Security analysis of JXME-Proxyless version

JXME es la especificación de JXTA para dispositivos móviles con J2ME. Hay dos versiones diferentes de la aplicación JXME disponibles, cada una específica para un determinado conjunto de dispositivos, de acuerdo con sus capacidades. El principal valor de JXME es su simplicidad para crear peer-to-peer (P2P) en dispositivos limitados. Además de evaluar las funciones JXME, también es importante tener en cuenta el nivel de seguridad por defecto que se proporciona. Este artículo presenta un breve análisis de la situación actual de la seguridad en JXME, centrándose en la versión JXME-Proxyless, identifica las vulnerabilidades existentes y propone mejoras en este campo.

Ecosystem services and adaptation for agriculture and food security: analysis of two decades (1991–2011) of financing by the Global Environment Facility

Investing in global environmental and adaptation benefits in the context of agriculture and food security initiatives can play an important role in promoting sustainable intensification. This is a priority for the Global Environment Facility (GEF), created in 1992 with a mandate to serve as financial mechanism of several multilateral environmental agreements. To demonstrate the nature and extent of GEF financing, we conducted an assessment of the entire portfolio over a period of two decades (1991–2011) to identify projects with direct links to agriculture and food security. A cohort of 192 projects and programs were identified and used as a basis for analyzing trends in GEF financing. The projects and programs together accounted for a total GEF financing of US$1,086.8 million, and attracted an additional US$6,343.5 million from other sources. The value-added of GEF financing for ecosystem services and resilience in production systems was demonstrated through a diversity of interventions in the projects and programs that utilized US$810.6 million of the total financing. The interventions fall into the following four main categories in accordance with priorities of the GEF: sustainable land management (US$179.3 million), management of agrobiodiversity (US$113.4 million), sustainable fisheries and water resource management (US$379.8 million), and climate change adaptation (US$138.1 million). By aligning GEF priorities with global aspirations for sustainable intensification of production systems, the study shows that it is possible to help developing countries tackle food insecurity while generating global environmental benefits for a healthy and resilient planet.

A Cloud-based Framework for Security Analysis of Browser Extensions

In today's internet world, web browsers are an integral part of our day-to-day activities. Therefore, web browser security is a serious concern for all of us. Browsers can be breached in different ways. Because of the over privileged access, extensions are responsible for many security issues. Browser vendors try to keep safe extensions in their official extension galleries. However, their security control measures are not always effective and adequate. The distribution of unsafe extensions through different social engineering techniques is also a very common practice. Therefore, before installation, users should thoroughly analyze the security of browser extensions. Extensions are not only available for desktop browsers, but many mobile browsers, for example, Firefox for Android and UC browser for Android, are also furnished with extension features. Mobile devices have various resource constraints in terms of computational capabilities, power, network bandwidth, etc. Hence, conventional extension security analysis techniques cannot be efficiently used by end users to examine mobile browser extension security issues. To overcome the inadequacies of the existing approaches, we propose CLOUBEX, a CLOUd-based security analysis framework for both desktop and mobile Browser EXtensions. This framework uses a client-server architecture model. In this framework, compute-intensive security analysis tasks are generally executed in a high-speed computing server hosted in a cloud environment. CLOUBEX is also enriched with a number of essential features, such as client-side analysis, requirements-driven analysis, high performance, and dynamic decision making. At present, the Firefox extension ecosystem is most susceptible to different security attacks. Hence, the framework is implemented for the security analysis of the Firefox desktop and Firefox for Android mobile browser extensions. A static taint analysis is used to identify malicious information flows in the Firefox extensions. In CLOUBEX, there are three analysis modes. A dynamic decision making algorithm assists us to select the best option based on some important parameters, such as the processing speed of a client device and network connection speed. Using the best analysis mode, performance and power consumption are improved significantly. In the future, this framework can be leveraged for the security analysis of other desktop and mobile browser extensions, too.

RSA-Grid: A grid computing based framework for power system reliability and security analysis

Grid computing is an emerging technology for providing the high performance computing capability and collaboration mechanism for solving the collaborated and complex problems while using the existing resources. In this paper, a grid computing based framework is proposed for the probabilistic based power system reliability and security analysis. The suggested name of this computing grid is Reliability and Security Grid (RSA-Grid). Then the architecture of this grid is presented. A prototype system has been built for further development of grid-based services for power systems reliability and security assessment based on probabilistic techniques, which require high performance computing and large amount of memory. Preliminary results based on prototype of this grid show that RSA-Grid can provide the comprehensive assessment results for real power systems efficiently and economically.

STPA-SafeSec: Safety and Security Analysis for Cyber-Physical Systems

Cyber-physical systems tightly integrate physical processes and information and communication technologies. As today’s critical infrastructures, e.g., the power grid or water distribution networks, are complex cyber-physical systems, ensuring their safety and security becomes of paramount importance. Traditional safety analysis methods, such as HAZOP, are ill-suited to assess these systems. Furthermore, cybersecurity vulnerabilities are often not considered critical, because their effects on the physical processes are not fully understood. In this work, we present STPA-SafeSec, a novel analysis methodology for both safety and security. Its results show the dependencies between cybersecurity vulnerabilities and system safety. Using this information, the most effective mitigation strategies to ensure safety and security of the system can be readily identified. We apply STPA-SafeSec to a use case in the power grid domain, and highlight its benefits.

Analysis of social security proposals intended to help women : preliminary results /

"January 2001."

Analysis of Information Security of Objects under Attacks and Processed by Methods of Compression

In this paper a methodology for evaluation of information security of objects under attacks, processed by methods of compression, is represented. Two basic parameters for evaluation of information security of objects – TIME and SIZE – are chosen and the characteristics, which reflect on their evaluation, are analyzed and estimated. A co-efficient of information security of object is proposed as a mean of the coefficients of the parameter TIME and SIZE. From the simulation experiments which were carried out methods with the highest co-efficient of information security had been determined. Assessments and conclusions for future investigations are proposed.

Analysis of Spatial-temporal Dynamics in the System of Economic Security of Different Subjects of Economic Management

The importance to solve the problem of spatial-temporal dynamics analysis in the system of economic security of different subjects of economic management is substantiated. Various methods and approaches for carrying out analysis of spatial-temporal dynamics in the system of economic security are considered. The basis of the generalized analysis of spatial-temporal dynamics in economic systems is offered.

Analysis and Design of a secure WLAN solution for Cobre Las Cruces

Cobre Las Cruces is a renowned copper mining company located in Sevilla, with unexpected problems in wireless communications that have a direct affectation in production. Therefore, the main goals are to improve the WiFi infrastructure, to secure it and to detect and prevent from attacks and from the installation of rogue (and non-authorized) APs. All of that integrated with the current ICT infrastructure.This project has been divided into four phases, although only two of them have been included into the TFC; they are the analysis of the current situation and the design of a WLAN solution.Once the analysis part was finished, some weaknesses were detected. Subjects such as lack of connectivity and control, ignorance about installed WiFi devices and their localization and state and, by and large, the use of weak security mechanisms were some of the problems found. Additionally, due to the fact that the working area became larger and new WiFi infrastructures were added, the first phase took more time than expected.As a result of the detailed analysis, some goals were defined to solve and it was designed a centralized approach able to cope with them. A solution based on 802.11i and 802.1x protocols, digital certificates, a probe system running as IDS/IPS and ligthweight APs in conjunction with a Wireless LAN Controller are the main features.

On the computational security of a distributed key distribution scheme

In a distributed key distribution scheme, a set of servers helps a set of users in a group to securely obtain a common key. Security means that an adversary who corrupts some servers and some users has no information about the key of a noncorrupted group. In this work, we formalize the security analysis of one such scheme which was not considered in the original proposal. We prove the scheme is secure in the random oracle model, assuming that the Decisional Diffie-Hellman (DDH) problem is hard to solve. We also detail a possible modification of that scheme and the one in which allows us to prove the security of the schemes without assuming that a specific hash function behaves as a random oracle. As usual, this improvement in the security of the schemes is at the cost of an efficiency loss.

Predictability Of Share Prices In India: A Study Of The Applicability Of Technical Analysis

In spite of the far longed practices of technical analysis by many participants in Indian stock market, none have arrived at the exact position of technical analysis as a tool for foretelling share prices. There is no evidence supporting that one has established its definite role in predicting the behaviour of share price and also to see the extent of validity (how far reliable) of technical tools in Indian stock market. The problem is the vacuum in the arena of securities market analysis where an unrecognised tool is practised, i.e., whether to hold on to technical analysis or to drop it. Again, as already stated in this chapter, its validity need not continue forever. It may become futile as happened in developed markets. Continuous practice of a tool, which is valid only during discontinuous times is also an error. The efficacy of different market phenomena in terms of their ability to foretell the extent and direction of the price movements and reliability thereof remain as not yet proved in. This requires further study in this area so that this controversy may be settled. A solution to the problem requires enquiring and establishing the applicability of technical analysis, if any, there is in the Indian stock market. The study has the following two broad objectives for the purpose of confirming the applicability, if any, of technical analysis in the Indian stock market. The first objective is to ascertain the current validity of ‘traditional holding with respect to patterns’ and the second objective is to ascertain the ‘consistent superiority’, if any, of technical indicators over non-signal strategies in return generation. The study analyses the five patterns, which are widely known and commonly found in publications. They are: (1) Symmetrical Triangles, (2) Rising Wedges, (3) Falling Wedges, (4) Head and Shoulders Top and (5) Head and Shoulders Bottom.

A decade of plant proteomics and mass spectrometry: translation of technical advancements to food security and safety issues

Tremendous progress in plant proteomics driven by mass spectrometry (MS) techniques has been made since 2000 when few proteomics reports were published and plant proteomics was in its infancy. These achievements include the refinement of existing techniques and the search for new techniques to address food security, safety, and health issues. It is projected that in 2050, the world’s population will reach 9–12 billion people demanding a food production increase of 34–70% (FAO, 2009) from today’s food production. Provision of food in a sustainable and environmentally committed manner for such a demand without threatening natural resources, requires that agricultural production increases significantly and that postharvest handling and food manufacturing systems become more efficient requiring lower energy expenditure, a decrease in postharvest losses, less waste generation and food with longer shelf life. There is also a need to look for alternative protein sources to animal based (i.e., plant based) to be able to fulfill the increase in protein demands by 2050. Thus, plant biology has a critical role to play as a science capable of addressing such challenges. In this review, we discuss proteomics especially MS, as a platform, being utilized in plant biology research for the past 10 years having the potential to expedite the process of understanding plant biology for human benefits. The increasing application of proteomics technologies in food security, analysis, and safety is emphasized in this review. But, we are aware that no unique approach/technology is capable to address the global food issues. Proteomics-generated information/resources must be integrated and correlated with other omics-based approaches, information, and conventional programs to ensure sufficient food and resources for human development now and in the future.