6 resultados para PRIVATE SECURITY
em Boston University Digital Common
Resumo:
http://www.archive.org/details/churchmansprayer00bulluoft
Resumo:
Background: Until recently, little was known about the costs of the HIV/AIDS epidemic to businesses in Africa and business responses to the epidemic. This paper synthesizes the results of a set of studies conducted between 1999 and 2006 and draws conclusions about the role of the private sector in Africa’s response to AIDS. Methods: Detailed human resource, financial, and medical data were collected from 14 large private and parastatal companies in South Africa, Uganda, Kenya, Zambia, and Ethiopia. Surveys of small and medium-sized enterprises (SMEs) were conducted in South Africa, Kenya, and Zambia. Large companies’ responses or potential responses to the epidemic were investigated in South Africa, Uganda, Kenya, Zambia, and Rwanda. Results: Among the large companies, estimated workforce HIV prevalence ranged from 5%¬37%. The average cost per employee lost to AIDS varied from 0.5-5.6 times the average annual compensation of the employee affected. Labor cost increases as a result of AIDS were estimated at anywhere from 0.6%-10.8% but exceeded 3% at only 2 of 14 companies. Treatment of eligible employees with ART at a cost of $360/patient/year was shown to have positive financial returns for most but not all companies. Uptake of employer-provided testing and treatment services varied widely. Among SMEs, HIV prevalence in the workforce was estimated at 10%-26%. SME managers consistently reported low AIDS-related employee attrition, little concern about the impacts of AIDS on their companies, and relatively little interest in taking action, and fewer than half had ever discussed AIDS with their senior staff. AIDS was estimated to increase the average operating costs of small tourism companies in Zambia by less than 1%; labor cost increases in other sectors were probably smaller. Conclusions: Although there was wide variation among the firms studied, clear patterns emerged that will permit some prediction of impacts and responses in the future.
Resumo:
Wireless Intrusion Detection Systems (WIDS) monitor 802.11 wireless frames (Layer-2) in an attempt to detect misuse. What distinguishes a WIDS from a traditional Network IDS is the ability to utilize the broadcast nature of the medium to reconstruct the physical location of the offending party, as opposed to its possibly spoofed (MAC addresses) identity in cyber space. Traditional Wireless Network Security Systems are still heavily anchored in the digital plane of "cyber space" and hence cannot be used reliably or effectively to derive the physical identity of an intruder in order to prevent further malicious wireless broadcasts, for example by escorting an intruder off the premises based on physical evidence. In this paper, we argue that Embedded Sensor Networks could be used effectively to bridge the gap between digital and physical security planes, and thus could be leveraged to provide reciprocal benefit to surveillance and security tasks on both planes. Toward that end, we present our recent experience integrating wireless networking security services into the SNBENCH (Sensor Network workBench). The SNBENCH provides an extensible framework that enables the rapid development and automated deployment of Sensor Network applications on a shared, embedded sensing and actuation infrastructure. The SNBENCH's extensible architecture allows an engineer to quickly integrate new sensing and response capabilities into the SNBENCH framework, while high-level languages and compilers allow novice SN programmers to compose SN service logic, unaware of the lower-level implementation details of tools on which their services rely. In this paper we convey the simplicity of the service composition through concrete examples that illustrate the power and potential of Wireless Security Services that span both the physical and digital plane.
Resumo:
The Java programming language has been widely described as secure by design. Nevertheless, a number of serious security vulnerabilities have been discovered in Java, particularly in the component known as the Bytecode Verifier. This paper describes a method for representing Java security constraints using the Alloy modeling language. It further describes a system for performing a security analysis on any block of Java bytecodes by converting the bytes into relation initializers in Alloy. Any counterexamples found by the Alloy analyzer correspond directly to insecure code. Analysis of a real-world malicious applet is given to demonstrate the efficacy of the approach.
Resumo:
The TCP/IP architecture was originally designed without taking security measures into consideration. Over the years, it has been subjected to many attacks, which has led to many patches to counter them. Our investigations into the fundamental principles of networking have shown that carefully following an abstract model of Interprocess Communication (IPC) addresses many problems [1]. Guided by this IPC principle, we designed a clean-slate Recursive INternet Architecture (RINA) [2]. In this paper, we show how, without the aid of cryptographic techniques, the bare-bones architecture of RINA can resist most of the security attacks faced by TCP/IP. We also show how hard it is for an intruder to compromise RINA. Then, we show how RINA inherently supports security policies in a more manageable, on-demand basis, in contrast to the rigid, piecemeal approach of TCP/IP.