Sánchez Romero, María Dolores; Urbano Salvador, A.; Métodos Cuantitativos para la Economía y la Empresa
- PublicationOpen AccessTarjeta turística Safety and Security: el pasaporte para turistas y destinos seguros(Universidad de Murcia. Servicio de publicaciones, 2020) de Oliveira Santos, Danielle PimentelLa emergencia sanitaria por el COVID-19 ha paralizado el turismo, causando impactos nunca antes imaginados. Más de un tercio de la población global está en situación de confinamiento.La actividad turística, que supone más del 10% del PIB mundial, se encuentra en situación de letargo. Se prevén escenarios futuros que requieren de una acción inmediata. La formula Safety Security puede ser la clave de un nuevo orden turístico, que debe contar con mayor número de medidas de sostenibilidad y añadir la seguridad del destino y del turista. Se propone la creación de una tarjeta turística, con credenciales de turista Safety Security para destinos Safety Security.
- PublicationEmbargoUnderstanding Selective Delay as a Method for Efficient Secure Speculative Execution(Institute of Electrical and Electronics Engineers, IEEE Xplore, 2020) Sakalis, Christos; Kaxiras, Stefanos; Ros, Alberto; Jimborean, Alexandra; Själander, Magnus; Ingeniería y Tecnología de ComputadoresSince the introduction of Meltdown and Spectre, the research community has been tirelessly working on speculative side-channel attacks and on how to shield computer systems from them. To ensure that a system is protected not only from all the currently known attacks but also from future, yet to be discovered, attacks, the solutions developed need to be general in nature, covering a wide array of system components, while at the same time keeping the performance, energy, area, and implementation complexity costs at a minimum. One such solution is our own delay-on-miss, which efficiently protects the memory hierarchy by i) selectively delaying speculative load instructions and ii) utilizing value prediction as an invisible form of speculation. In this work we dive deeper into delay-on-miss, offering insights into why and how it affects the performance of the system. We also reevaluate value prediction as an invisible form of speculation. Specifically, we focus on the implications that delaying memory loads has in the memory level parallelism of the system and how this affects the value predictor and the overall performance of the system. We present new, updated results but more importantly, we also offer deeper insight into why delay-on-miss works so well and what this means for the future of secure speculative execution.