Open Source Software : the Intersection of IP and Security in Open Source

The use of open source software continues to grow on a daily basis. Today, enterprise applications contain 40% to 70% open source code and this fact has legal, development, IT security, risk management and compliance organizations focusing their attention on its use, as never before. They increasingly understand that the open source content within an application must be detected. Once uncovered, decisions regarding compliance with intellectual property licensing obligations must be made and known security vulnerabilities must be remediated. It is no longer sufficient from a risk perspective to not address both open source issues.

Toward a novel forensic intelligence model: systematic profiling of false identity documents

False identity documents represent a serious threat through their production and use in organized crime and by terrorist organizations. The present-day fight against this criminal problem and threats to national security does not appropriately address the organized nature of this criminal activity, treating each fraudulent document on its own during investigation and the judicial process, which causes linkage blindness and restrains the analysis capacity. Given the drawbacks of this case-by-case approach, this article proposes an original model in which false identity documents are used to inform a systematic forensic intelligence process. The process aims to detect links, patterns, and tendencies among false identity documents in order to support strategic and tactical decision making, thus sustaining a proactive intelligence-led approach to fighting identity document fraud and the associated organized criminality. This article formalizes both the model and the process, using practical applications to illustrate its powerful capabilities. This model has a general application and can be transposed to other fields of forensic science facing similar difficulties.

Gender and Security Sector Reform: Gendering Differently?

Recent efforts to implement gender mainstreaming in the field of security sector reform have resulted in an international policy discourse on gender and security sector reform (GSSR). Critics have challenged GSSR for its focus on 'adding women' and its failure to be transformative. This article contests this assessment, demonstrating that GSSR is not only about 'adding women', but also, importantly, about 'gendering men differently' and has important albeit problematic transformative implications. Drawing on poststructuralist and postcolonial feminist theory, I propose a critical reading of GSSR policy discourse in order to analyse its built-in logics, tensions and implications. I argue that this discourse establishes a powerful 'grid of intelligibility' that draws on gendered and racialized dualisms to normalize certain forms of subjectivity while rendering invisible and marginalizing others, and contributing to reproduce certain forms of normativity and hierarchy. Revealing such processes of discursive in/exclusion and marginalized subjectivities can serve as a starting point to challenge and transform GSSR practice and identify sites of contestation.

Security in RFID devices

Aquest projecte inclou una aproximació als conceptes de RFID i targetes contactless centrant-se en l’ampliament usat MIFARE Classic chip. L’objectiu principal es mostrar el seu funcionament i les seves vulnerabilitats, així com alguns exemples pràctics fent una anàlisi de diferents serveis que les utilitzen.

Des faux documents d'identité au renseignement forensique : développement d'une approche systématique et transversale du traitement de la donnée forensique à des fins de renseignement criminel

La fabrication, la distribution et l'usage de fausses pièces d'identité constituent une menace pour la sécurité autant publique que privée. Ces faux documents représentent en effet un catalyseur pour une multitude de formes de criminalité, des plus anodines aux formes les plus graves et organisées. La dimension, la complexité, la faible visibilité, ainsi que les caractères répétitif et évolutif de la fraude aux documents d'identité appellent des réponses nouvelles qui vont au-delà d'une approche traditionnelle au cas par cas ou de la stratégie du tout technologique dont la perspective historique révèle l'échec. Ces nouvelles réponses passent par un renforcement de la capacité de comprendre les problèmes criminels que posent la fraude aux documents d'identité et les phénomènes qui l'animent. Cette compréhension est tout bonnement nécessaire pour permettre d'imaginer, d'évaluer et de décider les solutions et mesures les plus appropriées. Elle requière de développer les capacités d'analyse et la fonction de renseignement criminel qui fondent en particulier les modèles d'action de sécurité les plus récents, tels que l'intelligence-led policing ou le problem-oriented policing par exemple. Dans ce contexte, le travail doctoral adopte une position originale en postulant que les fausses pièces d'identité se conçoivent utilement comme la trace matérielle ou le vestige résultant de l'activité de fabrication ou d'altération d'un document d'identité menée par les faussaires. Sur la base de ce postulat fondamental, il est avancé que l'exploitation scientifique, méthodique et systématique de ces traces au travers d'un processus de renseignement forensique permet de générer des connaissances phénoménologiques sur les formes de criminalité qui fabriquent, diffusent ou utilisent les fausses pièces d'identité, connaissances qui s'intègrent et se mettent avantageusement au service du renseignement criminel. A l'appui de l'épreuve de cette thèse de départ et de l'étude plus générale du renseignement forensique, le travail doctoral propose des définitions et des modèles. Il décrit des nouvelles méthodes de profilage et initie la constitution d'un catalogue de formes d'analyses. Il recourt également à des expérimentations et des études de cas. Les résultats obtenus démontrent que le traitement systématique de la donnée forensique apporte une contribution utile et pertinente pour le renseignement criminel stratégique, opérationnel et tactique, ou encore la criminologie. Combiné aux informations disponibles par ailleurs, le renseignement forensique produit est susceptible de soutenir l'action de sécurité dans ses dimensions répressive, proactive, préventive et de contrôle. En particulier, les méthodes de profilage des fausses pièces d'identité proposées permettent de révéler des tendances au travers de jeux de données étendus, d'analyser des modus operandi ou d'inférer une communauté ou différence de source. Ces méthodes appuient des moyens de détection et de suivi des séries, des problèmes et des phénomènes criminels qui s'intègrent dans le cadre de la veille opérationnelle. Ils permettent de regrouper par problèmes les cas isolés, de mettre en évidence les formes organisées de criminalité qui méritent le plus d'attention, ou de produire des connaissances robustes et inédites qui offrent une perception plus profonde de la criminalité. Le travail discute également les difficultés associées à la gestion de données et d'informations propres à différents niveaux de généralité, ou les difficultés relatives à l'implémentation du processus de renseignement forensique dans la pratique. Ce travail doctoral porte en premier lieu sur les fausses pièces d'identité et leur traitement par les protagonistes de l'action de sécurité. Au travers d'une démarche inductive, il procède également à une généralisation qui souligne que les observations ci-dessus ne valent pas uniquement pour le traitement systématique des fausses pièces d'identité, mais pour celui de tout type de trace dès lors qu'un profil en est extrait. Il ressort de ces travaux une définition et une compréhension plus transversales de la notion et de la fonction de renseignement forensique. The production, distribution and use of false identity documents constitute a threat to both public and private security. Fraudulent documents are a catalyser for a multitude of crimes, from the most trivial to the most serious and organised forms. The dimension, complexity, low visibility as well as the repetitive and evolving character of the production and use of false identity documents call for new solutions that go beyond the traditional case-by-case approach, or the technology-focused strategy whose failure is revealed by the historic perspective. These new solutions require to strengthen the ability to understand crime phenomena and crime problems posed by false identity documents. Such an understanding is pivotal in order to be able to imagine, evaluate and decide on the most appropriate measures and responses. Therefore, analysis capacities and crime intelligence functions, which found the most recent policing models such as intelligence-led policing or problem-oriented policing for instance, have to be developed. In this context, the doctoral research work adopts an original position by postulating that false identity documents can be usefully perceived as the material remnant resulting from the criminal activity undertook by forgers, namely the manufacture or the modification of identity documents. Based on this fundamental postulate, it is proposed that a scientific, methodical and systematic processing of these traces through a forensic intelligence approach can generate phenomenological knowledge on the forms of crime that produce, distribute and use false identity documents. Such knowledge should integrate and serve advantageously crime intelligence efforts. In support of this original thesis and of a more general study of forensic intelligence, the doctoral work proposes definitions and models. It describes new profiling methods and initiates the construction of a catalogue of analysis forms. It also leverages experimentations and case studies. Results demonstrate that the systematic processing of forensic data usefully and relevantly contributes to strategic, tactical and operational crime intelligence, and also to criminology. Combined with alternative information available, forensic intelligence may support policing in its repressive, proactive, preventive and control activities. In particular, the proposed profiling methods enable to reveal trends among extended datasets, to analyse modus operandi, or to infer that false identity documents have a common or different source. These methods support the detection and follow-up of crime series, crime problems and phenomena and therefore contribute to crime monitoring efforts. They enable to link and regroup by problems cases that were previously viewed as isolated, to highlight organised forms of crime which deserve greatest attention, and to elicit robust and novel knowledge offering a deeper perception of crime. The doctoral research work discusses also difficulties associated with the management of data and information relating to different levels of generality, or difficulties associated with the implementation in practice of the forensic intelligence process. The doctoral work focuses primarily on false identity documents and their treatment by policing stakeholders. However, through an inductive process, it makes a generalisation which underlines that observations do not only apply to false identity documents but to any kind of trace as soon as a profile is extracted. A more transversal definition and understanding of the concept and function of forensic intelligence therefore derives from the doctoral work.

The role of community and population ecology in applying mycorrhizal fungi for improved food security.

The global human population is expected to reach ∼9 billion by 2050. Feeding this many people represents a major challenge requiring global crop yield increases of up to 100%. Microbial symbionts of plants such as arbuscular mycorrhizal fungi (AMF) represent a huge, but unrealized resource for improving yields of globally important crops, especially in the tropics. We argue that the application of AMF in agriculture is too simplistic and ignores basic ecological principals. To achieve this challenge, a community and population ecology approach can contribute greatly. First, ecologists could significantly improve our understanding of the determinants of the survival of introduced AMF, the role of adaptability and intraspecific diversity of AMF and whether inoculation has a direct or indirect effect on plant production. Second, we call for extensive metagenomics as well as population genomics studies that are crucial to assess the environmental impact that introduction of non-local AMF may have on native AMF communities and populations. Finally, we plead for an ecologically sound use of AMF in efforts to increase food security at a global scale in a sustainable manner.

Wireless Technologies in e-Business; Services, Security and Management

Uusien mobiilien laitteiden ja palveluiden kehitys ovat herättäneet yritysten mielenkiinnon soveltaa langattomia sovelluksia omassa liiketoiminnassaan. Erilaisten tekniikoiden myötä myös mahdollisuuksien kirjo on laajentumassa, mikä johtaa erilaisten verkkojen ja laitteiden yhtenäiselle hallinnalle asetettavien vaatimusten kasvuun. Yritysten siirtyessä soveltamaan uusia langattomia palveluita ja sovelluksia on myös huomioon otettavaa sovellusten sekä palveluiden vaatima tietoturva ja sen hallittavuus. Tutkimuksessa esitetään langattoman sähköisen liiketoiminnan määritelmä sekä kyseisien teknologioiden käyttöä edistävät tekijät. Tutkimus luo viitekehyksen yrityksen langattomien teknologioiden käytölle ja siihen olennaisesti vaikuttavista tekijöistä. Viitekehystä on käytetty todelliseen esimerkkiin, liikkuva myyntihenkilö, kyseisten teknologioiden, palveluiden, tietoturvan ja hallittavuuden näkökulmasta. Johtopäätöksinä on arvioitu mobiilien ja langattomien teknologioiden sekä palveluiden, tietoturvan ja hallittavuuden tilaa ja analysoimalla niitä tulevaa ajatellen.

From 'Security for Privacy' to 'Privacy for Security'

This article envisions the use of context-awareness to improve single sign-on solutions (SSO) for mobile users. The attribute-based SSO is expected to increase users' perceived ease of use of the system and service providers' authentication security of the application. From these two features we derive two value propositions for a new business model for mobile platforms. The business model can be considered as an instantiation of the privacy-friendly business model pattern presented in our previous work, reinforcing our claim that privacy-friendly value propositions are possible and can be used to obtain a competitive advantage.

Software Security Design and Testing

Elektroninen kaupankäynti ja pankkipalvelut ovat herättäneet toiminnan jatkuvuuden kannalta erittäin kriittisen kysymyksen siitä, kuinka näitä palveluja pystytään suojaamaan järjestäytynyttä rikollisuutta ja erilaisia hyväksikäyttöjä vastaan.

Development of an investor relations strategy - Case SSH Communications Security Corp. Communications Security Corp.

Tutkimuksen tavoitteena oli muodostaa viitekehys sijoittajaviestinnän strategian muodostamiseen ja soveltaa viitekehystä käytännössä. Tutkimusongelma nousi case-yrityksestä, SSH Communications Security Oyj:stä, joka listautui vuoden 2000 lopussa. Teoreettinen viitekehys perustuu aikaisempaan kirjallisuuteen sijoittajaviestinnästä, strategian kehittämisestä ja rahoitusteoriasta. Rahoitusteorian alueet, joita käsiteltiin tutkimuksessa ovat; vapaaehtoinen tiedottaminen, markkinatehokkuus ja agenttiteoria. Tutkimuksen empiirinen osa toteutettiin soveltamalla teoreettista viitekehystä case yritykseen. Empiirisessä osuudessa käytiin läpi seuraavat vaiheet; nykyisen tilan ulkoinen ja sisäinen analyysi, tavoitteiden asettaminen ja sijoittajaviestintä strategia ehdotuksen muodostaminen case yritykseen. Tutkielman viimeinen kappale kokoaa tärkeimmät löydökset, pohtii työn teoreettista kontribuutiota ja liikkeenjohdollisia kytköksiä sekä esittää tutkimuksen herättämiä ehdotuksia jatkotutkimuksille

Security in multicast communication

Multicast is one method to transfer information in IPv4 based communication. Other methods are unicast and broadcast. Multicast is based on the group concept where data is sent from one point to a group of receivers and this remarkably saves bandwidth. Group members express an interest to receive data by using Internet Group Management Protocol and traffic is received by only those receivers who want it. The most common multicast applications are media streaming applications, surveillance applications and data collection applications. There are many data security methods to protect unicast communication that is the most common transfer method in Internet. Popular data security methods are encryption, authentication, access control and firewalls. The characteristics of multicast such as dynamic membership cause that all these data security mechanisms can not be used to protect multicast traffic. Nowadays the protection of multicast traffic is possible via traffic restrictions where traffic is allowed to propagate only to certain areas. One way to implement this is packet filters. Methods tested in this thesis are MVR, IGMP Filtering and access control lists which worked as supposed. These methods restrict the propagation of multicast but are laborious to configure in a large scale. There are also a few manufacturerspecific products that make possible to encrypt multicast traffic. These separate products are expensive and mainly intended to protect video transmissions via satellite. Investigation of multicast security has taken place for several years and the security methods that will be the results of the investigation are getting ready. An IETF working group called MSEC is standardizing these security methods. The target of this working group is to standardize data security protocols for multicast during 2004.

Police work and new 'security devices' : a tale from the beat

Mobile technologies have brought about major changes in police equipment and police work. If a utopian narrative remains strongly linked to the adoption of new technologies, often formulated as 'magic bullets' to real occupational problems, there are important tensions between their 'imagined' outcomes and the (unexpected) effects that accompany their daily 'practical' use by police officers. This article offers an analysis of police officers' perceptions and interactions with security devices. In so doing, it develops a conceptual typology of strategies for coping with new technology inspired by Le Bourhis and Lascoumes: challenging, neutralizing and diverting. To that purpose, we adopt an ethnographic approach that focuses on the discourses, practices and actions of police officers in relation to three security devices: the mobile digital terminal, the mobile phone and the body camera. Based on a case study of a North American municipal police department, the article addresses how these technological devices are perceived and experienced by police officers on the beat.

Yhdistettyjen uhanhallintalaitteiden tarjoamat mahdollisuudet ja

Unified Threat Management or UTM-devices have created a new way to implement security solutions for different customer needs and segments. Customer and business traffic is more and more Web and application based when security is needed to that level as well. Thesis focuses to explore what opportunities UTM-devices provides for operator acting as a managed security service provider and how to succeed better in the markets. Markets are explored both in the customer interface what customers are expecting form the managed service provides and from technology provider interface what kind of products and services they have for different implementations. Theoretical background is taken from product strategy, networking and product development. These are taken into account when developed and explored opportunities an operator has in managed security business with UTM-devices. In the thesis four main recognized technology vendors and their product and services are compared against operator managed security services needs. Based on the explorations of theory, customer needs and technology a product strategy is proposed for operator acting as a managed security provider.