Verifying abstract information flow properties in fault tolerant security devices

The verification of information flow properties of security devices is difficult because it involves the analysis of schematic diagrams, artwork, embedded software, etc. In addition, a typical security device has many modes, partial information flow, and needs to be fault tolerant. We propose a new approach to the verification of such devices based upon checking abstract information flow properties expressed as graphs. This approach has been implemented in software, and successfully used to find possible paths of information flow through security devices.

Concentration of the UK stock market

During 1999 and 2000 a large number of articles appeared in the financial press which argued that the concentration of the FTSE 100 had increased. Many of these reports suggested that stock market volatility in the UK had risen, because the concentration of its stock markets had increased. This study undertakes a comprehensive measurement of stock market concentration using the FTSE 100 index. We find that during 1999, 2000 and 2001 stock market concentration was noticeably higher than at any other time since the index was introduced. When we measure the volatility of the FTSE 100 index we do not find an association between concentration and its volatility. When we examine the variances and covariance’s of the FTSE 100 constituents we find that security volatility appears to be positively related to concentration changes but concentration and the size of security covariances appear to be negatively related. We simulate the variance of four versions of the FTSE 100 index; in each version of the index the weighting structure reflects either an equally weighted index, or one with levels of low, intermediate or high concentration. We find that moving from low to high concentration has very little impact on the volatility of the index. To complete the study we estimate the minimum variance portfolio for the FTSE 100, we then compare concentration levels of this index to those formed on the basis of market weighting. We find that realised FTSE index weightings are higher than for the minimum variance index.

The microstructure of the Irish stock market

This is the first paper to examine the microstructure of the Irish Stock Market empirically and is motivated by the adoption, on June 7th of Xetra the modern pan European auction trading system. Prior to this the exchange utilized an antiquated floor based system. This change was an important event for the market as a rich literature exists to suggest that the trading system exerts a strong influence over the behavior of security returns. We apply the ICSS algorithm of Inclan and Tiao (1994) to discover whether the change to the trading system caused a shift in unconditional volatility at the time Xetra was introduced. Because the trading mechanism can influence volatility in a number of ways we also estimate the partial adjustment coefficients of the Amihud and Mendelson (1987) model prior and subsequent to the introduction of Xetra. Although we find no evidence of volatility changes associated with the introduction of Xetra we do find evidence of an increase in the speed of adjustment (JEL: G15).

Conceptual Model and Security Requirements for DRM Techniques Used for e-Learning Objects Protection

This paper deals with the security problems of DRM protected e-learning content. After a short review of the main DRM systems and methods used in e-learning, an examination is made of participators in DRM schemes (e-learning object author, content creator, content publisher, license creator and end user). Then a conceptual model of security related processes of DRM implementation is proposed which is improved afterwards to reflect some particularities in DRM protection of e-learning objects. A methodical way is used to describe the security related motives, responsibilities and goals of the main participators involved in the DRM system. Taken together with the process model, these security properties are used to establish a list of requirements to fulfill and a possibility for formal verification of real DRM systems compliance with these requirements.

Code Access Security in Microsoft’s .NET

This paper introduces basic concepts of code access security, using and implementing security features, as well as types of security syntax and mechanism of checking and requesting specific permissions.

Security in the Mobile World

Report published in the Proceedings of the National Conference on "Education and Research in the Information Society", Plovdiv, May, 2014

The external dimension of the EU’s fight against organized crime:the search for coherence between rhetoric and practice

SSince the external dimension of the European Union’s Justice and Home Affairs (JHA) began to be considered, a substantial amount of literature has been dedicated to discussing how the EU is cooperating with non-member states in order to counter problems such as terrorism, organized crime and illegal migration. According to the EU, the degree of security interconnectedness has become so relevant that threats can only be adequately controlled if there is effective concerted regional action. This reasoning has led the EU to develop a number of instruments, which have resulted in the exporting of certain elements of its JHA policies, either through negotiation or socialization. Although the literature has explored how this transfer has been applied to the field of terrorism and immigration, very little has been written on the externalisation of knowledge, practice and norms in the area of organized crime. This article proposes to bridge this gap by looking at EU practice in the development of the external dimension of organized crime policies, through the theoretical lens of the EU governance framework.

Security specification and enforcement in mediation system

Mediation techniques provide interoperability and support integrated query processing among heterogeneous databases. While such techniques help data sharing among different sources, they increase the risk for data security, such as violating access control rules. Successful protection of information by an effective access control mechanism is a basic requirement for interoperation among heterogeneous data sources. ^ This dissertation first identified the challenges in the mediation system in order to achieve both interoperability and security in the interconnected and collaborative computing environment, which includes: (1) context-awareness, (2) semantic heterogeneity, and (3) multiple security policy specification. Currently few existing approaches address all three security challenges in mediation system. This dissertation provides a modeling and architectural solution to the problem of mediation security that addresses the aforementioned security challenges. A context-aware flexible authorization framework was developed in the dissertation to deal with security challenges faced by mediation system. The authorization framework consists of two major tasks, specifying security policies and enforcing security policies. Firstly, the security policy specification provides a generic and extensible method to model the security policies with respect to the challenges posed by the mediation system. The security policies in this study are specified by 5-tuples followed by a series of authorization constraints, which are identified based on the relationship of the different security components in the mediation system. Two essential features of mediation systems, i. e., relationship among authorization components and interoperability among heterogeneous data sources, are the focus of this investigation. Secondly, this dissertation supports effective access control on mediation systems while providing uniform access for heterogeneous data sources. The dynamic security constraints are handled in the authorization phase instead of the authentication phase, thus the maintenance cost of security specification can be reduced compared with related solutions. ^

A novel neural network based system for assessing risks associated with information technology security breaches

Security remains a top priority for organizations as their information systems continue to be plagued by security breaches. This dissertation developed a unique approach to assess the security risks associated with information systems based on dynamic neural network architecture. The risks that are considered encompass the production computing environment and the client machine environment. The risks are established as metrics that define how susceptible each of the computing environments is to security breaches. ^ The merit of the approach developed in this dissertation is based on the design and implementation of Artificial Neural Networks to assess the risks in the computing and client machine environments. The datasets that were utilized in the implementation and validation of the model were obtained from business organizations using a web survey tool hosted by Microsoft. This site was designed as a host site for anonymous surveys that were devised specifically as part of this dissertation. Microsoft customers can login to the website and submit their responses to the questionnaire. ^ This work asserted that security in information systems is not dependent exclusively on technology but rather on the triumvirate people, process and technology. The questionnaire and consequently the developed neural network architecture accounted for all three key factors that impact information systems security. ^ As part of the study, a methodology on how to develop, train and validate such a predictive model was devised and successfully deployed. This methodology prescribed how to determine the optimal topology, activation function, and associated parameters for this security based scenario. The assessment of the effects of security breaches to the information systems has traditionally been post-mortem whereas this dissertation provided a predictive solution where organizations can determine how susceptible their environments are to security breaches in a proactive way. ^

Performance of FRP-concrete bridges under blast loading

Catastrophic failure from intentional terrorist attacks on surface transportation infrastructure could he detrimental to the society. In order to minimize the vulnerabilities and to ensure a safe transportation system, the issue of security for transportation structures, primarily bridges, which are subjected to man-made hazards is investigated in this study. A procedure for identifying and prioritizing "critical bridges" using a screening and prioritization processes is established. For each of the "critical" bridges, a systematic risk-based assessment approach is proposed that takes into account the combination of threat occurrence likelihood, its consequences, and the socioeconomic importance of the bridge. A series of effective security countermeasures are compiled in the four categories of deterrence, detection, defense and mitigation to help reduce the vulnerability of critical bridges. The concepts of simplified equivalent I-shape cross section and virtual materials are proposed for integration into a nonlinear finite element model, which helps assess the performance of reinforced concrete structures with and without composite retrofit or hardening measures under blast loading. A series of parametric studies are conducted for single column and two-column pier frame systems as well as for an entire bridge. The parameters considered include column height, column type, concrete strength, longitudinal steel reinforcement ratio, thickness, fiber angle and tensile strength of the fiber reinforced polymer (FRP) tube, shape of the cross section, damping ratio and different bomb sizes. The study shows the benefits of hardening with composites against blast loading. The effect of steel reinforcement on blast resistance of the structure is more significant than the effect of concrete compressive strength. Moreover, multiple blasts do not necessarily lead to a more severe destruction than a single detonation at a strategically vulnerable location on the bridges.

Lions and roses: An interpretive history of Israeli-Iranian relations

This multi-disciplinary research project explores the religious and cultural foundations within the "master commemorative narratives" that frame Israeli and Iranian political discourse. In articulating their grievances against one another, Israeli and Iranian leaders express the tensions between religion, nationalism, and modernity in their own societies. The theoretical and methodological approach of this dissertation is constructivist-interpretivist. The concept of "master commemorative narratives" is adapted from Yael Zerubavel's study of ritualized remembrance in Israeli political culture, and applied to both Israeli and Iranian foreign policy. Israel’s master commemorative narrative draws heavily upon the language of the Hebrew Bible, situating foreign policy discourse within a paradigm of covenantal patrimony, exile, and return, despite the unrelenting hostility of eternal enemies and "the nations." Iran’s master commemorative narrative expresses Iranian suspicion of foreign encroachment and interference, and of the internal corruption that they engender, sacralizing resistance to the forces of evil in the figurative language and myths of pre-Islamic tradition and of Shi'a Islam. Using a constructivist-interpretive methodological approach, this research offers a unique interpretive analysis of the parallels between these narratives, where they intersect, and where they come into conflict. It highlights both the broad appeal and the diverse challenges to the components of these "master" narratives within Israeli and Iranian politics and society. The conclusion of this study explains the ways in which the recognition of religious and cultural conflicts through the optic of master commemorative narratives can complement the perspectives of other theoretical approaches and challenge the conventions of Security Studies. It also suggests some of the potential practical applications of this research in devising more effective international diplomacy.

History and evolutionary trajectory of the Iranian nuclear program

What actors and processes at what levels of analysis and through what mechanisms have pushed Iran's nuclear program (INP) towards being designated as a proliferation threat (securitization)? What actors and processes at what levels of analysis and through what mechanisms have pushed Iran's nuclear program away from being designated as an existential threat (de-securitization)? What has been the overall balance of power and interaction dynamics of these opposing forces over the last half-century and what is their most likely future trajectory? ^ Iran's nuclear story can be told as the unfolding of constant interaction between state and non-state forces of "nuclear securitization" and "nuclear de-securitization." Tracking the crisscrossing interaction between these different securitizing and de-securitizing actors in a historical context constitutes the central task of this project. ^ A careful tracing of "security events" on different analytical levels reveals the broad contours of the evolutionary trajectory of INP and its possible future path(s). Out of this theoretically conscious historical narrative, one can make informed observations about the overall thrust of INP along the securitization - de-securitization continuum. ^ The main contributions of this work are three fold: First, it brings a fresh theoretical perspective on Iran's proliferation behavior by utilizing the "securitization" theory tracing the initial indications of the threat designation of INP all the way back to the mid 1970s. Second, it gives a solid and thematically grounded historical texture to INP by providing an intimate engagement with the persons, processes, and events of Tehran's nuclear pursuit over half a century. Third, it demonstrates how INP has interacted with and even at times transformed the NPT as the keystone of the non-proliferation regime, and how it has affected and injected urgency to the international discourse on nuclear proliferation specifically in the Middle East.^

Capabilities of Police and Military Forces in Central America -- A Comparative Analysis of Guatemala, El Salvador, Honduras an d Nicaragua

A difficult transition to a new paradigm of Democratic Security and the subsequent process of military restructuring during the nineties led El Salvador, Honduras, Guatemala and Nicaragua to re-consider their old structures and functions of their armed forces and police agencies. This study compares the institutions in the four countries mentioned above to assess their current condition and response capacity in view of the contemporary security challenges in Central America. This report reveals that the original intention of limiting armies to defend and protect borders has been threatened by the increasing participation of armies in public security. While the strength of armies has been consolidated in terms of numbers, air and naval forces have failed to become strengthened or sufficiently developed to effectively combat organized crime and drug trafficking and are barely able to conduct air and sea operations. Honduras has been the only country that has maintained a proportional distribution of its armed forces. However, security has been in the hands of a Judicial Police, supervised by the Public Ministry. The Honduran Judicial Police has been limited to exercising preventive police duties, prohibited from carrying out criminal investigations. Nicaragua, meanwhile, possesses a successful police force, socially recognized for maintaining satisfactory levels of security surpassing the Guatemalan and El Salvadoran police, which have not achieved similar results despite of having set up a civilian police force separate from the military. El Salvador meanwhile, has excelled in promoting a Police Academy and career professional education, even while not having military attachés in other countries. Regarding budgetary issues, the four countries allocate almost twice the amount of funding on their security budgets in comparison to what is allocated to their defense budgets. However, spending in both areas is low when taking into account each country's GDP as well as their high crime rates. Regional security challenges must be accompanied by a professionalization of the regional armies focused on protecting and defending borders. Therefore, strong institutional frameworks to support the fight against crime and drug trafficking are required. It will require the strengthening of customs, greater control of illicit arms trafficking, investment in education initiatives, creating employment opportunities and facilitating significant improvements in the judicial system, as well as its accessibility to the average citizen.

On Optimizing Compatible Security Policies in Wireless Networks

This paper deals with finding the maximum number of security policies without conflicts. By doing so we can remove security loophole that causes security violation. We present the problem of maximum compatible security policy and its relationship to the problem of maximum acyclic subgraph, which is proved to be NP-hard. Then we present a polynomial-time approximation algorithm and show that our result has approximation ratio for any integer with complexity .

Lions and Roses: An Interpretive History of Israeli-Iranian Relations

This multi-disciplinary research project explores the religious and cultural foundations within the “master commemorative narratives” that frame Israeli and Iranian political discourse. In articulating their grievances against one another, Israeli and Iranian leaders express the tensions between religion, nationalism, and modernity in their own societies. The theoretical and methodological approach of this dissertation is constructivist-interpretivist. The concept of “master commemorative narratives” is adapted from Yael Zerubavel’s study of ritualized remembrance in Israeli political culture, and applied to both Israeli and Iranian foreign policy. Israel’s master commemorative narrative draws heavily upon the language of the Hebrew Bible, situating foreign policy discourse within a paradigm of covenantal patrimony, exile, and return, despite the unrelenting hostility of eternal enemies and “the nations.” Iran’s master commemorative narrative expresses Iranian suspicion of foreign encroachment and interference, and of the internal corruption that they engender, sacralizing resistance to the forces of evil in the figurative language and myths of pre-Islamic tradition and of Shi‘a Islam. Using a constructivist-interpretive methodological approach, this research offers a unique interpretive analysis of the parallels between these narratives, where they intersect, and where they come into conflict. It highlights both the broad appeal and the diverse challenges to the components of these “master” narratives within Israeli and Iranian politics and society. The conclusion of this study explains the ways in which the recognition of religious and cultural conflicts through the optic of master commemorative narratives can complement the perspectives of other theoretical approaches and challenge the conventions of Security Studies. It also suggests some of the potential practical applications of this research in devising more effective international diplomacy.