785 resultados para Governance of security
Resumo:
Please see the updated published version of this work at http://eprints.qut.edu.au/37850/ There is a severe tendency in cyberlaw theory to delegitimize state intervention in the governance of virtual communities. Much of the existing theory makes one of two fundamental flawed assumptions: that communities will always be best governed without the intervention of the state; or that the territorial state can best encourage the development of communities by creating enforceable property rights and allowing the market to resolve any disputes. These assumptions do not ascribe sufficient weight to the value-laden support that the territorial state always provides to private governance regimes, the inefficiencies that will tend to limit the development utopian communities, and the continued role of the territorial state in limiting autonomy in accordance with communal values...
Resumo:
Proving security of cryptographic schemes, which normally are short algorithms, has been known to be time-consuming and easy to get wrong. Using computers to analyse their security can help to solve the problem. This thesis focuses on methods of using computers to verify security of such schemes in cryptographic models. The contributions of this thesis to automated security proofs of cryptographic schemes can be divided into two groups: indirect and direct techniques. Regarding indirect ones, we propose a technique to verify the security of public-key-based key exchange protocols. Security of such protocols has been able to be proved automatically using an existing tool, but in a noncryptographic model. We show that under some conditions, security in that non-cryptographic model implies security in a common cryptographic one, the Bellare-Rogaway model [11]. The implication enables one to use that existing tool, which was designed to work with a different type of model, in order to achieve security proofs of public-key-based key exchange protocols in a cryptographic model. For direct techniques, we have two contributions. The first is a tool to verify Diffie-Hellmanbased key exchange protocols. In that work, we design a simple programming language for specifying Diffie-Hellman-based key exchange algorithms. The language has a semantics based on a cryptographic model, the Bellare-Rogaway model [11]. From the semantics, we build a Hoare-style logic which allows us to reason about the security of a key exchange algorithm, specified as a pair of initiator and responder programs. The other contribution to the direct technique line is on automated proofs for computational indistinguishability. Unlike the two other contributions, this one does not treat a fixed class of protocols. We construct a generic formalism which allows one to model the security problem of a variety of classes of cryptographic schemes as the indistinguishability between two pieces of information. We also design and implement an algorithm for solving indistinguishability problems. Compared to the two other works, this one covers significantly more types of schemes, but consequently, it can verify only weaker forms of security.
Resumo:
Background: Quality of work life (QWL) is defined as the extent to which employee is satisfied with personal and working needs through participating in the workplace while achieving the organisation’s goals. QWL has been found to influence the commitment and productivity of employees in healthcare organisations, as well as in other industries. However, reliable information on the QWL of PHC nurses is limited. The purpose of this study was to assess the QWL among PHC nurses in the Jazan region, Saudi Arabia. Methods: A descriptive research design, namely, a cross-sectional survey was used in this study. Data were collected using Brooks’ survey of quality of nursing work life (QNWL) and demographic questions. A convenience sample was recruited from 143 PHC centres in Jazan, Saudi Arabia. The Jazan region is located in the southern part of Saudi Arabia. A response rate of 91% (N = 532/585) was achieved (effective RR = 87%, n = 508). Data analysis consisted of descriptive statistics, t-test and one way-analysis of variance. Total scores and sub-scores for QWL Items and item summary statistics were computed and reported, using SPSS version 17 for Windows. Results: Findings suggested that the respondents were dissatisfied with their work life. The major influencing factors were unsuitable working hours/shifts, lack of facilities for nurses, inability to balance work with family needs, inadequacy of family-leave time, poor staffing, management and supervision practices, lack of professional development opportunities, and inappropriate working environment in terms of the level of security, patient care supplies and equipment, and recreation facilities (Break-area). Other essential factors include the community’s view of nursing and inadequate salary. More positively, the majority of nurses were satisfied with their co-workers, satisfied to be nurses and had a sense of belonging in their workplaces. Significant differences were found according to gender, age, marital status, dependent children, dependent adults, nationality, ethnicity, nursing tenure, organisational tenure, positional tenure, and payment per month. No significant differences were found according to education level and location of PHC. Conclusions: These findings can be used by PHC managers and policy makers for developing and appropriately implementing successful plans to improve the QWL. This will help to enhance the home and work environments, improve individual and organisation performance and increase nurses’ commitment.
Resumo:
Security indicators in web browsers alert users to the presence of a secure connection between their computer and a web server; many studies have shown that such indicators are largely ignored by users in general. In other areas of computer security, research has shown that technical expertise can decrease user susceptibility to attacks. In this work, we examine whether computer or security expertise affects use of web browser security indicators. Our study takes place in the context of web-based single sign-on, in which a user can use credentials from a single identity provider to login to many relying websites; single sign-on is a more complex, and hence more difficult, security task for users. In our study, we used eye trackers and surveyed participants to examine the cues individuals use and those they report using, respectively. Our results show that users with security expertise are more likely to self-report looking at security indicators, and eye-tracking data shows they have longer gaze duration at security indicators than those without security expertise. However, computer expertise alone is not correlated with recorded use of security indicators. In survey questions, neither experts nor novices demonstrate a good understanding of the security consequences of web-based single sign-on.
Resumo:
Collaborative methods are promising tools for solving complex security tasks. In this context, the authors present the security overlay framework CIMD (Collaborative Intrusion and Malware Detection), enabling participants to state objectives and interests for joint intrusion detection and find groups for the exchange of security-related data such as monitoring or detection results accordingly; to these groups the authors refer as detection groups. First, the authors present and discuss a tree-oriented taxonomy for the representation of nodes within the collaboration model. Second, they introduce and evaluate an algorithm for the formation of detection groups. After conducting a vulnerability analysis of the system, the authors demonstrate the validity of CIMD by examining two different scenarios inspired sociology where the collaboration is advantageous compared to the non-collaborative approach. They evaluate the benefit of CIMD by simulation in a novel packet-level simulation environment called NeSSi (Network Security Simulator) and give a probabilistic analysis for the scenarios.
Resumo:
Formation of Reduced Emissions from Deforestation and Degradation (REDD+) policy within the international climate regime has raised a number of discussions about ‘justice’. REDD+ aims to provide an incentive for developing countries to preserve or increase the amount of carbon stored in their forested areas. Governance of REDD+ is multi-layered: at the international level, a guiding framework must be determined; at the national level, strong legal frameworks are a pre-requisite to ensure both public and private investor confidence and at the sub-national level, forest-dependent peoples need to agree to participate as stewards of forest carbon project areas. At the international level the overall objective of REDD+ is yet to be determined, with competing mitigation, biological and justice agendas. Existing international law pertaining to the environment (international environmental principles and law, IEL) and human rights (international human rights law, IHRL) should inform the development of international and national REDD+ policy especially in relation to ensuring the environmental integrity of projects and participation and benefit-sharing rights for forest dependent communities. National laws applicable to REDD+ must accommodate the needs of all stakeholders and articulate boundaries which define their interactions, paying particular attention to ensuring that vulnerable groups are protected. This paper i) examines justice theories and IEL and IHRL to inform our understanding of what ‘justice’ means in the context of REDD+, and ii) applies international law to create a reference tool for policy-makers dealing with the complex sub-debates within this emerging climate policy. We achieve this by: 1) Briefly outlining theories of justice (for example – perspectives offered by anthropogenic and ecocentric approaches, and views from ‘green economics’). 2) Commenting on what ‘climate justice’ means in the context of REDD+. 3) Outlining a selection of IEL and IHRL principles and laws to inform our understanding of ‘justice’ in this policy realm (for example – common but differentiated responsibilities, the precautionary principle, sovereignty and prevention drawn from the principles of IEL, the UNFCCC and CBD as relevant conventions of international environmental law; and UNDRIP and the Declaration on the Right to Development as applicable international human rights instruments) 4) Noting how this informs what ‘justice’ is for different REDD+ stakeholders 5) Considering how current law-making (at both the international and national levels) reflects these principles and rules drawn from international law 6) Presenting how international law can inform policy-making by providing a reference tool of applicable international law and how it could be applied to different issues linked to REDD+. As such, this paper will help scholars and policy-makers to understand how international law can assist us to both conceptualise and embody ‘justice’ within frameworks for REDD+ at both the international and national levels.
Resumo:
Session Initiation Protocol (SIP) is developed to provide advanced voice services over IP networks. SIP unites telephony and data world, permitting telephone calls to be transmitted over Intranets and Internet. Increase in network performance and new mechanisms for guaranteed quality of service encourage this consolidation to provide toll cost savings. Security comes up as one of the most important issues when voice communication and critical voice applications are considered. Not only the security methods provided by traditional telephony systems, but also additional methods are required to overcome security risks introduced by the public IP networks. SIP considers security problems of such a consolidation and provides a security framework. There are several security methods defined within SIP specifications and extensions. But, suggested methods can not solve all the security problems of SIP systems with various system requirements. In this thesis, a Kerberos based solution is proposed for SIP security problems, including SIP authentication and privacy. The proposed solution tries to establish flexible and scalable SIP system that will provide desired level of security for voice communications and critical telephony applications.
Resumo:
While social enterprises have gained increasing policy attention as vehicles for generating innovative responses to complex social and environmental problems, surprisingly little is known about them. In particular, the social innovation produced by social enterprises (Mulgan, Tucker, Ali, & Sander, 2007) has been presumed rather than demonstrated, and remains under-investigated in the literature. While social enterprises are held to be inherently innovative as they seek to response to social needs (Nicholls, 2010), there has been conjecture that the collaborative governance arrangements typical in social enterprises may be conducive to innovation (Lumpkin, Moss, Gras, Kato, & Amezcua, In press), as members and volunteers provide a source of creative ideas and are unfettered in such thinking by responsibility to deliver organisational outcomes (Hendry, 2004). However this is complicated by the sheer array of governance arrangements which exist in social enterprises, which range from flat participatory democratic structures through to hierarchical arrangements. In continental Europe, there has been a stronger focus on democratic participation as a characteristic of Social Enterprises than, for example, the USA. In response to this gap in knowledge, a research project was undertaken to identify the population of social enterprises in Australia. The size, composition and the social innovations initiated by these enterprises has been reported elsewhere (see Barraket, 2010). The purpose of this paper is to undertake a closer examination of innovation in social enterprises – particularly how the collaborative governance of social enterprises might influence innovation. Given the pre-paradigmatic state of social entrepreneurship research (Nicholls, 2010), and the importance of drawing draw on established theories in order to advance theory (Short, Moss, & Lumpkin, 2009), a number of conceptual steps are needed in order to examine how collaborative governance might influence by social enterprises. In this paper, we commence by advancing a definition as to what a social enterprise is. In light of our focus on the potential role of collaborative governance in social innovation amongst social enterprises, we go on to consider the collaborative forms of governance prevalent in the Third Sector. Then, collaborative innovation is explored. Drawing on this information and our research data, we finally consider how collaborative governance might affect innovation amongst social enterprises.
Resumo:
Purpose – This paper aims to provide insights into the moral values embodied by a popular social networking site (SNS), Facebook. Design/methodology/approach – This study is based upon qualitative fieldwork, involving participant observation, conducted over a two-year period. The authors adopt the position that technology as well as humans has a moral character in order to disclose ethical concerns that are not transparent to users of the site. Findings – Much research on the ethics of information systems has focused on the way that people deploy particular technologies, and the consequences arising, with a view to making policy recommendations and ethical interventions. By focusing on technology as a moral actor with reach across and beyond the internet, the authors reveal the complex and diffuse nature of ethical responsibility and the consequent implications for governance of SNS. Research limitations/implications – The authors situate their research in a body of work known as disclosive ethics, and argue for an ongoing process of evaluating SNS to reveal their moral importance. Along with that of other authors in the genre, this work is largely descriptive, but the paper engages with prior research by Brey and Introna to highlight the scope for theory development. Practical implications – Governance measures that require the developers of social networking sites to revise their designs fail to address the diffuse nature of ethical responsibility in this case. Such technologies need to be opened up to scrutiny on a regular basis to increase public awareness of the issues and thereby disclose concerns to a wider audience. The authors suggest that there is value in studying the development and use of these technologies in their infancy, or if established, in the experiences of novice users. Furthermore, flash points in technological trajectories can prove useful sites of investigation. Originality/value – Existing research on social networking sites either fails to address ethical concerns head on or adopts a tool view of the technologies so that the focus is on the ethical behaviour of users. The authors focus upon the agency, and hence the moral character, of technology to show both the possibilities for, and limitations of, ethical interventions in such cases.
Resumo:
Most security models for authenticated key exchange (AKE) do not explicitly model the associated certification system, which includes the certification authority (CA) and its behaviour. However, there are several well-known and realistic attacks on AKE protocols which exploit various forms of malicious key registration and which therefore lie outside the scope of these models. We provide the first systematic analysis of AKE security incorporating certification systems (ASICS). We define a family of security models that, in addition to allowing different sets of standard AKE adversary queries, also permit the adversary to register arbitrary bitstrings as keys. For this model family we prove generic results that enable the design and verification of protocols that achieve security even if some keys have been produced maliciously. Our approach is applicable to a wide range of models and protocols; as a concrete illustration of its power, we apply it to the CMQV protocol in the natural strengthening of the eCK model to the ASICS setting.
Resumo:
Even though web security protocols are designed to make computer communication secure, it is widely known that there is potential for security breakdowns at the human-machine interface. This paper examines findings from a qualitative study investigating the identification of security decisions used on the web. The study was designed to uncover how security is perceived in an individual user's context. Study participants were tertiary qualified individuals, with a focus on HCI designers, security professionals and the general population. The study identifies that security frameworks for the web are inadequate from an interaction perspective, with even tertiary qualified users having a poor or partial understanding of security, of which they themselves are acutely aware. The result is that individuals feel they must protect themselves on the web. The findings contribute a significant mapping of the ways in which individuals reason and act to protect themselves on the web. We use these findings to highlight the need to design for trust at three levels, and the need to ensure that HCI design does not impact on the users' main identified protection mechanism: separation.
Resumo:
Sharing some closely related themes and a common theoretical orientation based on the governmentality analytic, these are nevertheless two very different contributions to criminological knowledge and theory. The first, The Currency of Justice: Fines and Damages in Consumer Societies (COJ), is a sustained and highly original analysis of that most pervasive yet overlooked feature of modern legal orders; their reliance on monetary sanctions. Crime and Risk (CAR), on the other hand, is a short synoptic overview of the many dimensions and trajectories of risk in contemporary debate and practice, both the practices of crime and the governance of crime. It is one of the first in a new series by Sage, 'Compact Criminology', in which authors survey in little more than a hundred pages some current field of debate. With this small gem, Pat O'Malley has set the bar very high for those who follow. For all its brevity, CAR traverses a massive expanse of research, debates and issues, while also opening up new and challenging questions around the politics of risk and the relationship between criminal risk-taking and the governance of risk and crime. The two books draw together various threads of O'Malley's rich body of work on these issues, and once again demonstrate that he is one of the foremost international scholars of risk inside and outside criminology.
Resumo:
Since their introduction, the notions of indistinguishability and non-malleability have been changed and extended by different authors to support different goals. In this paper, we propose new flavors of these notions, investigate their relative strengths with respect to previous notions, and provide the full picture of relationships (i.e., implications and separations) among the security notions for public-key encryption schemes. We take into account the two general security goals of indistinguishability and non-malleability, each in the message space, key space, and hybrid message-key space to find six specific goals, a couple of them, namely complete indistinguishability and key non-malleability, are new. Then for each pair of goals, coming from the indistinguishability or non-malleability classes, we prove either an implication or a separation, completing the full picture of relationships among all these security notions. The implications and separations are respectively supported by formal proofs (i.e., reductions) in the concrete-security framework and by counterexamples.
Resumo:
Healthy governance systems are key to delivering sound environmental management outcomes from global to local scales. There are, however, surprisingly few risk assessment methods that can pinpoint those domains and sub-domains within governance systems that are most likely to influence good environmental outcomes at any particular scale, or those if absent or dysfunctional, most likely to prevent effective environmental management. This paper proposes a new risk assessment method for analysing governance systems. This method is then tested through its preliminary application to a significant real-world context: governance as it relates to the health of Australia's Great Barrier Reef (GBR). The GBR exists at a supra-regional scale along most of the north eastern coast of Australia. Brodie et al (2012 Mar. Pollut. Bull. 65 81-100) have recently reviewed the state and trend of the health of the GBR, finding that overall trends remain of significant concern. At the same time, official international concern over the governance of the reef has recently been signalled globally by the International Union for the Conservation of Nature (IUCN). These environmental and political contexts make the GBR an ideal candidate for use in testing and reviewing the application of improved tools for governance risk assessment. © 2013 IOP Publishing Ltd.
Resumo:
The legal arrangements for the management of water resources are currently a complex matrix of rules of various kinds. These rules perform a diverse range of functions. Some are part of what may be described as the macro-legal system for the governance of water resources. This includes paralegal rules in the form of statements of value, objective, outcome or principles . Others are part of the micro-legal system for the governance of water resources. This includes traditional legal rules in the form of statements of standards in relation to individual conduct, behaviour or decision making. These legal arrangements may be international, regional, national or local. Accordingly some apply to nation states within the international community. Others apply to the regulatory agencies making decisions about water resources within nation states. Ultimately most of these legal arrangements apply to those who use and develop water resources for particular purposes and in particular locations. In accordance with this framework, rules explain how water resources should be used in particular circumstances and how decisions should be made to ensure the effective planning and regulation of water resources.
