ETYK III-vaihe (Tasavallan Presidentin esittämä Suomen puheenvuoro 31.7.1975 = Conference on Security and Co-operation in Europe = main speech of Finland delivered by President Urho Kekkonen July 31, 1975)

Puhe

Wireless Technologies in e-Business; Services, Security and Management

Uusien mobiilien laitteiden ja palveluiden kehitys ovat herättäneet yritysten mielenkiinnon soveltaa langattomia sovelluksia omassa liiketoiminnassaan. Erilaisten tekniikoiden myötä myös mahdollisuuksien kirjo on laajentumassa, mikä johtaa erilaisten verkkojen ja laitteiden yhtenäiselle hallinnalle asetettavien vaatimusten kasvuun. Yritysten siirtyessä soveltamaan uusia langattomia palveluita ja sovelluksia on myös huomioon otettavaa sovellusten sekä palveluiden vaatima tietoturva ja sen hallittavuus. Tutkimuksessa esitetään langattoman sähköisen liiketoiminnan määritelmä sekä kyseisien teknologioiden käyttöä edistävät tekijät. Tutkimus luo viitekehyksen yrityksen langattomien teknologioiden käytölle ja siihen olennaisesti vaikuttavista tekijöistä. Viitekehystä on käytetty todelliseen esimerkkiin, liikkuva myyntihenkilö, kyseisten teknologioiden, palveluiden, tietoturvan ja hallittavuuden näkökulmasta. Johtopäätöksinä on arvioitu mobiilien ja langattomien teknologioiden sekä palveluiden, tietoturvan ja hallittavuuden tilaa ja analysoimalla niitä tulevaa ajatellen.

Security and Privacy in a Ubiquitous Information Screen

We expose the ubiquitous interaction between an information screen and its’ viewers mobile devices, highlights the communication vulnerabilities, suggest mitigation strategies and finally implement these strategies to secure the communication. The screen infers information preferences’ of viewers within its vicinity transparently from their mobile devices over Bluetooth. Backend processing then retrieves up-to-date versions of preferred information from content providers. Retrieved content such as sporting news, weather forecasts, advertisements, stock markets and aviation schedules, are systematically displayed on the screen. To maximise users’ benefit, experience and acceptance, the service is provided with no user interaction at the screen and securely upholding preferences privacy and viewers anonymity. Compelled by the personal nature of mobile devices, their contents privacy, preferences confidentiality, and vulnerabilities imposed by screen, the service’s security is fortified. Fortification is predominantly through efficient cryptographic algorithms inspired by elliptic curves cryptosystems, access control and anonymity mechanisms. These mechanisms are demonstrated to attain set objectives within reasonable performance.

Software Security Design and Testing

Elektroninen kaupankäynti ja pankkipalvelut ovat herättäneet toiminnan jatkuvuuden kannalta erittäin kriittisen kysymyksen siitä, kuinka näitä palveluja pystytään suojaamaan järjestäytynyttä rikollisuutta ja erilaisia hyväksikäyttöjä vastaan.

Cyber security in home and small office local area networks - Attack vectors and vulnerabilities

This thesis presents security issues and vulnerabilities in home and small office local area networks that can be used in cyber-attacks. There is previous research done on single vulnerabilities and attack vectors, but not many papers present full scale attack examples towards LAN. First this thesis categorizes different security threads and later in the paper methods to launch the attacks are shown by example. Offensive security and penetration testing is used as research methods in this thesis. As a result of this thesis an attack is conducted using vulnerabilities in WLAN, ARP protocol, browser as well as methods of social engineering. In the end reverse shell access is gained to the target machine. Ready-made tools are used in the attack and their inner workings are described. Prevention methods are presented towards the attacks in the end of the thesis.

Dynamic Runtime Variation and Branding in S60 Software

Diplomityössä tutkitaan keinoja brändätä ja varioida S60-ohjelmistoja dynaamisesti ja ajonaikaisesti. S60 on kehitysalusta, jota käyttävät useat puhelinvalmistajat ja heidän puhelimiaan käyttävät lukuisat eri operaattorit. Operaattorit haluavat puhelimiensa tai osan puhelimen sovelluksista erottuvan kilpailijoista heidän omalla brändillään ja tämän takia täytyy olla keinot joko koko puhelimen, tai valittujen sovellusten brändäykselle. Osa sovelluksista saatetaan haluta vaihtavan käytettyä brändiä sen käyttämien resurssien, kuten verkkopalvelimen, mukaan. Variointidataa tulee myös pystyä jakamaan eri sovellusten tai sovellusten osien kesken. Työssä esitellään Symbian käyttöjärjestelmä ja S60 kehitysympäristö, sekä pohditaan Symbianin turvallisuuskäytäntöjen tuomia haasteita variointidatan jakamiseen eri sovellusten välillä. Olemassaolevia variointitapoja tutkitaan työn mahdolliseksi pohjaksi. Työ sisältää esittelyn projektista, jossa kehitettiin erään S60 sovelluksen dynaaminen brändäystoteutus, joka myös mahdollistaa variointidatan jakamisen eri sovellusten kanssa.

Entrepreneurial orientation in small and medium-sized enterprises during economic crisis

The economic importance of small and medium-sized enterprises (SMEs) and entrepreneurship has increased significantly in recent decades and entrepreneurial activity and SMEs are deemed vital to economic progress. Therefore, it is justifiable to study how small firms and entrepreneurs can enhance their performance and emergence in the turbulent economic environment. The concept of entrepreneurial orientation (EO) has recently attracted considerable attention in the field of entrepreneurship research. EO generally refers to a firm’s propensity to be innovative, to be proactive and to take risks. A majority of EO studies so far have found that adopting EO associated entrepreneurial behaviors will help firms to create or sustain a high level of performance. This dissertation explores the main drivers and performance implications of EO for SMEs in time of economic crisis. Hence the first objective of this dissertation is to examine the performance implications of EO and to test the role of EO on how firms are treated by the crisis at operative level. The second objective is to expand the prevailing understanding of determinants of EO by exploring the relationship between owner's work related values, attitudes, demographic characteristics, firm’s financial resources and EO. EO was found to be a significant and positive factor behind a firm’s long run growth. Hence it can be said that EO has positive implications for firm performance. But on the other hand, during a time of economic crisis the different dimensions of EO had both positive and negative effects on performance of SMEs. The performance implications varied across different stages of the crisis and were also dependent on what measure was used for measuring the performance. The main drivers of EO in SMEs were the personal work related values of the entrepreneur and his/her prior experience as an entrepreneur. The intrinsic work values related to interest, responsibility, challenge, self-development or intellectual stimulation and values related to status, power, achievement and recognition had a positive effect on the level of EO. On the other hand, extrinsic values related to high income, material possessions, benefits such as generous holidays, job security, and comfort through good working conditions decreased the level of EO

Five Baltic Ports Togehter: Forecasts, Trends and Recommendations

The ports of Stockholm, Tallinn, Helsinki, Naantali and Turku play key roles in making the Central Baltic region accessible. Effective, competitive, eco-friendly and safe port procedures and solutions for the transportation of goods are of major importance for trade in the Baltic Sea region. This report presents the most essential results and recommendations of the PENTA project, which focused on how ports could better comprehend and face current and future challenges facing carriage of goods by sea. Each of the four work packages (WPs) of the PENTA project analysed the changes from a different perspective. WP2 focused on traffic flows between the PENTA ports. Its main emphasis was on the ports, shipowners, and logistics companies that are the key parties in freight transport and on the changes affecting the economy of those ports. In WP3 noise as an environmental challenge for ports was investigated and the analysis also shed light on the relationship between the port and the city. In WP4 procedures related to safety, security and administrative procedures were researched. The main emphasis was on identifying the requirements for the harmonisation of those procedures. Collaboration is highlighted throughout this report. In order to prepare for the future, it was found that ports need to respond to growing competition, increasing costs and shifts in customer demand by strengthening their existing partnerships with other actors in the maritime cluster. Cargo and passenger transport are the main sources of income for most ports. Cargo traffic between the PENTA ports is expected to grow steadily in the future and the outlook for passenger traffic is positive. However, to prepare for the future, ports should not only secure the core activities which generate revenue but also seek alternative ways to make profit. In order to gain more transit traffic, it is suggested that ports conduct a more thorough study of the future requirements for doing business with Russia. The investigation of noise at ports revealed two specific dilemmas that ports cannot solve alone. Firstly, the noise made by vessels and, secondly, the relationship between the port and the surrounding city. Vessels are the most important single noise source in the PENTA ports and also one of the hardest noise sources to handle. Nevertheless, port authorities in Finland and Sweden are held responsible for all noise in the port area, including noise produced by vessels, which is noise the port authority can only influence indirectly. Building housing by waterfront areas close to ports may also initiate disagreements because inhabitants may want quiet areas, whereas port activities always produce some noise from their traffic. The qualitative aspects of the noise question, cooperating with the stakeholders and the communicating of issues related to noise are just as important. We propose that ports should follow the logic of continuous improvement in their noise management. The administrative barriers discussed in this report are mainly caused by differences in international and national legislation, variations in the customs procedures of each country, the incompatibility of the IT systems used in maritime transport, noncompliance with regulations regarding dangerous goods, and difficulties in applying Schengen regulations to vessels from non-EU countries. Improving the situation is out of the hands of the ports to do alone and requires joint action on a variety of levels, including the EU, national authorities and across administrative borders.

Enhancing Security of Linux OS against Administrators

Inside cyber security threats by system administrators are some of the main concerns of organizations about the security of systems. Since operating systems are controlled and managed by fully trusted administrators, they can negligently or intentionally break the information security and privacy of users and threaten the system integrity. In this thesis, we propose some solutions for enhancing the security of Linux OS by restricting administrators’ access to superuser’s privileges while they can still manage the system. We designed and implemented an interface for administrators in Linux OS called Linux Admins’ User Interface (LAUI) for managing the system in secure ways. LAUI along with other security programs in Linux like sudo protect confidentiality and integrity of users’ data and provide a more secure system against administrators’ mismanagement. In our model, we limit administrators to perform managing tasks in secure manners and also make administrators accountable for their acts. In this thesis we present some scenarios for compromising users’ data and breaking system integrity by system administrators in Linux OS. Then we evaluate how our solutions and methods can secure the system against these administrators’ mismanagement.