701 resultados para Political of security
Resumo:
Intrusion detection is a critical component of security information systems. The intrusion detection process attempts to detect malicious attacks by examining various data collected during processes on the protected system. This paper examines the anomaly-based intrusion detection based on sequences of system calls. The point is to construct a model that describes normal or acceptable system activity using the classification trees approach. The created database is utilized as a basis for distinguishing the intrusive activity from the legal one using string metric algorithms. The major results of the implemented simulation experiments are presented and discussed as well.
Resumo:
With automotive plants being closed in Australia and western Europe, this article reflects on the employment status of ex-MG Rover (MGR) workers following the closure of the Longbridge plant in 2005. In particular, it draws on Standing's typology of labour market insecurity and uses a mixed-methods approach including an analysis of a longitudinal survey of some 200 ex-MGR workers, and in-depth interviews with ex-workers and policy-makers. While the policy response to the closure saw significant successes in terms of the great majority of workers successfully adjusting into re-employment, and with positive findings in terms of re-training and education, the paper finds significant challenges in terms of security of employment, income, job quality and representation at work years after closure. In particular, the paper posits that the general lack of attention to employment security at the macrolevel effectively undermined elements of a positive policy response over the longer run. This in turn suggests longer-term policy measures are required to address aspects of precariousness at work.
Resumo:
Access control (AC) is a necessary defense against a large variety of security attacks on the resources of distributed enterprise applications. However, to be effective, AC in some application domains has to be fine-grain, support the use of application-specific factors in authorization decisions, as well as consistently and reliably enforce organization-wide authorization policies across enterprise applications. Because the existing middleware technologies do not provide a complete solution, application developers resort to embedding AC functionality in application systems. This coupling of AC functionality with application logic causes significant problems including tremendously difficult, costly and error prone development, integration, and overall ownership of application software. The way AC for application systems is engineered needs to be changed. ^ In this dissertation, we propose an architectural approach for engineering AC mechanisms to address the above problems. First, we develop a framework for implementing the role-based access control (RBAC) model using AC mechanisms provided by CORBA Security. For those application domains where the granularity of CORBA controls and the expressiveness of RBAC model suffice, our framework addresses the stated problem. ^ In the second and main part of our approach, we propose an architecture for an authorization service, RAD, to address the problem of controlling access to distributed application resources, when the granularity and support for complex policies by middleware AC mechanisms are inadequate. Applying this architecture, we developed a CORBA-based application authorization service (CAAS). Using CAAS, we studied the main properties of the architecture and showed how they can be substantiated by employing CORBA and Java technologies. Our approach enables a wide-ranging solution for controlling the resources of distributed enterprise applications. ^
Resumo:
Modern software systems are often large and complicated. To better understand, develop, and manage large software systems, researchers have studied software architectures that provide the top level overall structural design of software systems for the last decade. One major research focus on software architectures is formal architecture description languages, but most existing research focuses primarily on the descriptive capability and puts less emphasis on software architecture design methods and formal analysis techniques, which are necessary to develop correct software architecture design. ^ Refinement is a general approach of adding details to a software design. A formal refinement method can further ensure certain design properties. This dissertation proposes refinement methods, including a set of formal refinement patterns and complementary verification techniques, for software architecture design using Software Architecture Model (SAM), which was developed at Florida International University. First, a general guideline for software architecture design in SAM is proposed. Second, specification construction through property-preserving refinement patterns is discussed. The refinement patterns are categorized into connector refinement, component refinement and high-level Petri nets refinement. These three levels of refinement patterns are applicable to overall system interaction, architectural components, and underlying formal language, respectively. Third, verification after modeling as a complementary technique to specification refinement is discussed. Two formal verification tools, the Stanford Temporal Prover (STeP) and the Simple Promela Interpreter (SPIN), are adopted into SAM to develop the initial models. Fourth, formalization and refinement of security issues are studied. A method for security enforcement in SAM is proposed. The Role-Based Access Control model is formalized using predicate transition nets and Z notation. The patterns of enforcing access control and auditing are proposed. Finally, modeling and refining a life insurance system is used to demonstrate how to apply the refinement patterns for software architecture design using SAM and how to integrate the access control model. ^ The results of this dissertation demonstrate that a refinement method is an effective way to develop a high assurance system. The method developed in this dissertation extends existing work on modeling software architectures using SAM and makes SAM a more usable and valuable formal tool for software architecture design. ^
Resumo:
A Mediation System utilizes a central security mediator that is primarily concerned with securing the internal structure of the Mediation System. The current problem is that clients are unable to have authority and administrative rights over the security of their data during a transaction. In addition, this Mediation System is unsuited in presenting a metric that measures the level of confidence of security access rights. This creates a black-box perspective from the client towards the Mediation System and also gives no assurance to these clients that they have assigned the proper security access rights that reflect the current environment of the mediation system. This dissertation presents a Collaborative Information System (CIS) that uses an agent based approach to encapsulate collaborative information and security policies within the Mediation System which are under the control of the clients of the Mediation System. In conjunction with the CIS's Stochastic Security Framework it is possible to take a probabilistic approach in modeling the security access rights of a collaboration transaction. The research results showed that it is feasible to construct a Mediation System utilizing agents and stochastic equations to establish an environment where the client has authority and administrative control in assigning security access rights to their collaborative data that can establish a metric that measures the level of confidence of these assigned rights.
Resumo:
Two key solutions to reduce the greenhouse gas emissions and increase the overall energy efficiency are to maximize the utilization of renewable energy resources (RERs) to generate energy for load consumption and to shift to low or zero emission plug-in electric vehicles (PEVs) for transportation. The present U.S. aging and overburdened power grid infrastructure is under a tremendous pressure to handle the issues involved in penetration of RERS and PEVs. The future power grid should be designed with for the effective utilization of distributed RERs and distributed generations to intelligently respond to varying customer demand including PEVs with high level of security, stability and reliability. This dissertation develops and verifies such a hybrid AC-DC power system. The system will operate in a distributed manner incorporating multiple components in both AC and DC styles and work in both grid-connected and islanding modes. The verification was performed on a laboratory-based hybrid AC-DC power system testbed as hardware/software platform. In this system, RERs emulators together with their maximum power point tracking technology and power electronics converters were designed to test different energy harvesting algorithms. The Energy storage devices including lithium-ion batteries and ultra-capacitors were used to optimize the performance of the hybrid power system. A lithium-ion battery smart energy management system with thermal and state of charge self-balancing was proposed to protect the energy storage system. A grid connected DC PEVs parking garage emulator, with five lithium-ion batteries was also designed with the smart charging functions that can emulate the future vehicle-to-grid (V2G), vehicle-to-vehicle (V2V) and vehicle-to-house (V2H) services. This includes grid voltage and frequency regulations, spinning reserves, micro grid islanding detection and energy resource support. The results show successful integration of the developed techniques for control and energy management of future hybrid AC-DC power systems with high penetration of RERs and PEVs.
Resumo:
Access control (AC) is a necessary defense against a large variety of security attacks on the resources of distributed enterprise applications. However, to be effective, AC in some application domains has to be fine-grain, support the use of application-specific factors in authorization decisions, as well as consistently and reliably enforce organization-wide authorization policies across enterprise applications. Because the existing middleware technologies do not provide a complete solution, application developers resort to embedding AC functionality in application systems. This coupling of AC functionality with application logic causes significant problems including tremendously difficult, costly and error prone development, integration, and overall ownership of application software. The way AC for application systems is engineered needs to be changed. In this dissertation, we propose an architectural approach for engineering AC mechanisms to address the above problems. First, we develop a framework for implementing the role-based access control (RBAC) model using AC mechanisms provided by CORBA Security. For those application domains where the granularity of CORBA controls and the expressiveness of RBAC model suffice, our framework addresses the stated problem. In the second and main part of our approach, we propose an architecture for an authorization service, RAD, to address the problem of controlling access to distributed application resources, when the granularity and support for complex policies by middleware AC mechanisms are inadequate. Applying this architecture, we developed a CORBA-based application authorization service (CAAS). Using CAAS, we studied the main properties of the architecture and showed how they can be substantiated by employing CORBA and Java technologies. Our approach enables a wide-ranging solution for controlling the resources of distributed enterprise applications.
Resumo:
There are authentication models which use passwords, keys, personal identifiers (cards, tags etc) to authenticate a particular user in the authentication/identification process. However, there are other systems that can use biometric data, such as signature, fingerprint, voice, etc., to authenticate an individual in a system. In another hand, the storage of biometric can bring some risks such as consistency and protection problems for these data. According to this problem, it is necessary to protect these biometric databases to ensure the integrity and reliability of the system. In this case, there are models for security/authentication biometric identification, for example, models and Fuzzy Vault and Fuzzy Commitment systems. Currently, these models are mostly used in the cases for protection of biometric data, but they have fragile elements in the protection process. Therefore, increasing the level of security of these methods through changes in the structure, or even by inserting new layers of protection is one of the goals of this thesis. In other words, this work proposes the simultaneous use of encryption (Encryption Algorithm Papilio) with protection models templates (Fuzzy Vault and Fuzzy Commitment) in identification systems based on biometric. The objective of this work is to improve two aspects in Biometric systems: safety and accuracy. Furthermore, it is necessary to maintain a reasonable level of efficiency of this data through the use of more elaborate classification structures, known as committees. Therefore, we intend to propose a model of a safer biometric identification systems for identification.
Resumo:
The human being is understood as an integral being, complex, which has multiple dimensions: social, biological, psychological, anthropological, spiritual and others. As its biological dimension, the man presents the possibility of physical illness, which means that the body requires care. The sick away from humans in health and safety conditions, approaching them directly from the finitude and vulnerability condition, leading us to contact the major uncertainties of life: suffering of disease and death. Religiosity and spirituality are important coping strategy for human when faced with borderline situations. When people turn to religion to cope with stress is the religious and spiritual coping. The objective of this research was to evaluate the relationship between the views on death and the religious-spiritual coping in patients with chronic diseases hospitalized. The study included ten patients hospitalized for chronic disease complications Medical Clinic Unit of a public hospital in the city of Uberlândia/MG. two psychological scales were used: Scale Religious-Spiritual Coping Brief (CRE-Brief Scale) and Scale Brief Diverse Perspectives of Death and a structured interview (audiogravada) on the subject of death and religious and spiritual coping. The results indicated that 80% of the sample (N = 8) consisted of patients hospitalized due to chronic diseases, while 20% accounted for patients with AIDS complications. Analyzing the results of scale CRE-Brief, it emphasizes the use of strategies of religious and spiritual coping by participants as compared to CRE Total, all study participants had average or high scores for this index, with a low utilization CRE negative and average utilization CRE Positive. Regarding views on death, the results obtained by the Different Perspectives Quick Scale on Death suggest that this sample agrees with the view death as something that is part of the natural cycle of life (M8 - Death as a natural end) and features the prospect of death as uncertainty, mystery and ignorance (M4 - death as Unknown). The correlations between the measures the factors and items of CRE-Bref and dimensions of Short scales on different perspectives of Death notes the prevalence of correlations of M4 dimensions - Death as unknown and M8 - Death as a natural order to the creditor scale soon. In the interview analysis revealed a positive influence of religion/ spirituality on health, from the perspective of the respondent, highlighting the protection promoted by religion. It also noticed the use of prayer as a coping strategy of hospitalization and illness. Regarding the interview about the topic of death, there was a predominance of issues related to "afterlife", "unknown" and "abandonment", which are associated with the visions of death and mystery and death as a natural end. In the interviews there belief clues about death as a terrifying mystery connected, so the unknown and the feeling of fear on the same. The experience of illness can therefore be considered as a source of vulnerability, since it is present personal perception of danger (external) - own illness and possible death, especially in those patients undergoing ICU - and where control is insufficient for the sense of security, since the hospital providing care to the patient are delegated to third parties and patients assume a passive role. This fact is important and relevant to health professionals who deal daily with patients hospitalized for chronic diseases, since the recourse to religion and spirituality as a coping strategy that psychic movement was not constituted in a form of negative distance or even denial of health condition. On the contrary, it refers to a movement in search of comfort and security provided by the religion and spirituality.
Resumo:
Les transactions sur les valeurs mobilières ainsi que leur mise en garantie se font bien au-delà des frontières nationales. Elles impliquent une multitude d’intervenants, tels que l’émetteur, un grand nombre d’intermédiaires disposés en structure pyramidale, un ou des investisseurs et, bien évidemment, les bénéficiaires desdites valeurs mobilières ou garanties. On peut aussi signaler l’existence de nombreux portefeuilles diversifiés contenant des titres émis par plusieurs émetteurs situés dans plusieurs états. Toute la difficulté d’une telle diversité d’acteurs, de composantes financières et juridiques, réside dans l’application de règles divergentes et souvent conflictuelles provenant de systèmes juridiques d’origines diverses (Common Law et civiliste). De nombreux juristes, de toutes nationalités confondues, ont pu constater ces dernières années que les règles de création, d’opposabilité et de réalisation des sûretés, ainsi que les règles de conflit de lois qui aident à déterminer la loi applicable à ces différentes questions, ne répondaient plus adéquatement aux exigences juridiques nationales dans un marché financier global, exponentiel et sans réelles frontières administratives. Afin de résoudre cette situation et accommoder le marché financier, de nombreux textes de loi ont été révisés et adaptés. Notre analyse du droit québécois est effectuée en fonction du droit américain et canadien, principales sources du législateur québécois, mais aussi du droit suisse qui est le plus proche de la tradition civiliste québécoise, le tout à la lueur de la 36e Convention de La Haye du 5 juillet 2006 sur la loi applicable à certains droits sur des titres détenus auprès d'un intermédiaire. Par exemple, les articles 8 et 9 du Uniform Commercial Code (UCC) américain ont proposé des solutions modernes et révolutionnaires qui s’éloignent considérablement des règles traditionnelles connues en matière de bien, de propriété, de sûreté et de conflits de lois. Plusieurs autres projets et instruments juridiques dédiés à ces sujets ont été adoptés, tels que : la Loi uniforme sur le transfert des valeurs mobilières (LUTVM) canadienne, qui a été intégrée au Québec par le biais de la Loi sur le transfert de valeurs mobilières et l’obtention de titres intermédiés, RLRQ, c.T-11.002 (LTVMQ) ; la 36e Convention de La Haye du 5 juillet 2006 sur la loi applicable à certains droits sur des titres détenus auprès d'un intermédiaire; la Loi fédérale sur le droit international privé (LDIP) suisse, ainsi que la Loi fédérale sur les titres intermédiés (LTI) suisse. L’analyse de ces textes de loi nous a permis de proposer une nouvelle version des règles de conflit de lois en matière de sûretés et de transfert des titres intermédiés en droit québécois. Cette étude devrait susciter une réflexion profonde du point de vue d’un juriste civiliste, sur l’efficacité des nouvelles règles québécoises de sûretés et de conflit de lois en matière de titres intermédiés, totalement inspirées des règles américaines de Common Law. Un choix qui semble totalement ignorer un pan du système juridique civiliste et sociétal.
Resumo:
We are witnessing nothing less than a revolution in international policy-thinking, with a shift from imagining that international policy-makers can solve development/ security problems through the export or transfer of policy practices or their imposition through conditionality, to understanding that problems should be grasped as emergent consequences of complex social processes which need to be worked with rather than against. This paper, prepared for the 2014 CEPA conference, focuses therefore less on the politicisation and securitisation of questions of conflict and poverty and more on the depoliticisation of questions of conflict and poverty, especially through frameworks of resilience.
Resumo:
El artículo analiza la relación entre la Unión Europea y la OTAN en cuestiones de defensa, según se ha reflejado en las estrategias de seguridad de la Unión Europea, con particular atención a la Estrategia Global de la Unión Europea presentada en 2016. Se estudia la Estrategia de Seguridad Europea de 2003, el Informe de Implementación de 2008, y las nuevas aproximaciones al contexto internacional y a la seguridad europea que se reflejan en la Estrategia Global. Se analiza también el papel de la OTAN, así como la evolución de la política de seguridad de los Estados Unidos hacia Europa durante la Administración Obama. Finalmente se discute el posible futuro de la Política Común de Seguridad y Defensa de la UE (PCSD) después del Bréxit, así como las consecuencias para su relación con la OTAN.
Resumo:
Policing in stable democratic societies is predominantly concerned with the implementation and practice of the globally accepted philosophy of community policing. However, the subtle complexities of Northern Ireland's transitional landscape present acute problems for the community policing concept, both as a vehicle for police reform and as a tool for increasing the co-production of security through improved community interaction with the police. This article will examine the current position of the Police Service of Northern Ireland (PSNI) and their Policing with the Community policy. Providing an overview of contextual and contemporary developments, it will assess the efficacy with which the PSNI have realised community policing, as espoused in Patten Recommendation 44. It concludes by determining the role and extent of community engagement with policing in Northern Ireland and the resistances and contestations to the implementation of the community policing in a post-conflict society.
Resumo:
Internal control is something that’s grown more important for enterprises to keep in mind. The community is increasingly affected by the IT-development which demands a bigger degree of security. Enterprises needs to make sure that their systems are up to date and secure enough to keep it safe from unauthorized to take part of sensitive information. Internal control can exist in a major part of the work. If an enterprise have a goal for no harm or serious injury at work, internal control is necessary to reach that goal. The purpose for this essay is to examine how five different departments of Trafikverket practices internal control. How internal control is described. How the guidance from the managements is described and how it reaches the rest of the enterprise. This will lead to a proposal of improvement of the internal control at Trafikverket. We focus our frame of reference on the COSO-model and its five components. The components included in the COSO-model are control environment, risk valuation, control activities, information and communication and monitoring. The essay is a case-study of Trafikverket. We have chosen a qualitative method and interviewed five respondents from the different departments on Trafikverket. The respondents we interviewed works with internal control in their everyday work or have a god insight in the subject. We used a semi structured interview guide with questions based on the COSO framework. The results from our study shows that it exist big variations between how the departments work with internal control. It emerged that there are new guidelines for how the work should be done. This makes it necessary with education to implement the new ways to work. How the departments use the COSO-model varies. Some of them have incorporated the model in their new ways to work others have never heard of it. The conclusion of our study shows that the COSO-model and it´s components contribute to a functioning internal control. Implementing the components is important and the most important feature to good internal control is the corporate management. Education within the enterprise is the most effective way to inform the staff about the model and to implement it.
Resumo:
Cette étude vise à analyser les liens entre le climat scolaire et la victimisation par les pairs en contexte de persévérance et de réussite scolaires au secondaire. Après avoir démontré l’existence de liens théoriques entre ces trois variables, elle évalue l’influence du climat scolaire décliné en quatre composantes (sentiment de sécurité, de justice, relations interpersonnelles/soutien et collaboration/participation) sur six formes de victimisation par les pairs (physique, verbale, psychologique, matérielle, électronique, à connotation sexuelle). Les résultats de cette recherche menée auprès de 2 154 élèves de la première à la cinquième secondaire révèlent que la composante du climat scolaire « Sentiment de sécurité » se distingue avec une influence sur les six formes de victimisation étudiées, signifiant que les élèves qui se sentent en sécurité dans leur milieu scolaire sont moins à risque de vivre ces différentes formes de violence. L’influence des autres composantes du climat scolaire sur la victimisation s’est toutefois avérée très faible. Comme le vécu victimaire et la perception d’un climat scolaire négatif peuvent nuire à la réussite et à la persévérance scolaires et entraver la diplomation, et que la décision d’abandonner l’école se prend souvent durant la quatrième et cinquième années du secondaire (Frase, 1989; MELS, 2009), c’est à ce groupe particulier d’élèves que la troisième partie de cette thèse s’est consacrée. Les analyses menées spécifiquement auprès d’élèves de quatrième et cinquième secondaire (n = 715) indiquent que ceux qui subissent au moins une des six formes de victimisation perçoivent plus négativement chacune des composantes du climat scolaire de leur établissement, comparativement à leurs pairs non victimisés. Précisément, les élèves victimes de violence physique et verbale perçoivent plus négativement les quatre composantes du climat scolaire et celles de formes matérielle, psychologique et à connotation sexuelle jugent aussi plus négativement toutes les composantes du climat scolaire, excepté celle du climat de sécurité. L’ensemble de ces résultats indiquent que la perception du climat scolaire influence la victimisation pour l’ensemble des élèves du secondaire et soulignent que cette victimisation, vécue par les élèves de quatrième et cinquième secondaire, affecte plus négativement leur perception du climat scolaire. Des réflexions sont finalement proposées afin d’orienter de futures recherches de même que certaines retombées pratiques pour les milieux scolaires.
