Insider threats: the major challenge to security risk management

Security risk management is by definition, a subjective and complex exercise and it takes time to perform properly. Human resources are fundamental assets for any organization, and as any other asset, they have inherent vulnerabilities that need to be handled, i.e. managed and assessed. However, the nature that characterize the human behavior and the organizational environment where they develop their work turn these task extremely difficult, hard to accomplish and prone to errors. Assuming security as a cost, organizations are usually focused on the efficiency of the security mechanisms implemented that enable them to protect against external attacks, disregarding the insider risks, which are much more difficult to assess. All these demands an interdisciplinary approach in order to combine technical solutions with psychology approaches in order to understand the organizational staff and detect any changes in their behaviors and characteristics. This paper intends to discuss some methodological challenges to evaluate the insider threats and its impacts, and integrate them in a security risk framework, that was defined according to the security standard ISO/IEC_JTC1, to support the security risk management process.

Design of a case-based reasoner for information security in military organizations

Information security is concerned with the protection of information, which can be stored, processed or transmitted within critical information systems of the organizations, against loss of confidentiality, integrity or availability. Protection measures to prevent these problems result through the implementation of controls at several dimensions: technical, administrative or physical. A vital objective for military organizations is to ensure superiority in contexts of information warfare and competitive intelligence. Therefore, the problem of information security in military organizations has been a topic of intensive work at both national and transnational levels, and extensive conceptual and standardization work is being produced. A current effort is therefore to develop automated decision support systems to assist military decision makers, at different levels in the command chain, to provide suitable control measures that can effectively deal with potential attacks and, at the same time, prevent, detect and contain vulnerabilities targeted at their information systems. The concept and processes of the Case-Based Reasoning (CBR) methodology outstandingly resembles classical military processes and doctrine, in particular the analysis of “lessons learned” and definition of “modes of action”. Therefore, the present paper addresses the modeling and design of a CBR system with two key objectives: to support an effective response in context of information security for military organizations; to allow for scenario planning and analysis for training and auditing processes.

Um modelo de confiança para o ambiente de computação em nuvem

Este artigo apresenta uma proposta de um modelo de gestão contendo requisitos relacionados com a confiabilidade dos sistemas no ambiente de Computação em Nuvem (CN). A proposta teve como base uma revisão da literatura sobre os problemas, desafios e estudos que estão em curso relacionados com a segurança e confiabilidade de aplicações e Sistemas de Informações (SI) neste ambiente tecnológico. Nesta revisão bibliográfica são abordados os entraves e desafios atualmente existentes na visão de conceituados autores sobre o tema. Estas questões foram abordadas e estruturadas na forma de um modelo, denominado de “Modelo de Confiança para o ambiente de Computação em Nuvem”. Trata-se de uma proposta proativa que tem por objetivo organizar e discutir soluções de gestão para o ambiente de CN com uma maior confiabilidade para a operacionalização das aplicações de SI, tanto por parte dos provedores como também dos seus clientes.

Dependable decentralized storage management for cloud computing

The MAP-i Doctoral Program of the Universities of Minho, Aveiro and Porto.

A soft computing approach to kidney diseases evaluation

Kidney renal failure means that one’s kidney have unexpectedly stopped functioning, i.e., once chronic disease is exposed, the presence or degree of kidney dysfunction and its progression must be assessed, and the underlying syndrome has to be diagnosed. Although the patient’s history and physical examination may denote good practice, some key information has to be obtained from valuation of the glomerular filtration rate, and the analysis of serum biomarkers. Indeed, chronic kidney sickness depicts anomalous kidney function and/or its makeup, i.e., there is evidence that treatment may avoid or delay its progression, either by reducing and prevent the development of some associated complications, namely hypertension, obesity, diabetes mellitus, and cardiovascular complications. Acute kidney injury appears abruptly, with a rapid deterioration of the renal function, but is often reversible if it is recognized early and treated promptly. In both situations, i.e., acute kidney injury and chronic kidney disease, an early intervention can significantly improve the prognosis.The assessment of these pathologies is therefore mandatory, although it is hard to do it with traditional methodologies and existing tools for problem solving. Hence, in this work, we will focus on the development of a hybrid decision support system, in terms of its knowledge representation and reasoning procedures based on Logic Programming, that will allow one to consider incomplete, unknown, and even contradictory information, complemented with an approach to computing centered on Artificial Neural Networks, in order to weigh the Degree-of-Confidence that one has on such a happening. The present study involved 558 patients with an age average of 51.7 years and the chronic kidney disease was observed in 175 cases. The dataset comprise twenty four variables, grouped into five main categories. The proposed model showed a good performance in the diagnosis of chronic kidney disease, since the sensitivity and the specificity exhibited values range between 93.1 and 94.9 and 91.9–94.2 %, respectively.

Immersiveness of ubiquitous computing environments prototypes: A case study

The development of ubiquitous computing (ubicomp) environments raises several challenges in terms of their evaluation. Ubicomp virtual reality prototyping tools enable users to experience the system to be developed and are of great help to face those challenges, as they support developers in assessing the consequences of a design decision in the early phases of development. Given the situated nature of ubicomp environments, a particular issue to consider is the level of realism provided by the prototypes. This work presents a case study where two ubicomp prototypes, featuring different levels of immersion (desktop-based versus CAVE-based), were developed and compared. The goal was to determine the cost/benefits relation of both solutions, which provided better user experience results, and whether or not simpler solutions provide the same user experience results as more elaborate one.

ADSNARK: Nearly practical and privacy-preserving proofs on authenticated data

We study the problem of privacy-preserving proofs on authenticated data, where a party receives data from a trusted source and is requested to prove computations over the data to third parties in a correct and private way, i.e., the third party learns no information on the data but is still assured that the claimed proof is valid. Our work particularly focuses on the challenging requirement that the third party should be able to verify the validity with respect to the specific data authenticated by the source — even without having access to that source. This problem is motivated by various scenarios emerging from several application areas such as wearable computing, smart metering, or general business-to-business interactions. Furthermore, these applications also demand any meaningful solution to satisfy additional properties related to usability and scalability. In this paper, we formalize the above three-party model, discuss concrete application scenarios, and then we design, build, and evaluate ADSNARK, a nearly practical system for proving arbitrary computations over authenticated data in a privacy-preserving manner. ADSNARK improves significantly over state-of-the-art solutions for this model. For instance, compared to corresponding solutions based on Pinocchio (Oakland’13), ADSNARK achieves up to 25× improvement in proof-computation time and a 20× reduction in prover storage space.

China and India’s Maritime Geostrategies:: Implications for International Maritime Security and Scenarios for 2030

Dissertação de Mestrado em Estratégia

Filososofía y Ciencia Computacional: Aspectos epistemológicos, ontológicos y metodológicos. Philosophy and Computing Sciencs: Epistemological, Ontological and Methodological Aspects.

Uno de los temas centrales del proyecto concierne la naturaleza de la ciencia de la computación. La reciente aparición de esta disciplina sumada a su origen híbrido como ciencia formal y disciplina tecnológica hace que su caracterización aún no esté completa y menos aún acordada entre los científicos del área. En el trabajo Three paradigms of Computer Science de A. Eden, se presentan tres posiciones admitidamente exageradas acerca de como entender tanto el objeto de estudio (ontología) como los métodos de trabajo (metodología) y la estructura de la teoría y las justificaciones del conocimiento informático (epistemología): La llamada racionalista, la cual se basa en la idea de que los programas son fórmulas lógicas y que la forma de trabajo es deductiva, la tecnocrática que presenta a la ciencia computacional como una disciplina ingenieril y la ahi llamada científica, la cual asimilaría a la computación a las ciencias empíricas. Algunos de los problemas de ciencia de la computación están relacionados con cuestiones de filosofía de la matemática, en particular la relación entre las entidades abstractas y el mundo. Sin embargo, el carácter prescriptivo de los axiomas y teoremas de las teorías de la programación puede permitir interpretaciones alternativas y cuestionaría fuertemente la posibilidad de pensar a la ciencia de la computación como una ciencia empírica, al menos en el sentido tradicional. Por otro lado, es posible que el tipo de análisis aplicado a las ciencias de la computación propuesto en este proyecto aporte nuevas ideas para pensar problemas de filosofía de la matemática. Un ejemplo de estos posibles aportes puede verse en el trabajo de Arkoudas Computers, Justi?cation, and Mathematical Knowledge el cual echa nueva luz al problema del significado de las demostraciones matemáticas.Los objetivos del proyecto son: Caracterizar el campo de las ciencias de la computación.Evaluar los fundamentos ontológicos, epistemológicos y metodológicos de la ciencia de la computación actual.Analizar las relaciones entre las diferentes perspectivas heurísticas y epistémicas y las practicas de la programación.

Análisis crítico de la formación y capacitación del profesional de la seguridad en la Provincia de Córdoba en los últimos diez años. A critical analysis of the formation and training of the professional in the area of security in the province of Córdoba in the last 10 years.

El problema que abordaremos es la transformación y la toma de decisiones en los procesos de formación y capacitación de las instituciones de seguridad, específicamente, los motivos y fundamentos de los cambios en los planes de estudios, en relación a los contenidos curriculares de los institutos de formación de los profesionales en seguridad. Esto sobre la hipótesis de que las organizaciones educativas policiales y penitenciarias han llevado a cabo transformaciones en su organización y gestión curricular para adecuarse a las nuevas demandas sociales y políticas. El objetivo del presente proyecto es analizar críticamente los contenidos curriculares de los institutos de formación y capacitación de la Policía y Servicio Penitenciario de la Provincia de Córdoba. Abordaremos el análisis de los planes de dichas instituciones en los últimos 10 años, sus modificaciones y criterios utilizados para responder a los nuevos escenarios sociales. Se hará una exploración de la información y la documentación existente en los ámbitos oficiales. Asimismo, la investigación contará con la realización de entrevistas y encuestas a directivos, docentes, alumnos y demás actores claves, con la finalidad de recabar la opinión de los mismos respecto de las transformaciones en la educación policial y penitenciaria. A partir del proyecto de investigación se pretende construir conocimiento acerca de las políticas educativas en el área de seguridad especialmente sobre la formación y capacitación de recursos profesionales específicos, dentro del ámbito local. De tal modo, se pretende aportar elementos teóricos de análisis al modo en que se han instituido la oferta educativa y las transformaciones en los planes de estudios en las instituciones de formación profesional de la seguridad y cómo éstos han sido implementados a la luz de los nuevos escenarios políticos y sociales. Esto nos permitirá aportar al incipiente campo de los estudios sobre la seguridad, específicamente sobre la formación de los profesionales en seguridad, poniendo a diposición de los responsables gubernamentales e institucionales un estudio que explora y sistematiza las transformaciones y fundamentos de la politica de educación en el campo de la seguridad provincial. Este desarrollo investigativo nos permitirá inagurar la actividad de producción de conocimiento dentro del ámbito académico de la Licenciatura en Seguridad de la Universidad Nacional de Villa María a través del presente proyecto que describirá el proceso de formación y capacitación policial y penitenciaria y los cambios que con el transcurso del tiempo se han verificado.

Georgia: National Security Concept Versus National Security

საქართველოს ეროვნული უსაფრთხოების კონცეფციის განახლებული ვერსიის გამოჩენა შესაძლებლობას იძლევა საიმისოდ, რომ გადავხედოთ საქართველოს ოფიციალურ შეხედულებას უსაფრთხოების შესახებ და შევაფასოთ ქვეყნის დამოკიდებულება საშინაო თუ საგარეო უსაფრთხოების გარემოსადმი;სტატია, პირველ რიგში, განიხილავს საქართველოს ეროვნული უსაფრთხოების დაგეგმვის გარემოებებს. შემდეგ ჩამოთვლილია კონცეფიციის პოზიტიური ასპექტები. ანალიზის ძირითადი ნაწილი მოიცავს ხუთ პრობლემატურ საკითხს. პირველი არის შიდა არასტაბილურობის შესაძლებლობა, რომლის შესახებ კონცეფციაში არაფერია ნათქვამი. მეორე საკითხი ეხება გლობალიზაციისა და ურთიერთდამოკიდებულების უსაფრთხოების ასპექტებს. მესამე საკითხი მოიცავს სამხრეთ კავკასიის რეგიონში არსებულ საფრთხეებს, კერძოდ კი, მთიანი ყარაბახის კონფლიქტს და არასტაბილურ მდგომარეობას ჩრდილოეთ კავკასიაში. მეოთხე საკითხი არის რუსეთისგან მომავალი საფრთხე. ბოლოს, განხილულია საქართველოს დასავლური ორიენტაცია.

monitoring-based approach to object-oriented real-time computing

Monitoring, object-orientation, real-time, execution-time, scheduling

Context modelling for IT security in selected application scenarios

Magdeburg, Univ., Fak. für Informatik, Diss., 2015

Security prices and market transparency: the role of prior information

This paper analyzes the role of traders' priors (proper versus improper) on the implications of market transparency by comparing a pre-trade transparent market with an opaque market in a set-up based on Madhavan (1996). We show that prices may be more informative in the opaque market, regardless of how priors are modelled. In contrast, the comparison of market liquidity and volatility in the two market structures are affected by prior specification. Key words: Market microstructure, Transparency, Prior information