The US experience in contracting out security and lessons for other countries

The United States has gone further than any country in the "privatization of security". Other countries may find the economic or financial logic in the use of contractors persuasive. The US experience with contracting out security, particularly in Iraq, was problematic, and can serve as a cautionary tale in order that other countries might learn how to avoid the pitfalls.

Molecular dynamics computer simulation of scratch resistance testing of polymers: visualization

Experimental scratch resistance testing provides two numbers: the penetration depth Rp and the healing depth Rh. In molecular dynamics computer simulations, we create a material consisting of N statistical chain segments by polymerization; a reinforcing phase can be included. Then we simulate the movement of an indenter and response of the segments during X time steps. Each segment at each time step has three Cartesian coordinates of position and three of momentum. We describe methods of visualization of results based on a record of 6NX coordinates. We obtain a continuous dependence on time t of positions of each of the segments on the path of the indenter. Scratch resistance at a given location can be connected to spatial structures of individual polymeric chains.

Criminal Liability of Organizations, Corporations, Legal Persons, and Similar Entities on Law of Portuguese Cybercrime: A Brief Discussion on the Issue of Crimes of “False Information,” the “Damage on Other Programs or Computer Data,” the “Computer-Software Sabotage,” the “Illegitimate Access,” the “Unlawful Interception,” and “Illegitimate Reproduction of the Protected Program”

Abstract: in Portugal, and in much of the legal systems of Europe, «legal persons» are likely to be criminally responsibilities also for cybercrimes. Like for example the following crimes: «false information»; «damage on other programs or computer data»; «computer-software sabotage»; «illegitimate access»; «unlawful interception» and «illegitimate reproduction of protected program». However, in Portugal, have many exceptions. Exceptions to the «question of criminal liability» of «legal persons». Some «legal persons» can not be blamed for cybercrime. The legislature did not leave! These «legal persons» are v.g. the following («public entities»): legal persons under public law, which include the public business entities; entities utilities, regardless of ownership; or other legal persons exercising public powers. In other words, and again as an example, a Portuguese public university or a private concessionaire of a public service in Portugal, can not commit (in Portugal) any one of cybercrime pointed. Fair? Unfair. All laws should provide that all legal persons can commit cybercrimes. PS: resumo do artigo em inglês.

A Methodology for GUI Layer Redefinition Through Virtualization and Computer Vision

Nowadays despite improvements in usability and intuitiveness users have to adapt to the proposed systems to satisfy their needs. For instance, they must learn how to achieve tasks, how to interact with the system, and fulfill system's specifications. This paper proposes an approach to improve this situation enabling graphical user interface redefinition through virtualization and computer vision with the aim of increasing the system's usability. To achieve this goal the approach is based on enriched task models, virtualization and picture-driven computing.

Computer-aided recognition of dental implants in X-ray images

Dental implant recognition in patients without available records is a time-consuming and not straightforward task. The traditional method is a complete user-dependent process, where the expert compares a 2D X-ray image of the dental implant with a generic database. Due to the high number of implants available and the similarity between them, automatic/semi-automatic frameworks to aide implant model detection are essential. In this study, a novel computer-aided framework for dental implant recognition is suggested. The proposed method relies on image processing concepts, namely: (i) a segmentation strategy for semi-automatic implant delineation; and (ii) a machine learning approach for implant model recognition. Although the segmentation technique is the main focus of the current study, preliminary details of the machine learning approach are also reported. Two different scenarios are used to validate the framework: (1) comparison of the semi-automatic contours against implant’s manual contours of 125 X-ray images; and (2) classification of 11 known implants using a large reference database of 601 implants. Regarding experiment 1, 0.97±0.01, 2.24±0.85 pixels and 11.12±6 pixels of dice metric, mean absolute distance and Hausdorff distance were obtained, respectively. In experiment 2, 91% of the implants were successfully recognized while reducing the reference database to 5% of its original size. Overall, the segmentation technique achieved accurate implant contours. Although the preliminary classification results prove the concept of the current work, more features and an extended database should be used in a future work.

Chagas' disease and social security: a case-control study in an urban area, Goiás, Brazil

One hundred and twenty subjects with Chagas' cardiopathy and 120 non-infected subjects were randomly selected from first time claimants of sickness benefits in the National Institute of Social Security (INPS) in Goiás. Cases of Chagas' cardiopathy were defined based on serological test, history of residence in an endemic area and, clinical and/or electrocardiogram (ECG) alterations suggestive of Chagas' cardiomyopathy. Controls were defined as subjects with at least two negative serological tests. Case and controls were compared in the analysis for age, sex, place of birth, migration history, socio-economic level, occupation, physical exertion at work, age at affiliation and years of contribution to the social security scheme, clinical course of their disease and ECG abnormalities. Chagas' disease patients were younger than other subjects and predominantly of rural origin. Non-infected subjects presented a better socio-economic level, were performing more skilled activities and had less changes of job than cases. No important difference was observed in relation to age at affiliation to INPS. About 60% of cases have claimed for benefits within the first four years of contribution while among controls this proportion was 38.5%. Cases were involved, proportionally more than controls, in "heavy" activities. A risk of 2.3 (95%CL 1.5 - 4.6) and 1.8 (95%CL 1.2- 3.5) was obtained comparing respectively "heavy" and "moderate" physical activity against "light". A relative risk of 8.5 (95%CL 4.9 - 14.8) associated with the presence of cardiopathy was estimated comparing the initial sample of seropositive subjects and controls. A high relative risk was observed in relation to right bundle branch block (RR = 37.1 95%CL = 8.8 - 155.6) and left anterior hemiblock (RR = 4.4, 95%CL = 2.1 - 9.1).

Biblioteca para a realização de security token services

A família de especificações WS-* define um modelo de segurança para web services, baseado nos conceitos de claim, security token e Security Token Service (STS). Neste modelo, a informação de segurança dos originadores de mensagens (identidade, privilégios, etc.) é representada através de conjuntos de claims, contidos dentro de security tokens. A emissão e obtenção destes security tokens, por parte dos originadores de mensagens, são realizadas através de protocolos legados ou através de serviços especiais, designados de Security Token Services, usando as operações e os protocolos definidos na especificação WS-Trust. O conceito de Security Token Service não é usado apenas no contexto dos web services. Propostas como o modelo dos Information Cards, aplicável no contexto de aplicações web, também utilizam este conceito. Os Security Token Services desempenham vários papéis, dependendo da informação presente no token emitido. São exemplos o papel de Identity Provider, quando os tokens emitidos contêm informação de identidade, ou o papel de Policy Decision Point, quando os tokens emitidos definem autorizações. Este documento descreve o projecto duma biblioteca software para a realização de Security Token Services, tal como definidos na norma WS-Trust, destinada à plataforma .NET 3.5. Propõem-se uma arquitectura flexível e extensível, de forma a suportar novas versões das normas e as diversas variantes que os Security Token Services possuem, nomeadamente: o tipo dos security token emitidos e das claims neles contidas, a inferência das claims e os métodos de autenticação das entidades requerentes. Apresentam-se aspectos de implementação desta arquitectura, nomeadamente a integração com a plataforma WCF, a sua extensibilidade e o suporte a modelos e sistemas externos à norma. Finalmente, descrevem-se as plataformas de teste implementadas para a validação da biblioteca realizada e os módulos de extensão da biblioteca para: suporte do modelo associado aos Information Cards, do modelo OpenID e para a integração com o Authorization Manager.

Concepção e implementação de um website de uma associação sindical

Dissertação apresentada ao Instituto Superior de Contabilidade para a obtenção do Grau de Mestre em Assessoria de Administração

Intelligent supervisory control system for home devices using a cyber physical approach

Although we have many electric devices at home, there are just few systems to evaluate, monitor and control them. Sometimes users go out and leave their electric devices turned on what can cause energy wasting and dangerous situations. Therefore most of the users may want to know the using states of their electrical appliances through their mobile devices in a pervasive way. In this paper, we propose an Intelligent Supervisory Control System to evaluate, monitor and control the use of electric devices in home, from outside. Because of the transferring data to evaluate, monitor and control user's location and state of home (ex. nobody at home) may be opened to attacks leading to dangerous situations. In our model we include a location privacy module and encryption module to provide security to user location and data. Intelligent Supervising Control System gives to the user the ability to manage electricity loads by means of a multi-agent system involving evaluation, monitoring, control and energy resource agents.

Coordination between mid-term maintenance outage decisions and short-term security-constrained scheduling in smart distribution systems

Distribution systems are the first volunteers experiencing the benefits of smart grids. The smart grid concept impacts the internal legislation and standards in grid-connected and isolated distribution systems. Demand side management, the main feature of smart grids, acquires clear meaning in low voltage distribution systems. In these networks, various coordination procedures are required between domestic, commercial and industrial consumers, producers and the system operator. Obviously, the technical basis for bidirectional communication is the prerequisite of developing such a coordination procedure. The main coordination is required when the operator tries to dispatch the producers according to their own preferences without neglecting its inherent responsibility. Maintenance decisions are first determined by generating companies, and then the operator has to check and probably modify them for final approval. In this paper the generation scheduling from the viewpoint of a distribution system operator (DSO) is formulated. The traditional task of the DSO is securing network reliability and quality. The effectiveness of the proposed method is assessed by applying it to a 6-bus and 9-bus distribution system.

Contexts-management strategy in considering the security in urban computing based on urban design

Urban Computing (UrC) provides users with the situation-proper information by considering context of users, devices, and social and physical environment in urban life. With social network services, UrC makes it possible for people with common interests to organize a virtual-society through exchange of context information among them. In these cases, people and personal devices are vulnerable to fake and misleading context information which is transferred from unauthorized and unauthenticated servers by attackers. So called smart devices which run automatically on some context events are more vulnerable if they are not prepared for attacks. In this paper, we illustrate some UrC service scenarios, and show important context information, possible threats, protection method, and secure context management for people.

Gestão e monitorização de uma rede departamental: um caso de estudo

Mestrado em Engenharia Electrotécnica e de Computadores