Security in the Mobile World

Report published in the Proceedings of the National Conference on "Education and Research in the Information Society", Plovdiv, May, 2014

The external dimension of the EU’s fight against organized crime:the search for coherence between rhetoric and practice

SSince the external dimension of the European Union’s Justice and Home Affairs (JHA) began to be considered, a substantial amount of literature has been dedicated to discussing how the EU is cooperating with non-member states in order to counter problems such as terrorism, organized crime and illegal migration. According to the EU, the degree of security interconnectedness has become so relevant that threats can only be adequately controlled if there is effective concerted regional action. This reasoning has led the EU to develop a number of instruments, which have resulted in the exporting of certain elements of its JHA policies, either through negotiation or socialization. Although the literature has explored how this transfer has been applied to the field of terrorism and immigration, very little has been written on the externalisation of knowledge, practice and norms in the area of organized crime. This article proposes to bridge this gap by looking at EU practice in the development of the external dimension of organized crime policies, through the theoretical lens of the EU governance framework.

Security specification and enforcement in mediation system

Mediation techniques provide interoperability and support integrated query processing among heterogeneous databases. While such techniques help data sharing among different sources, they increase the risk for data security, such as violating access control rules. Successful protection of information by an effective access control mechanism is a basic requirement for interoperation among heterogeneous data sources. ^ This dissertation first identified the challenges in the mediation system in order to achieve both interoperability and security in the interconnected and collaborative computing environment, which includes: (1) context-awareness, (2) semantic heterogeneity, and (3) multiple security policy specification. Currently few existing approaches address all three security challenges in mediation system. This dissertation provides a modeling and architectural solution to the problem of mediation security that addresses the aforementioned security challenges. A context-aware flexible authorization framework was developed in the dissertation to deal with security challenges faced by mediation system. The authorization framework consists of two major tasks, specifying security policies and enforcing security policies. Firstly, the security policy specification provides a generic and extensible method to model the security policies with respect to the challenges posed by the mediation system. The security policies in this study are specified by 5-tuples followed by a series of authorization constraints, which are identified based on the relationship of the different security components in the mediation system. Two essential features of mediation systems, i. e., relationship among authorization components and interoperability among heterogeneous data sources, are the focus of this investigation. Secondly, this dissertation supports effective access control on mediation systems while providing uniform access for heterogeneous data sources. The dynamic security constraints are handled in the authorization phase instead of the authentication phase, thus the maintenance cost of security specification can be reduced compared with related solutions. ^

A novel neural network based system for assessing risks associated with information technology security breaches

Security remains a top priority for organizations as their information systems continue to be plagued by security breaches. This dissertation developed a unique approach to assess the security risks associated with information systems based on dynamic neural network architecture. The risks that are considered encompass the production computing environment and the client machine environment. The risks are established as metrics that define how susceptible each of the computing environments is to security breaches. ^ The merit of the approach developed in this dissertation is based on the design and implementation of Artificial Neural Networks to assess the risks in the computing and client machine environments. The datasets that were utilized in the implementation and validation of the model were obtained from business organizations using a web survey tool hosted by Microsoft. This site was designed as a host site for anonymous surveys that were devised specifically as part of this dissertation. Microsoft customers can login to the website and submit their responses to the questionnaire. ^ This work asserted that security in information systems is not dependent exclusively on technology but rather on the triumvirate people, process and technology. The questionnaire and consequently the developed neural network architecture accounted for all three key factors that impact information systems security. ^ As part of the study, a methodology on how to develop, train and validate such a predictive model was devised and successfully deployed. This methodology prescribed how to determine the optimal topology, activation function, and associated parameters for this security based scenario. The assessment of the effects of security breaches to the information systems has traditionally been post-mortem whereas this dissertation provided a predictive solution where organizations can determine how susceptible their environments are to security breaches in a proactive way. ^

Performance of FRP-concrete bridges under blast loading

Catastrophic failure from intentional terrorist attacks on surface transportation infrastructure could he detrimental to the society. In order to minimize the vulnerabilities and to ensure a safe transportation system, the issue of security for transportation structures, primarily bridges, which are subjected to man-made hazards is investigated in this study. A procedure for identifying and prioritizing "critical bridges" using a screening and prioritization processes is established. For each of the "critical" bridges, a systematic risk-based assessment approach is proposed that takes into account the combination of threat occurrence likelihood, its consequences, and the socioeconomic importance of the bridge. A series of effective security countermeasures are compiled in the four categories of deterrence, detection, defense and mitigation to help reduce the vulnerability of critical bridges. The concepts of simplified equivalent I-shape cross section and virtual materials are proposed for integration into a nonlinear finite element model, which helps assess the performance of reinforced concrete structures with and without composite retrofit or hardening measures under blast loading. A series of parametric studies are conducted for single column and two-column pier frame systems as well as for an entire bridge. The parameters considered include column height, column type, concrete strength, longitudinal steel reinforcement ratio, thickness, fiber angle and tensile strength of the fiber reinforced polymer (FRP) tube, shape of the cross section, damping ratio and different bomb sizes. The study shows the benefits of hardening with composites against blast loading. The effect of steel reinforcement on blast resistance of the structure is more significant than the effect of concrete compressive strength. Moreover, multiple blasts do not necessarily lead to a more severe destruction than a single detonation at a strategically vulnerable location on the bridges.

Capabilities of Police and Military Forces in Central America -- A Comparative Analysis of Guatemala, El Salvador, Honduras an d Nicaragua

A difficult transition to a new paradigm of Democratic Security and the subsequent process of military restructuring during the nineties led El Salvador, Honduras, Guatemala and Nicaragua to re-consider their old structures and functions of their armed forces and police agencies. This study compares the institutions in the four countries mentioned above to assess their current condition and response capacity in view of the contemporary security challenges in Central America. This report reveals that the original intention of limiting armies to defend and protect borders has been threatened by the increasing participation of armies in public security. While the strength of armies has been consolidated in terms of numbers, air and naval forces have failed to become strengthened or sufficiently developed to effectively combat organized crime and drug trafficking and are barely able to conduct air and sea operations. Honduras has been the only country that has maintained a proportional distribution of its armed forces. However, security has been in the hands of a Judicial Police, supervised by the Public Ministry. The Honduran Judicial Police has been limited to exercising preventive police duties, prohibited from carrying out criminal investigations. Nicaragua, meanwhile, possesses a successful police force, socially recognized for maintaining satisfactory levels of security surpassing the Guatemalan and El Salvadoran police, which have not achieved similar results despite of having set up a civilian police force separate from the military. El Salvador meanwhile, has excelled in promoting a Police Academy and career professional education, even while not having military attachés in other countries. Regarding budgetary issues, the four countries allocate almost twice the amount of funding on their security budgets in comparison to what is allocated to their defense budgets. However, spending in both areas is low when taking into account each country's GDP as well as their high crime rates. Regional security challenges must be accompanied by a professionalization of the regional armies focused on protecting and defending borders. Therefore, strong institutional frameworks to support the fight against crime and drug trafficking are required. It will require the strengthening of customs, greater control of illicit arms trafficking, investment in education initiatives, creating employment opportunities and facilitating significant improvements in the judicial system, as well as its accessibility to the average citizen.

On Optimizing Compatible Security Policies in Wireless Networks

This paper deals with finding the maximum number of security policies without conflicts. By doing so we can remove security loophole that causes security violation. We present the problem of maximum compatible security policy and its relationship to the problem of maximum acyclic subgraph, which is proved to be NP-hard. Then we present a polynomial-time approximation algorithm and show that our result has approximation ratio for any integer with complexity .

Media diversity as a guarantee to cultural diversity: the promotion of identities from an international law approach

This article deals with several international instruments which provide legal guarantees for media diversity, which is essential for the promotion of cultural diversity. Based on several articles of the Convention of cultural diversity, the General Comment of the Committee on Economic, Social and Cultural Rights No. 21 on the right to take part in cultural life, as well as the work of the UN Independent Expert on Cultural Rights, this article aims to identify legal tools for the establishing of measures promoting cultural diversity in the media. This article looks at the case study of Honduran Garifuna community radios. It emphasizes the importance of taking into account the economic aspects of cultural and communicational rights.

La idea de una autoridad política mundial. Consideraciones críticas a la luz de las exigencias de la realidad política

A partir de los fundamentos del orden político-jurídico y de las aporías señaladas por la teoría del Estado y de las relaciones internacionales contemporáneas, buscando sustraerse a todo dogmatismo ideológico, el trabajo discute los argumentos axiales que han servido para sustentar la idea de un poder político mundial y señala los principales defectos de legitimidad que es dable descubrir en tal idea —sin detenerse en una propuesta particular de entre las varias y significativas que han surgido a lo largo de los últimos siglos en sede teológica, filosófica, política y jurídica—.

Effective network security monitoring: from attribution to target-centric monitoring

Network security monitoring remains a challenge. As global networks scale up, in terms of traffic, volume and speed, effective attribution of cyber attacks is increasingly difficult. The problem is compounded by a combination of other factors, including the architecture of the Internet, multi-stage attacks and increasing volumes of nonproductive traffic. This paper proposes to shift the focus of security monitoring from the source to the target. Simply put, resources devoted to detection and attribution should be redeployed to efficiently monitor for targeting and prevention of attacks. The effort of detection should aim to determine whether a node is under attack, and if so, effectively prevent the attack. This paper contributes by systematically reviewing the structural, operational and legal reasons underlying this argument, and presents empirical evidence to support a shift away from attribution to favour of a target-centric monitoring approach. A carefully deployed set of experiments are presented and a detailed analysis of the results is achieved.

Applying the security-development nexus on the ground: Land restitution in Colombia

The general consensus on the security-development nexus is that both are key to achieving sustainable peace in war-torn societies. However, this debate has largely taken place among international actors, with little empirical evidence about how security and development relate to each other or are even considered by local actors. The current paper applies the security-development nexus to the case of land restitution in Colombia. Following decades of internal armed conflict, in 2012 the national government passed sweeping land restitution legislation amid on-going violence. Through in-depth interviews and focus groups with multiple actors involved in this process, ranging from international organizations to national government units, from regional institutions to local communities, the paper analyses the objectives, impact, challenges and opportunities for land restitution related to security and development. Undermining peacebuilding, a lack of coherence in the integration of security and development priorities limits the extent to which either supports, or is promoted by, land restitution efforts in Colombia. The paper concludes with reflections on how the security-development nexus may promote peacebuilding amid on-going conflict.

Shadow policing: the boundaries of community-based ‘policing’ in Northern Ireland

The intention of this article is to provide a structural and operational analysis of policing beyond the police in Northern Ireland. While the polity enjoys low levels of ‘officially’ recorded crime as part of its post-conflict status, little empirical analysis exists as to the epistemological roots of security production outside that of the Police Service of Northern Ireland. The empirical evidence presented seeks to establish that beyond more prominent analyses related to paramilitary ‘policing’, the country is in fact replete with a substantial reservoir of legitimate civil society policing – the collective mass of which contributes to policing, community safety and quality of life issues. While such non-state policing at the level of locale was recognised by the Independent Commission for Policing, structured understandings have rarely permeated governmental or academic discourse beyond anecdotal contentions. Thus, the present argument provides an empirical assessment of the complex, non-state policing landscape beyond the formal state apparatus; examines definitions and structures of such community-based policing activities; and explores issues related to co-opting this non-state security ‘otherness’ into more formal relations with the state.

Paramilitary punishments in Belfast: policing beneath the peace

As an enduring legacy of the conflict, paramilitary policing remains an unpalatable but indisputable fact within Belfast's working-class, Republican communities. Historically, while much attention has been devoted to the causes and consequences of paramilitarism along with the terrorist threat posed by such organizations, little attention has been paid to the influence upon, or relations between, such nonstate policing actors, the communities in which they exist and the delivery of policing by the Police Service of Northern Ireland. While local and international literature surrounding paramilitary violence has tended towards political axiom or physical impact of such activity, the current paper presents an empirical study of the relations between communities and Republican paramilitary organizations who seek to exploit a perceived dearth of state-based policing at the community level within Belfast. Framing the ontology of paramilitary policing and its support from a community, rather than political or security perspective, the paper argues that continuing grass-roots support for this ‘new’ paramilitary policing within Republican communities of Belfast is more complex and nuanced than the political antecedents of the conflict from which such activity emerged – especially in terms of such support surviving successive political negotiations and police reforms since the ‘Good Friday’ Agreement of 1998.

Militant Bodies: Policing Race, Religion, and Violence in the U.S. Sikh Diaspora

Thesis (Ph.D.)--University of Washington, 2016-07

A Framework for Security Transparency in Cloud Computing

Individuals and corporate users are persistently considering cloud adoption due to its significant benefits compared to traditional computing environments. The data and applications in the cloud are stored in an environment that is separated, managed and maintained externally to the organisation. Therefore, it is essential for cloud providers to demonstrate and implement adequate security practices to protect the data and processes put under their stewardship. Security transparency in the cloud is likely to become the core theme that underpins the systematic disclosure of security designs and practices that enhance customer confidence in using cloud service and deployment models. In this paper, we present a framework that enables a detailed analysis of security transparency for cloud based systems. In particular, we consider security transparency from three different levels of abstraction, i.e., conceptual, organisation and technical levels, and identify the relevant concepts within these levels. This allows us to provide an elaboration of the essential concepts at the core of transparency and analyse the means for implementing them from a technical perspective. Finally, an example from a real world migration context is given to provide a solid discussion on the applicability of the proposed framework.