Der Entwurf strukturierter rollenbasierter Zugriffskontrollmodelle

Zusammenfassung. In diesem Beitrag wird ein formaler Ansatz zur Ableitung von Zugriffsrechten auf der Basis eines formalen Organisationsmodells vorgestellt. Hierzu wird der Ansatz der rollenbasierten Zugriffskontrolle (engl. Role-Based Access Control, kurz RBAC) um die M?glichkeit erweitert, Aufbauorganisationen zu modellieren. Der Vorteil gegenüber rollenbasierten Ans?tzen mit einfachen Rollenhierarchien ist die klare Struktur, die einem Zugriffskontrollmodell durch die Organisationsform aufgepr?gt wird. Des Weiteren k?nnen organisatorische Regelungen, wie z.B. Urlaubsvertretung oder Weisungsbefugnis, direkt im Modell hinterlegt werden. Aufwendig zu pflegende und h?ufig inkonsistente Rollenkataloge werden obsolet. Sicherheitsstrategien mit unpr?zisen Vorgaben lassen sich mittels der vorgestellten Technik der sog. `Kompetenzerweiterung' umsetzen. Das zugrundeliegende Paradigma des vorgestellten Ansatzes unterscheidet sich stark von anderen Ans?tzen mit statischer Autorisation. Nutzer k?nnen sich Zugriffsrechte in fest definierten Grenzen selbstverantwortlich zuteilen, wobei jedoch eine nachtr?gliche Kontrolle stark vereinfacht und damit praktikabel wird. Eingegangen am 22. Februar 2001 / Angenommen am 22. Mai 2001     

Comparing Web search engine performance in searching consumer health information: evaluation and recommendations.

Identifying and accessing reliable, relevant consumer health information rapidly on the Internet may challenge the health sciences librarian and layperson alike. In this study, seven search engines are compared using representative consumer health topics for their content relevancy, system features, and attributes. The paper discusses evaluation criteria; systematically compares relevant results; analyzes performance in terms of the strengths and weaknesses of the search engines; and illustrates effective search engine selection, search formulation, and strategies.     

Retrieving and classifying instances of source code plagiarism

Automatic detection of source code plagiarism is an important research field for both the commercial software industry and within the research community. Existing methods of plagiarism detection primarily involve exhaustive pairwise document comparison, which does not scale well for large software collections. To achieve scalability, we approach the problem from an information retrieval (IR) perspective. We retrieve a ranked list of candidate documents in response to a pseudo-query representation constructed from each source code document in the collection. The challenge in source code document retrieval is that the standard bag-of-words (BoW) representation model for such documents is likely to result in many false positives being retrieved, because of the use of identical programming language specific constructs and keywords. To address this problem, we make use of an abstract syntax tree (AST) representation of the source code documents. While the IR approach is efficient, it is essentially unsupervised in nature. To further improve its effectiveness, we apply a supervised classifier (pre-trained with features extracted from sample plagiarized source code pairs) on the top ranked retrieved documents. We report experiments on the SOCO-2014 dataset comprising 12K Java source files with almost 1M lines of code. Our experiments confirm that the AST based approach produces significantly better retrieval effectiveness than a standard BoW representation, i.e., the AST based approach is able to identify a higher number of plagiarized source code documents at top ranks in response to a query source code document. The supervised classifier, trained on features extracted from sample plagiarized source code pairs, is shown to effectively filter and thus further improve the ranked list of retrieved candidate plagiarized documents.     

Strategies in assessing the need for updating evidence-based guidelines for six clinical topics: an exploration of two search methodologies

BACKGROUND: Because of the expense of updating practice guidelines, recent attention has focused on approaches that can reliably assess any updating required. Shekelle et al. (Journal of the American Medical Association 2001, 286, 1461-7) proposed using limited literature searches with expert involvement to reduce resources used in assessing whether a guideline needs updating. OBJECTIVES: This study compared Shekelle's method and the traditional systematic review method regarding comprehensiveness and effort. METHODS: Two research teams translated critical key questions on screening test treatments and outcomes to Medical Subjects Headings (MeSH) and search strategies. They refined Shekelle's method over three iterations, seeking greater efficiency. Using both methods independently, teams assessed the need to update six topics from the 1996 Guide to Clinical Preventive Services (US Preventive Services Task Force). Outcomes included completeness of study identification, importance of missed studies and effort involved. RESULTS: The revised review approach produced fewer citations than the traditional approach and saved time, identifying fewer eligible studies than the traditional approach. None of the studies missed was rated important by the experts consulted. CONCLUSIONS: The revised review approach provides an acceptable method for judging whether a guideline requires updating. Librarians were an integral part of the research process that streamlined the searches.     

A Theory of Media Power and a Theory of Media Use: Different Stories,Questions, and Ways of Thinking

In this article, I compare the assumptions, concepts, and propositions of media system dependency (MSD) theory and uses and gratifications (U&G) theory at the microlevel of analysis. The epistemological origins of these theories are situated within the differing social and personal contexts that affected their development. Those MSD assumptions that serve as background to this comparison are specified, and major hypotheses concerning the social ecology of microeffects processes are discussed, particularly as they pertain to public opinion concerns. Following this elaboration of MSD theory, basic differences between MSD and U&G conceptions of the audience, interpersonal networks, the media system, and the nature of media power are addressed. I conclude with a brief comment on the implications of the Internet for theorizing micro media effects.     

Do physical activity beliefs differ by age and gender?

Age and gender are consistently related to physical activity (PA), yet theoretical explanation for these associations is scant. The present study compared the mean values and correlations of a population sample, divided by gender and age group, with respect to theory of planned behavior beliefs (behavioral, normative, and control) and PA. Participants were a sample (N=6,739) of adults (M age=49.65, SD=16.04) who completed measures of social and health demographics, theory of planned behavior beliefs, and self-reported PA. Mean analyses identified greater perceived control over PA for seniors than for young and middle-aged adults (N>.025). Belief-behavior correlations, however, were not different across age and gender in 24 of 26 tests (q<.19). Thus, PA beliefs are invariant across age and gender with the exception of mean levels of perceived control, which are lower among younger adults than older adults. Factors such as early parenthood and career demands were considered the likely reasons for differences. Overall, the evidence suggests that adapting theoretical models for specific age groups or based on gender may not be necessary.     

Making Compliance Seem More Important: The “Just-One-More” Technique of Gaining Compliance

A new compliance-gaining technique is introduced called the “just-one-more” (JOM) technique that increases compliance rates by including the phrase “I just need one more person to help.” Two studies are reported (N = 160 in each). The first established the effectiveness of the technique as compared to a direct request. The second tested the hypothesis that goal difficulty moderates the technique's effectiveness in a 2 (JOM or direct request) × 2 (requester needs five surveys or 100). Results indicate that the JOM was substantially more effective than a direct request in the 100 surveys condition but not the five.