Enhancing Security of Linux OS against Administrators

Inside cyber security threats by system administrators are some of the main concerns of organizations about the security of systems. Since operating systems are controlled and managed by fully trusted administrators, they can negligently or intentionally break the information security and privacy of users and threaten the system integrity. In this thesis, we propose some solutions for enhancing the security of Linux OS by restricting administrators’ access to superuser’s privileges while they can still manage the system. We designed and implemented an interface for administrators in Linux OS called Linux Admins’ User Interface (LAUI) for managing the system in secure ways. LAUI along with other security programs in Linux like sudo protect confidentiality and integrity of users’ data and provide a more secure system against administrators’ mismanagement. In our model, we limit administrators to perform managing tasks in secure manners and also make administrators accountable for their acts. In this thesis we present some scenarios for compromising users’ data and breaking system integrity by system administrators in Linux OS. Then we evaluate how our solutions and methods can secure the system against these administrators’ mismanagement.

Finland's security in a changing Europe : a historical perspective

Finnish Defence Studies is published under the auspices of the National Defence College, and the contributions reflect the fields of research and teaching of the College. Finnish Defence Studies will occasionally feature documentation on Finnish Security Policy. Views expressed are those of the authors and do not necessarily imply endorsement by the National Defence College.

La convergence de la sécurité informatique et de la protection des renseignements personnels : vers une nouvelle approche juridique

"Mémoire présenté à la Faculté des études supérieures en vue de l'obtention du grade de maîtrise en droit (LL.M.) option Nouvelles technologies de l'information"

La convergence de la sécurité informatique et la protection des données à caractère personnel : vers une nouvelle approche juridique

Le développement exponentiel des réseaux informatiques a largement contribué à augmenter le volume des renseignements personnels disponibles et à remplacer les méthodes désuètes de collecte des renseignements par des méthodes plus rapides et plus efficaces. La vie privée et le contrôle sur les informations personnelles, tels que nous les connaissions il y a quelques décennies, sont des notions difficilement compatibles avec la société ouverte et commerciale comme la nôtre. Face à cette nouvelle réalité menaçante pour les droits et libertés de l’homme, il est essentiel de donner un cadre technique et légal stable qui garantisse une protection adéquate de ces données personnelles. Pour rester dans le marché ou bénéficier de la confiance des individus, les entreprises et les gouvernements doivent posséder une infrastructure de sécurité efficace. Cette nouvelle donne a tendance à devenir plus qu’une règle de compétitivité, elle se transforme en une authentique obligation légale de protéger les données à caractère personnel par des mesures de sécurité adéquates et suffisantes. Ce mémoire aborde justement ces deux points, soit l’étude du développement d’une obligation légale de sécurité et l’encadrement juridique de la mise en place d’un programme de sécurisation des données personnelles par des mesures de sécurités qui respectent les standards minimaux imposés par les textes législatifs nationaux et internationaux.

Data Security in Fault Tolerant Hard Real Time Systems- Use of Time Dependant Multiple Random Cipher Code

The present research problem is to study the existing encryption methods and to develop a new technique which is performance wise superior to other existing techniques and at the same time can be very well incorporated in the communication channels of Fault Tolerant Hard Real time systems along with existing Error Checking / Error Correcting codes, so that the intention of eaves dropping can be defeated. There are many encryption methods available now. Each method has got it's own merits and demerits. Similarly, many crypt analysis techniques which adversaries use are also available.

Los conceptos de salud financiera, riesgo y epidemiología en los estados financieros de las compañías del sector de extracción de petróleo crudo y gas natural en Colombia

El presente proyecto tiene como objeto identificar cuáles son los conceptos de salud, enfermedad, epidemiología y riesgo aplicables a las empresas del sector de extracción de petróleo y gas natural en Colombia. Dado, el bajo nivel de predicción de los análisis financieros tradicionales y su insuficiencia, en términos de inversión y toma de decisiones a largo plazo, además de no considerar variables como el riesgo y las expectativas de futuro, surge la necesidad de abordar diferentes perspectivas y modelos integradores. Esta apreciación es pertinente dentro del sector de extracción de petróleo y gas natural, debido a la creciente inversión extranjera que ha reportado, US$2.862 millones en el 2010, cifra mayor a diez veces su valor en el año 2003. Así pues, se podrían desarrollar modelos multi-dimensional, con base en los conceptos de salud financiera, epidemiológicos y estadísticos. El termino de salud y su adopción en el sector empresarial, resulta útil y mantiene una coherencia conceptual, evidenciando una presencia de diferentes subsistemas o factores interactuantes e interconectados. Es necesario mencionar también, que un modelo multidimensional (multi-stage) debe tener en cuenta el riesgo y el análisis epidemiológico ha demostrado ser útil al momento de determinarlo e integrarlo en el sistema junto a otros conceptos, como la razón de riesgo y riesgo relativo. Esto se analizará mediante un estudio teórico-conceptual, que complementa un estudio previo, para contribuir al proyecto de finanzas corporativas de la línea de investigación en Gerencia.

Análisis de la Política Exterior Rusa en materia energética, comercial y militar hacia la República de Moldavia (Período 2000-2010)

Rusia sufrió grandes cambios tras la desintegración de la URSS en 1991. No obstante, con la llegada de Vladimir Putin al poder, los intereses geoestratégicos de Rusia sobre el espacio postsoviético revivieron con nuevo ímpetu debido a una mayor cantidad de recursos a disposición del Estado. La República de Moldavia es un claro ejemplo del resurgir de la política exterior rusa hacia el espacio postsoviético, siendo incluso, una región clave en la lucha de la Federación Rusa por recuperar su zona de influencia.

Surveillance and data retention in Poland

The object of analysis in the present text is the issue of operational control and data retention in Poland. The analysis of this issue follows from a critical stance taken by NGOs and state institutions on the scope of operational control wielded by the Polish police and special services – it concerns, in particular, the employment of “itemized phone bills and the so-called phone tapping.” Besides the quantitative analysis of operational control and the scope of data retention, the text features the conclusions of the Human Rights Defender referred to the Constitutional Tribunal in 2011. It must be noted that the main problems concerned with the employment of operational control and data retention are caused by: (1) a lack of specification of technical means which can be used by individual services; (2) a lack of specification of what kind of information and evidence is in question; (3) an open catalogue of information and evidence which can be clandestinely acquired in an operational mode. Furthermore, with regard to the access granted to teleinformation data by the Telecommunications Act, attention should be drawn to a wide array of data submitted to particular services. Also, the text draws on the so-called open interviews conducted mainly with former police officers with a view to pointing to some non-formal reasons for “phone tapping” in Poland. This comes in the form of a summary.

New ICT sectors: platforms for European growth? Bruegel Policy Contribution 2012/14, August 2012

Europe's failure to specialise in new ICT sectors and firms is likely to hold back Europe’s post-crisis recovery. Europe lacks in particular leading platform providers, who are capturing most of the value in the new ICT ecosystem. • In-depth analysis of some specific new emerging ICT sectors shows that the problem in Europe appears not to be so much in the generation of new ideas, but rather in bringing ideas successfully to market. Among the barriers are the lack of a single digital market, fragmented intellectual property regimes, lack of an entrepreneurial culture, limited access to risk capital and an absence of ICT clusters. • The EU policy framework, particularly the Innovation Union and Digital Agenda EU 2020 Flagships, could better leverage the growth power for Europe of new ICT markets. The emphasis should move beyond providing support for infrastructure and research, to funding programmes for pre-commercial projects. But perhaps most important is dealing with the fragmentation in European digital markets.

Beyond retrenchment over Iran: can the EU offer a framework for regional security? CEPS Commentary, 3 September 2012

A new and far-reaching round of sanctions imposed recently on Iran by the EU is starting to hurt the country, its economy and its citizens. Yet Iran’s leadership seems deaf to demands for international weapons inspectors to be allowed unhindered access to its nuclear enrichment facilities. With a regime that is not likely to sway to international and domestic pressure, and in view of the shifting strategic landscape in the Middle East, the question is whether the twin-track approach of sanctions and diplomacy should be kept up, or whether it should make way for an alternative set of policies that could preserve the fragile stability in the wider Middle East and turn a vicious circle into a virtuous one. In this new Commentary, CEPS Senior Research Fellow Steven Blockmans argues that the High Representative of the EU for Foreign Affairs and Security Policy, supported by the European External Action Service, is in a good position to offer a negotiated way out of this seemingly intractable situation.

The UK-Canada Agreement on mutual support of missions abroad: loyalty compromised? CEPS Commentary, 18 October 2012

The UK and Canada recently signed a Memorandum of Understanding aimed at allowing the two countries to optimise their respective diplomatic resources by sharing embassy and consulate sites, the joint acquisition, supply and use of services, as well as collaboration on crisis response, consular services, security, diplomatic mail, information management and IT. This CEPS Commentary argues that the MoU on Mutual Support of Missions Abroad runs counter to the spirit of loyal cooperation, in particular in the realm of EU foreign policy. It also raises challenges to coherence, consistency and effectiveness of EU action in policy areas concerning visas, trade and consular protection. Moreover, the agreement may throw a spanner in the works of EU solidarity and the creation of a stronger EU identity, both internally and externally

The European Union-an expanding security community? EU Diplomacy Paper 06/2012, August 2012

This paper investigates why and how the geographical scope of the security community centered around the European Union (EU) is expanding. It starts from the assumption that the EU itself is a ‘tightly-coupled mature pluralistic security community’. The analysis of the expansion of this peaceful area is based on the theoretical framework first designed by Karl Deutsch and later developed by Emmanuel Adler and Michael Barnett. Contrary to the logic of the adage ‘si vis pacem para bellum’, I argue that the security community is expanding because the EU’s own origins and self-perception are driven by an ambition to create lasting peace. The key mechanisms I explore are the EU’s enlargement and neighborhood policies, which are best understood when analyzed against the concept of concentric circles: the regional EU-centered security community is a multi-speed security community, stronger at its core and weaker as it spreads towards its margins.

Orde Wingate and the Special Night Squads: A Feasible Policy for Counter-Terrorism?

This article analyses the counter-terrorist operations carried out by Captain (later Major General) Orde Wingate in Palestine in 1938, and considers whether these might inform current operations. Wingate's Special Night Squads were formed from British soldiers and Jewish police specifically to counter terrorist and sabotage attacks. Their approach escalated from interdicting terrorist gangs to pre-emptive attacks on suspected terrorist sanctuaries to reprisal attacks after terrorist atrocities. They continued the British practice of using irregular units in counter-insurgency, which was sustained into the postwar era and contributed to the evolution of British Special Forces. Wingate's methods proved effective in pacifying terrorist-infested areas and could be applied again, but only in the face of 'friction' arising from changes in cultural attitudes since the 1930s, and from the political-strategic context of post-2001 counter-insurgent and counter-terrorist operations. In some cases, however, public opinion might not preclude the use of some of Wingate's techniques.

An analysis of security and privacy issues relating to RFID enabled ePassports

The European Union sees the introduction of the ePassport as a step towards rendering passports more secure against forgery while facilitating more reliable border controls. In this paper we take an interdisciplinary approach to the key security and privacy issues arising from the use of ePassports. We further anallyse how European data protection legislation must be respected and what additional security measures must be integrated in order to safeguard the privacy of the EU ePassport holder.

Policy interventions to promote healthy eating: a review of what works, what does not and what is promising

Unhealthy diets can lead to various diseases, which in turn can translate into a bigger burden for the state in the form of health services and lost production. Obesity alone has enormous costs and claims thousands of lives every year. Although diet quality in the European Union has improved across countries, it still falls well short of conformity with the World Health Organization dietary guidelines. In this review, we classify types of policy interventions addressing healthy eating and identify through a literature review what specific policy interventions are better suited to improve diets. Policy interventions are classified into two broad categories: information measures and measures targeting the market environment. Using this classification, we summarize a number of previous systematic reviews, academic papers, and institutional reports and draw some conclusions about their effectiveness. Of the information measures, policy interventions aimed at reducing or banning unhealthy food advertisements generally have had a weak positive effect on improving diets, while public information campaigns have been successful in raising awareness of unhealthy eating but have failed to translate the message into action. Nutritional labeling allows for informed choice. However, informed choice is not necessarily healthier; knowing or being able to read and interpret nutritional labeling on food purchased does not necessarily result in consumption of healthier foods. Interventions targeting the market environment, such as fiscal measures and nutrient, food, and diet standards, are rarer and generally more effective, though more intrusive. Overall, we conclude that measures to support informed choice have a mixed and limited record of success. On the other hand, measures to target the market environment are more intrusive but may be more effective.