879 resultados para Security of data
Resumo:
File system security is fundamental to the security of UNIX and Linux systems since in these systems almost everything is in the form of a file. To protect the system files and other sensitive user files from unauthorized accesses, certain security schemes are chosen and used by different organizations in their computer systems. A file system security model provides a formal description of a protection system. Each security model is associated with specified security policies which focus on one or more of the security principles: confidentiality, integrity and availability. The security policy is not only about “who” can access an object, but also about “how” a subject can access an object. To enforce the security policies, each access request is checked against the specified policies to decide whether it is allowed or rejected. The current protection schemes in UNIX/Linux systems focus on the access control. Besides the basic access control scheme of the system itself, which includes permission bits, setuid and seteuid mechanism and the root, there are other protection models, such as Capabilities, Domain Type Enforcement (DTE) and Role-Based Access Control (RBAC), supported and used in certain organizations. These models protect the confidentiality of the data directly. The integrity of the data is protected indirectly by only allowing trusted users to operate on the objects. The access control decisions of these models depend on either the identity of the user or the attributes of the process the user can execute, and the attributes of the objects. Adoption of these sophisticated models has been slow; this is likely due to the enormous complexity of specifying controls over a large file system and the need for system administrators to learn a new paradigm for file protection. We propose a new security model: file system firewall. It is an adoption of the familiar network firewall protection model, used to control the data that flows between networked computers, toward file system protection. This model can support decisions of access control based on any system generated attributes about the access requests, e.g., time of day. The access control decisions are not on one entity, such as the account in traditional discretionary access control or the domain name in DTE. In file system firewall, the access decisions are made upon situations on multiple entities. A situation is programmable with predicates on the attributes of subject, object and the system. File system firewall specifies the appropriate actions on these situations. We implemented the prototype of file system firewall on SUSE Linux. Preliminary results of performance tests on the prototype indicate that the runtime overhead is acceptable. We compared file system firewall with TE in SELinux to show that firewall model can accommodate many other access control models. Finally, we show the ease of use of firewall model. When firewall system is restricted to specified part of the system, all the other resources are not affected. This enables a relatively smooth adoption. This fact and that it is a familiar model to system administrators will facilitate adoption and correct use. The user study we conducted on traditional UNIX access control, SELinux and file system firewall confirmed that. The beginner users found it easier to use and faster to learn then traditional UNIX access control scheme and SELinux.
Resumo:
Statistics can be useful when assessing the practical relevance of varying rules and practices on the involuntary loss of nationality across EU member states. Yet while much progress has been made within the EU in recent years with regard to the collection of comparable and reliable information on the acquisition of nationality, statistics on the loss of nationality are hard to find and, where available, difficult to interpret. In this comparative report, the authors explore the landscape of existing statistical data on loss of nationality in the European Union. They identify challenges to the existing methods of data collection and data interpretation and introduce an online statistical database, bringing together all existing statistical data on loss of nationality in the EU. These data are summarised in tables and graphs and discussed with reference to the relevant national and European sources. The authors conclude with recommendations to policy-makers on how to improve data collection in this area.
Resumo:
In its recent Schrems judgment the Luxembourg Court annulled Commission Decision 2000/520 according to which US data protection rules are sufficient to satisfy EU privacy rules regarding EU-US transfers of personal data, otherwise known as the ‘Safe Harbour’ framework. What does this judgment mean and what are its main implications for EU-US data transfers? In this paper the authors find that this landmark judgment sends a strong message to EU and US policy-makers about the need to ensure clear rules governing data transfers, so that people whose personal data is transferred to third countries have sufficient legal guarantees. Without such rules there is legal uncertainty and mistrust. Any future arrangement for the transatlantic transfer of data will therefore need to be firmly anchored in a framework of protection commensurate to the EU Charter of Fundamental Rights and the EU data protection architecture.
Resumo:
Among many other problems, the migration, humanitarian and policy crises in the European Union in 2015 and early 2016 have highlighted a pressing need for reliable, timely and comparable statistical data on migration, asylum and arrivals at national borders. In this fast-moving policy field, data production and the timeliness of dissemination have seen some improvements but the sources of data remain largely unchanged at national level. In this paper the author examines the reasons for some of the problems with the data for policy and for public discussion, and makes a set of recommendations that call for a complete and updated inventory of data sources and for an evaluation of the quality of data used for policy-making.
Resumo:
"Prepared by: Staff Development Unit, Administrative Management Section, Management Coordination Branch, Divison of Accounting Operations."
Resumo:
Security protocols are often modelled at a high level of abstraction, potentially overlooking implementation-dependent vulnerabilities. Here we use the Z specification language's rich set of data structures to formally model potentially ambiguous messages that may be exploited in a 'type flaw' attack. We then show how to formally verify whether or not such an attack is actually possible in a particular protocol using Z's schema calculus.
Resumo:
This paper describes an online survey that was conducted to explore typical Internet users' awareness and knowledge of specific technologies that relate to their security and privacy when using a Web browser to access the Internet. The survey was conducted using an anonymous, online questionnaire. Over a four month period, 237 individuals completed the questionnaire. Respondents were predominately Canadian, with substantial numbers from the United Kingdom and the United States. Important findings include evidence that users have tried to educate themselves regarding their online security and privacy, but with limited success; different interpretations of the term "secure Web site" can lead to very different levels of trust in a site; respondents strongly expressed their skepticism about privacy policies, but nevertheless believe that sites can be trusted to respect their stated policies; and users may confuse browser cookies with other types of data stored locally by browsers, leading to inappropriate conclusions about the risks they present.
Resumo:
This article discusses the challenges of irregular migration for the security of the EU. They are analyzed starting with the European Security Strategy 2003, and the Report on its Implementation, 2008, and notes many failures: The EU Members did not follow the directives adopted in Brussels, the mismanagement of migration and asylum policies, and numerous actions that can be characterized or described as improvised, scattered or irresponsible. The 2016 Global Strategy recognizes these failures and call attention to the European leaders to reconsider how the EU functions and operates, suggesting the need for greater unity and cooperation to achieve a more effective migration policy. However, the article points out that practically all of the sections of the new Strategy dealing with migration were already embodied in previous Strategies, and stress that in parallel with the publication of the 2016 Global Strategy, actions are already undertaken, such as the EU readmission agreements signed with several important third countries of origin.
Resumo:
Cette thèse examine l’interprétation et l’application, par l’Haute Cour d'Israël (HCJ), de principes du droit international de l’occupation et du droit international des droits de la personne dans le traitement de requêtes judiciaires formulées par des justiciables palestiniens. Elle s’intéresse plus particulièrement aux jugements rendus depuis le déclenchement de la deuxième Intifada (2000) suite à des requêtes mettant en cause la légalité des mesures adoptées par les autorités israéliennes au nom d’un besoin prétendu d’accroitre la sécurité des colonies et des colons israéliens dans le territoire occupé de la Cisjordanie. La première question sous étude concerne la mesure dans laquelle la Cour offre un recours effectif aux demandeurs palestiniens face aux violations alléguées de leurs droits internationaux par l’occupant. La recherche fait sienne la position de la HJC selon laquelle le droit de l’occupation est guidé par une logique interne tenant compte de la balance des intérêts en cause, en l’occurrence le besoin de sécurité de l’occupant, d’une part, et les droits fondamentaux de l’occupé, d’autre part. Elle considère, en outre, que cette logique se voit reflétée dans les principes normatifs constituant la base de ce corpus juridique, soit que l’occupation est par sa nature temporaire, que de l’occupation découle un rapport de fiduciaire et, finalement, que l’occupant n’acquiert point de souveraineté sur le territoire. Ainsi, la deuxième question qui est posée est de savoir si l’interprétation du droit par la Cour (HCJ) a eu pour effet de promouvoir ces principes normatifs ou, au contraire, de leur porter préjudice. La réunion de plusieurs facteurs, à savoir la durée prolongée de l’occupation de la Cisjordanie par Israël, la menace accrue à la sécurité depuis 2000 ainsi qu’une politique de colonisation israélienne active, soutenue par l’État, présentent un cas de figure unique pour vérifier l’hypothèse selon laquelle les tribunaux nationaux des États démocratiques, généralement, et ceux jouant le rôle de la plus haute instance judiciaire d’une puissance occupante, spécifiquement, parviennent à assurer la protection des droits et libertés fondamentaux et de la primauté du droit au niveau international. Le premier chapitre présente une étude, à la lumière du premier principe normatif énoncé ci-haut, des jugements rendus par la HCJ dans les dossiers contestant la légalité de la construction du mur à l’intérieur de la Cisjordanie et de la zone dite fermée (Seam Zone), ainsi que des zones de sécurité spéciales entourant les colonies. Le deuxième chapitre analyse, cette fois à la lumière du deuxième principe normatif, des jugements dans les dossiers mettant en cause des restrictions sur les déplacements imposées aux Palestiniens dans le but allégué de protéger la sécurité des colonies et/ou des colons. Le troisième chapitre jette un regard sur les jugements rendus dans les dossiers mettant en cause la légalité du tracé du mur à l’intérieur et sur le pourtour du territoire annexé de Jérusalem-Est. Les conclusions découlant de cette recherche se fondent sur des données tirées d’entrevues menées auprès d’avocats israéliens qui s’adressent régulièrement à la HCJ pour le compte de justiciables palestiniens.
Resumo:
Cette thèse examine l’interprétation et l’application, par l’Haute Cour d'Israël (HCJ), de principes du droit international de l’occupation et du droit international des droits de la personne dans le traitement de requêtes judiciaires formulées par des justiciables palestiniens. Elle s’intéresse plus particulièrement aux jugements rendus depuis le déclenchement de la deuxième Intifada (2000) suite à des requêtes mettant en cause la légalité des mesures adoptées par les autorités israéliennes au nom d’un besoin prétendu d’accroitre la sécurité des colonies et des colons israéliens dans le territoire occupé de la Cisjordanie. La première question sous étude concerne la mesure dans laquelle la Cour offre un recours effectif aux demandeurs palestiniens face aux violations alléguées de leurs droits internationaux par l’occupant. La recherche fait sienne la position de la HJC selon laquelle le droit de l’occupation est guidé par une logique interne tenant compte de la balance des intérêts en cause, en l’occurrence le besoin de sécurité de l’occupant, d’une part, et les droits fondamentaux de l’occupé, d’autre part. Elle considère, en outre, que cette logique se voit reflétée dans les principes normatifs constituant la base de ce corpus juridique, soit que l’occupation est par sa nature temporaire, que de l’occupation découle un rapport de fiduciaire et, finalement, que l’occupant n’acquiert point de souveraineté sur le territoire. Ainsi, la deuxième question qui est posée est de savoir si l’interprétation du droit par la Cour (HCJ) a eu pour effet de promouvoir ces principes normatifs ou, au contraire, de leur porter préjudice. La réunion de plusieurs facteurs, à savoir la durée prolongée de l’occupation de la Cisjordanie par Israël, la menace accrue à la sécurité depuis 2000 ainsi qu’une politique de colonisation israélienne active, soutenue par l’État, présentent un cas de figure unique pour vérifier l’hypothèse selon laquelle les tribunaux nationaux des États démocratiques, généralement, et ceux jouant le rôle de la plus haute instance judiciaire d’une puissance occupante, spécifiquement, parviennent à assurer la protection des droits et libertés fondamentaux et de la primauté du droit au niveau international. Le premier chapitre présente une étude, à la lumière du premier principe normatif énoncé ci-haut, des jugements rendus par la HCJ dans les dossiers contestant la légalité de la construction du mur à l’intérieur de la Cisjordanie et de la zone dite fermée (Seam Zone), ainsi que des zones de sécurité spéciales entourant les colonies. Le deuxième chapitre analyse, cette fois à la lumière du deuxième principe normatif, des jugements dans les dossiers mettant en cause des restrictions sur les déplacements imposées aux Palestiniens dans le but allégué de protéger la sécurité des colonies et/ou des colons. Le troisième chapitre jette un regard sur les jugements rendus dans les dossiers mettant en cause la légalité du tracé du mur à l’intérieur et sur le pourtour du territoire annexé de Jérusalem-Est. Les conclusions découlant de cette recherche se fondent sur des données tirées d’entrevues menées auprès d’avocats israéliens qui s’adressent régulièrement à la HCJ pour le compte de justiciables palestiniens.
Resumo:
In recent years, security of industrial control systems has been the main research focus due to the potential cyber-attacks that can impact the physical operations. As a result of these risks, there has been an urgent need to establish a stronger security protection against these threats. Conventional firewalls with stateful rules can be implemented in the critical cyberinfrastructure environment which might require constant updates. Despite the ongoing effort to maintain the rules, the protection mechanism does not restrict malicious data flows and it poses the greater risk of potential intrusion occurrence. The contributions of this thesis are motivated by the aforementioned issues which include a systematic investigation of attack-related scenarios within a substation network in a reliable sense. The proposed work is two-fold: (i) system architecture evaluation and (ii) construction of attack tree for a substation network. Cyber-system reliability remains one of the important factors in determining the system bottleneck for investment planning and maintenance. It determines the longevity of the system operational period with or without any disruption. First, a complete enumeration of existing implementation is exhaustively identified with existing communication architectures (bidirectional) and new ones with strictly unidirectional. A detailed modeling of the extended 10 system architectures has been evaluated. Next, attack tree modeling for potential substation threats is formulated. This quantifies the potential risks for possible attack scenarios within a network or from the external networks. The analytical models proposed in this thesis can serve as a fundamental development that can be further researched.
Resumo:
Nowadays, information security is a very important topic. In particular, wireless networks are experiencing an ongoing widespread diffusion, also thanks the increasing number of Internet Of Things devices, which generate and transmit a lot of data: protecting wireless communications is of fundamental importance, possibly through an easy but secure method. Physical Layer Security is an umbrella of techniques that leverages the characteristic of the wireless channel to generate security for the transmission. In particular, the Physical Layer based-Key generation aims at allowing two users to generate a random symmetric keys in an autonomous way, hence without the aid of a trusted third entity. Physical Layer based-Key generation relies on observations of the wireless channel, from which harvesting entropy: however, an attacker might possesses a channel simulator, for example a Ray Tracing simulator, to replicate the channel between the legitimate users, in order to guess the secret key and break the security of the communication. This thesis work is focused on the possibility to carry out a so called Ray Tracing attack: the method utilized for the assessment consist of a set of channel measurements, in different channel conditions, that are then compared with the simulated channel from the ray tracing, to compute the mutual information between the measurements and simulations. Furthermore, it is also presented the possibility of using the Ray Tracing as a tool to evaluate the impact of channel parameters (e.g. the bandwidth or the directivity of the antenna) on the Physical Layer based-Key generation. The measurements have been carried out at the Barkhausen Institut gGmbH in Dresden (GE), in the framework of the existing cooperation agreement between BI and the Dept. of Electrical, Electronics and Information Engineering "G. Marconi" (DEI) at the University of Bologna.
Resumo:
Background: High-density tiling arrays and new sequencing technologies are generating rapidly increasing volumes of transcriptome and protein-DNA interaction data. Visualization and exploration of this data is critical to understanding the regulatory logic encoded in the genome by which the cell dynamically affects its physiology and interacts with its environment. Results: The Gaggle Genome Browser is a cross-platform desktop program for interactively visualizing high-throughput data in the context of the genome. Important features include dynamic panning and zooming, keyword search and open interoperability through the Gaggle framework. Users may bookmark locations on the genome with descriptive annotations and share these bookmarks with other users. The program handles large sets of user-generated data using an in-process database and leverages the facilities of SQL and the R environment for importing and manipulating data. A key aspect of the Gaggle Genome Browser is interoperability. By connecting to the Gaggle framework, the genome browser joins a suite of interconnected bioinformatics tools for analysis and visualization with connectivity to major public repositories of sequences, interactions and pathways. To this flexible environment for exploring and combining data, the Gaggle Genome Browser adds the ability to visualize diverse types of data in relation to its coordinates on the genome. Conclusions: Genomic coordinates function as a common key by which disparate biological data types can be related to one another. In the Gaggle Genome Browser, heterogeneous data are joined by their location on the genome to create information-rich visualizations yielding insight into genome organization, transcription and its regulation and, ultimately, a better understanding of the mechanisms that enable the cell to dynamically respond to its environment.
Resumo:
Gauging data are available from numerous streams throughout Australia, and these data provide a basis for historical analysis of geomorphic change in stream channels in response to both natural phenomena and human activities. We present a simple method for analysis of these data, and a briefcase study of an application to channel change in the Tully River, in the humid tropics of north Queensland. The analysis suggests that this channel has narrowed and deepened, rather than aggraded: channel aggradation was expected, given the intensification of land use in the catchment, upstream of the gauging station. Limitations of the method relate to the time periods over which stream gauging occurred; the spatial patterns of stream gauging sites; the quality and consistency of data collection; and the availability of concurrent land-use histories on which to base the interpretation of the channel changes.
Resumo:
This article investigates the researcher's work in the coproduction (or not) of complaint sequences in research interviews. Using a conversation analytic approach, we show how the interviewer's management of complaint sequences in a research setting is consequential for subsequent talk and thus directly affects the data generated. In the examples shown here, researchers sharing cocategorial incumbency with respondents may well provide spaces for research participants to formulate complaints. This article examines sequences of talk surrounding complaints to show how researchers generate complaints (or not) and handle unsafe complaints. Researchers are able to provoke specific types of accounts from respondents, whereas their respondents may actively resist the researchers' direction. For researchers using the interview as a method of data generation, examination of complaint sequences and how these appear in interview data provides insight into how interview talk is coproduced and managed within a socially situated setting.
