936 resultados para Consumer Security Concerns
Resumo:
The infrastructure cloud (IaaS) service model offers improved resource flexibility and availability, where tenants - insulated from the minutiae of hardware maintenance - rent computing resources to deploy and operate complex systems. Large-scale services running on IaaS platforms demonstrate the viability of this model; nevertheless, many organizations operating on sensitive data avoid migrating operations to IaaS platforms due to security concerns. In this paper, we describe a framework for data and operation security in IaaS, consisting of protocols for a trusted launch of virtual machines and domain-based storage protection. We continue with an extensive theoretical analysis with proofs about protocol resistance against attacks in the defined threat model. The protocols allow trust to be established by remotely attesting host platform configuration prior to launching guest virtual machines and ensure confidentiality of data in remote storage, with encryption keys maintained outside of the IaaS domain. Presented experimental results demonstrate the validity and efficiency of the proposed protocols. The framework prototype was implemented on a test bed operating a public electronic health record system, showing that the proposed protocols can be integrated into existing cloud environments.
Resumo:
Migration towards Europe has surged over the past few years, overwhelming government authorities at the national and EU levels, and fuelling a xenophobic, nationalist, populist discourse linking migrants to security threats. Despite positive advances in the courts and worthy national initiatives (such as Italy’s Operation Mare Nostrum), the EU’s governance of migration and borders has had disastrous effects on the human rights of migrants. These effects stem from the criminalisation of migrants, which pushes them towards more precarious migration routes, the widespread use of administrative detention and the processing of asylum claims under the Dublin system, and now the EU–Turkey agreement. Yet, this paper finds that with the right political leadership, the EU could adopt different policies in order to develop and implement a human rights-based approach to migration that would seek to reconcile security concerns with the human rights of migrants. Such an approach would enable member states to fully reap the rewards of a stable, cohesive, long-term migration plan that facilitates and governs mobility rather than restricts it at immense cost to the EU, the member states and individual migrants.
Resumo:
The traditional process of filling the medicine trays and dispensing the medicines to the patients in the hospitals is manually done by reading the printed paper medicine chart. This process can be very strenuous and error-prone, given the number of sub-tasks involved in the entire workflow and the dynamic nature of the work environment. Therefore, efforts are being made to digitalise the medication dispensation process by introducing a mobile application called Smart Dosing application. The introduction of the Smart Dosing application into hospital workflow raises security concerns and calls for security requirement analysis. This thesis is written as a part of the smart medication management project at Embedded Systems Laboratory, A° bo Akademi University. The project aims at digitising the medicine dispensation process by integrating information from various health systems, and making them available through the Smart Dosing application. This application is intended to be used on a tablet computer which will be incorporated on the medicine tray. The smart medication management system include the medicine tray, the tablet device, and the medicine cups with the cup holders. Introducing the Smart Dosing application should not interfere with the existing process carried out by the nurses, and it should result in minimum modifications to the tray design and the workflow. The re-designing of the tray would include integrating the device running the application into the tray in a manner that the users find it convenient and make less errors while using it. The main objective of this thesis is to enhance the security of the hospital medicine dispensation process by ensuring the security of the Smart Dosing application at various levels. The methods used for writing this thesis was to analyse how the tray design, and the application user interface design can help prevent errors and what secure technology choices have to be made before starting the development of the next prototype of the Smart Dosing application. The thesis first understands the context of the use of the application, the end-users and their needs, and the errors made in everyday medication dispensation workflow by continuous discussions with the nursing researchers. The thesis then gains insight to the vulnerabilities, threats and risks of using mobile application in hospital medication dispensation process. The resulting list of security requirements was made by analysing the previously built prototype of the Smart Dosing application, continuous interactive discussions with the nursing researchers, and an exhaustive stateof- the-art study on security risks of using mobile applications in hospital context. The thesis also uses Octave Allegro method to make the readers understand the likelihood and impact of threats, and what steps should be taken to prevent or fix them. The security requirements obtained, as a result, are a starting point for the developers of the next iteration of the prototype for the Smart Dosing application.
Resumo:
The traditional process of filling the medicine trays and dispensing the medicines to the patients in the hospitals is manually done by reading the printed paper medicinechart. This process can be very strenuous and error-prone, given the number of sub-tasksinvolved in the entire workflow and the dynamic nature of the work environment.Therefore, efforts are being made to digitalise the medication dispensation process byintroducing a mobile application called Smart Dosing application. The introduction ofthe Smart Dosing application into hospital workflow raises security concerns and callsfor security requirement analysis. This thesis is written as a part of the smart medication management project at EmbeddedSystems Laboratory, A˚bo Akademi University. The project aims at digitising the medicine dispensation process by integrating information from various health systems, and making them available through the Smart Dosing application. This application is intended to be used on a tablet computer which will be incorporated on the medicine tray. The smart medication management system include the medicine tray, the tablet device, and the medicine cups with the cup holders. Introducing the Smart Dosing application should not interfere with the existing process carried out by the nurses, and it should result in minimum modifications to the tray design and the workflow. The re-designing of the tray would include integrating the device running the application into the tray in a manner that the users find it convenient and make less errors while using it. The main objective of this thesis is to enhance the security of the hospital medicine dispensation process by ensuring the security of the Smart Dosing application at various levels. The methods used for writing this thesis was to analyse how the tray design, and the application user interface design can help prevent errors and what secure technology choices have to be made before starting the development of the next prototype of the Smart Dosing application. The thesis first understands the context of the use of the application, the end-users and their needs, and the errors made in everyday medication dispensation workflow by continuous discussions with the nursing researchers. The thesis then gains insight to the vulnerabilities, threats and risks of using mobile application in hospital medication dispensation process. The resulting list of security requirements was made by analysing the previously built prototype of the Smart Dosing application, continuous interactive discussions with the nursing researchers, and an exhaustive state-of-the-art study on security risks of using mobile applications in hospital context. The thesis also uses Octave Allegro method to make the readers understand the likelihood and impact of threats, and what steps should be taken to prevent or fix them. The security requirements obtained, as a result, are a starting point for the developers of the next iteration of the prototype for the Smart Dosing application.
Resumo:
The primary goal of the Vehicular Ad Hoc Network (VANET) is to provide real-time safety-related messages to motorists to enhance road safety. Accessing and disseminating safety-related information through the use of wireless communications technology in VANETs should be secured, as motorists may make critical decisions in dealing with an emergency situation based on the received information. If security concerns are not addressed in developing VANET systems, an adversary can tamper with, or suppress, the unprotected message to mislead motorists to cause traffic accidents and hazards. Current research on secure messaging in VANETs focuses on employing the certificate-based Public Key Infrastructure (PKI) scheme to support message encryption and digital signing. The security overhead of such a scheme, however, creates a transmission delay and introduces a time-consuming verification process to VANET communications. This thesis has proposed a novel public key verification and management approach for VANETs; namely, the Public Key Registry (PKR) regime. Compared to the VANET PKI scheme, this new approach can satisfy necessary security requirements with improved performance and scalability, and at a lower cost by reducing the security overheads of message transmission and eliminating digital certificate deployment and maintenance issues. The proposed PKR regime consists of the required infrastructure components, rules for public key management and verification, and a set of interactions and associated behaviours to meet these rule requirements. This is achieved through a system design as a logic process model with functional specifications. The PKR regime can be used as development guidelines for conforming implementations. An analysis and evaluation of the proposed PKR regime includes security features assessment, analysis of the security overhead of message transmission, transmission latency, processing latency, and scalability of the proposed PKR regime. Compared to certificate-based PKI approaches, the proposed PKR regime can maintain the necessary security requirements, significantly reduce the security overhead by approximately 70%, and improve the performance by 98%. Meanwhile, the result of the scalability evaluation shows that the latency of employing the proposed PKR regime stays much lower at approximately 15 milliseconds, whether operating in a huge or small environment. It is therefore believed that this research will create a new dimension to the provision of secure messaging services in VANETs.
Resumo:
Many current HCI, social networking, ubiquitous computing, and context aware designs, in order for the design to function, have access to, or collect, significant personal information about the user. This raises concerns about privacy and security, in both the research community and main-stream media. From a practical perspective, in the social world, secrecy and security form an ongoing accomplishment rather than something that is set up and left alone. We explore how design can support privacy as practical action, and investigate the notion of collective information-practice of privacy and security concerns of participants of a mobile, social software for ride sharing. This paper contributes an understanding of HCI security and privacy tensions, discovered while “designing in use” using a Reflective, Agile, Iterative Design (RAID) method.
Resumo:
The availability of health information is rapidly increasing; its expansion and proliferation is inevitable. At the same time, breeding of health information silos is an unstoppable and relentless exercise. Information security and privacy concerns are therefore major barriers in the eHealth socio-eco system. We proposed Information Accountability as a measurable human factor that should eliminate and mitigate security concerns. Information accountability measures would be practicable and feasible if legislative requirements are also embedded. In this context, information accountability constitutes a key component for the development of effective information technology requirements for health information system. Our conceptual approach to measuring human factors related to information accountability in eHealth is presented in this paper with some limitations.
Resumo:
Non-traditional maritime security concerns have become more importantthan ever in the post-Cold War era. Naval forces of most developedcountries are more concerned about these threats than conventional war.One of the main maritime security issues for many countries in the world isillegal, unreported and unregulated (IUU) fishing in the marine area. Withthese burgeoning issues comes the potential for a large number of disputesinvolving international law. In early 2002, a long-line fishing vessel under aRussian flag –the Volga, was detained by Australian authorities a few hundred meters outside the Exclusive Economic Zone of Australia’s Heard and McDonald Islands in the Southern Ocean. The vessel was reportedly engaged in illegal fishing. This incident gave birth to litigation in international and Australian courts. Apart from these cases, Russia also announced separate litigation against Australia for violation of Articles 111and 87 of the United Nations Convention on the Law of the Sea (NCLOS).Considering the outcome of these cases, this article critically examines thecharacteristics of litigation as a strategy for pacific settlement of disputesover marine living resources. Using the Volga Case as an example, thisarticle explores some issues related to the judicial settlement of disputes over marine living resources. This article demonstrates that the legal certainty of winning a case may not be the only factor influencing the strategy for settlement of an international dispute.
Resumo:
Cloud computing is a currently developing revolution in information technology that is disturbing the way that individuals and corporate entities operate while enabling new distributed services that have not existed before. At the foundation of cloud computing is the broader concept of converged infrastructure and shared services. Security is often said to be a major concern of users considering migration to cloud computing. This article examines some of these security concerns and surveys recent research efforts in cryptography to provide new technical mechanisms suitable for the new scenarios of cloud computing. We consider techniques such as homomorphic encryption, searchable encryption, proofs of storage, and proofs of location. These techniques allow cloud computing users to benefit from cloud server processing capabilities while keeping their data encrypted; and to check independently the integrity and location of their data. Overall we are interested in how users may be able to maintain and verify their own security without having to rely on the trust of the cloud provider.
Resumo:
Piracy is one of the main maritime security concerns in the contemporary world. The number of piracy incidents is increasing rapidly, which is highly problematic for maritime security. Although international law provides universal jurisdiction for the prosecution of maritime pirates, the actual number of prosecutions is alarmingly low compared to the number of incidents of piracy. Despite many states becoming parties to the relevant international conventions, they are reluctant to establish the necessary legal and institutional frameworks at the national level for the prosecution of pirates. The growing incidences of piracy and the consequential problems associated with prosecuting pirates have created doubts about the adequacy of the current international legal system, which is fully dependent on national courts for the prosecution of pirates. This article examines the possible ways for ensuring the effective prosecution of pirates. Contrary to the different proposals forwarded by researchers in the wake of Somali piracy for the establishment of international judicial institutions for the prosecution of pirates, this article argues that the operationalization of national courts through the proper implementation of relevant international legal instruments within domestic legal systems is the most viable solution. However, this article submits that the operationalization of national courts will not be very successful following the altruistic model of universal adjudicative jurisdiction. A state may enact legislation implementing universal jurisdiction but will not be very interested in prosecuting a pirate in its national court if it has no relation with the piratical incident. Rather, it will be successful if the global community seriously implement the Convention for the Suppression of Unlawful Acts against the Safety of Maritime Navigation (SUA Convention), which obligates the states that have some connection with a piratical incident to prosecute pirates in their national courts.
Resumo:
Unified communications as a service (UCaaS) can be regarded as a cost-effective model for on-demand delivery of unified communications services in the cloud. However, addressing security concerns has been seen as the biggest challenge to the adoption of IT services in the cloud. This study set up a cloud system via VMware suite to emulate hosting unified communications (UC), the integration of two or more real time communication systems, services in the cloud in a laboratory environment. An Internet Protocol Security (IPSec) gateway was also set up to support network-level security for UCaaS against possible security exposures. This study was aimed at analysis of an implementation of UCaaS over IPSec and evaluation of the latency of encrypted UC traffic while protecting that traffic. Our test results show no latency while IPSec is implemented with a G.711 audio codec. However, the performance of the G.722 audio codec with an IPSec implementation affects the overall performance of the UC server. These results give technical advice and guidance to those involved in security controls in UC security on premises as well as in the cloud.
Resumo:
In late 2010, the online nonprofit media organization WikiLeaks published classified documents detailing correspondence between the U.S. State Department and its diplomatic missions around the world, numbering around 250,000 cables. These diplomatic cables contained classified information with comments on world leaders, foreign states, and various international and domestic issues. Negative reactions to the publication of these cables came from both the U.S. political class (which was generally condemnatory of WikiLeaks, invoking national security concerns and the jeopardizing of U.S. interests abroad) and the corporate world, with various companies ceasing to continue to provide services to WikiLeaks despite no legal measure (e.g., a court injunction) forcing them to do so. This article focuses on the legal remedies available to WikiLeaks against this corporate suppression of its speech in the U.S. and Europe since these are the two principle arenas in which the actors concerned are operating. The transatlantic legal protection of free expression will be considered, yet, as will be explained in greater detail, the legal conception of this constitutional and fundamental right comes from a time when the state posed the greater threat to freedom. As a result, it is not generally enforceable against private, non-state entities interfering with speech and expression which is the case here. Other areas of law, namely antitrust/competition, contract and tort will then be examined to determine whether WikiLeaks and its partners can attempt to enforce their right indirectly through these other means. Finally, there will be some concluding thoughts about the implications of the corporate response to the WikiLeaks embassy cables leak for freedom of expression online.
Resumo:
Detection of trace amounts of explosive materials is significantly important for security concerns and pollution control. Four multicomponent metal organic frameworks (MOFs-12, 13, 23, and 123) have been synthesized by employing ligands embedded with fluorescent tags. The multicomponent assembly of the ligands was utilized to acquire a diverse electronic behavior of the MOFs and the fluorescent tags were strategically chosen to enhance the electron density in the MOFs. The phase purity of the MOFs was established by PXRD, NMR spectroscopy, and finally by singlecrystal XRD. Single-crystal structures of the MOFs-12 and 13 showed the formation of three-dimensional porous networks with the aromatic tags projecting inwardly into the pores. These electron-rich MOFs were utilized for detection of ex- plosive nitroaromatic compounds (NACs) through fluorescence quenching with high selectivity and sensitivity. The rate of fluorescence quenching for all the MOFs follows the order of electron deficiency of the NACs. We also showed the detection of picric acid (PA) by luminescent MOFs is not always reliable and can be misleading. This attracts our attention to explore these MOFs for sensing picryl chloride (PC), which is as explosive as picric acid and used widely to prepare more stable explosives like 2,4,6-trinitroaniline from PA. Moreover, the recyclability and sensitivity studies indicated that these MOFs can be reused several times with parts per billion (ppb) levels of sensitivity towards PC and 2,4,6-trinitrotoluene (TNT).
Resumo:
Cloud computing is a technological advancementthat provide resources through internet on pay-as-you-go basis.Cloud computing uses virtualisation technology to enhance theefficiency and effectiveness of its advantages. Virtualisation isthe key to consolidate the computing resources to run multiple instances on each hardware, increasing the utilization rate of every resource, thus reduces the number of resources needed to buy, rack, power, cool, and manage. Cloud computing has very appealing features, however, lots of enterprises and users are still reluctant to move into cloud due to serious security concerns related to virtualisation layer. Thus, it is foremost important to secure the virtual environment.In this paper, we present an elastic framework to secure virtualised environment for trusted cloud computing called Server Virtualisation Security System (SVSS). SVSS provide security solutions located on hyper visor for Virtual Machines by deploying malicious activity detection techniques, network traffic analysis techniques, and system resource utilization analysis techniques.SVSS consists of four modules: Anti-Virus Control Module,Traffic Behavior Monitoring Module, Malicious Activity Detection Module and Virtualisation Security Management Module.A SVSS prototype has been deployed to validate its feasibility,efficiency and accuracy on Xen virtualised environment.
Resumo:
Psychiatry is now subject to two apparently contradictory movements. On the one hand, the need to respect the autonomy and rights of patients is reinforced and coercive measures are strictly defined and limited. On the other hand, security concerns in our society leads to prosecution of psychiatric disorders, especially when accompanied by behavioral problems or criminal acts. In these situations of compulsory treatment or care provided in prisons, a number of dilemmas emerge. The place of the healthcare professional in treatments ordered by the Justice and problems related to administrative detention are discussed in more detail.
