Security analysis of JXME-Proxyless version

JXME es la especificación de JXTA para dispositivos móviles con J2ME. Hay dos versiones diferentes de la aplicación JXME disponibles, cada una específica para un determinado conjunto de dispositivos, de acuerdo con sus capacidades. El principal valor de JXME es su simplicidad para crear peer-to-peer (P2P) en dispositivos limitados. Además de evaluar las funciones JXME, también es importante tener en cuenta el nivel de seguridad por defecto que se proporciona. Este artículo presenta un breve análisis de la situación actual de la seguridad en JXME, centrándose en la versión JXME-Proxyless, identifica las vulnerabilidades existentes y propone mejoras en este campo.

A security layer for JXTA core protocols

JXTA define un conjunto de seis protocolos básicos especialmente adecuados para una computación ad hoc, permanente, multi-hop, peer-to-peer (P2P). Estos protocolos permiten que los iguales cooperen y formen grupos autónomos de pares. Este artículo presenta un método que proporciona servicios de seguridad en los protocolos básicos: protección de datos, autenticidad, integridad y no repudio. Los mecanismos que se presentan son totalmente distribuidos y basados ¿¿en un modelo puro peer-to-peer, que no requieren el arbitraje de un tercero de confianza o una relación de confianza establecida previamente entre pares, que es uno de los principales retos en este tipo de entornos.

A Security-aware Approach to JXTA-Overlay Primitives

The JXTA-Overlay project is an effort to use JXTA technologyto provide a generic set of functionalities that can be used by developers to deploy P2P applications. Since its design mainly focuses on issues such as scalability or overall performance, it does not take security into account. However, as P2P applications have evolved to fulfill more complex scenarios, security has become a very important aspect to take into account when evaluating a P2P framework. This work proposes a security extension specifically suited to JXTA-Overlay¿s idiosyncrasies, providing an acceptable solution to some of its current shortcomings.

ZigBee/ZigBee PRO security assessment based on compromised cryptographic keys

Sensor networks have many applications in monitoring and controlling of environmental properties such as sound, acceleration, vibration and temperature. Due to limitedresources in computation capability, memory and energy, they are vulnerable to many kinds of attacks. The ZigBee specification based on the 802.15.4 standard, defines a set of layers specifically suited to sensor networks. These layers support secure messaging using symmetric cryptographic. This paper presents two different ways for grabbing the cryptographic key in ZigBee: remote attack and physical attack. It also surveys and categorizes some additional attacks which can be performed on ZigBee networks: eavesdropping, spoofing, replay and DoS attacks at different layers. From this analysis, it is shown that some vulnerabilities still in the existing security schema in ZigBee technology.

A Security Framework for JXTA-Overlay

En l'actualitat, la maduresa del camp de la investigació P2P empès a través de nous problemes, relacionats amb la seguretat. Per aquesta raó, la seguretat comença a convertir-se en una de les qüestions clau en l'avaluació d'un sistema P2P, i és important proporcionar mecanismes de seguretat per a sistemes P2P. El projecte JXTAOverlay fa un esforç per utilitzar la tecnologia JXTA per proporcionar un conjunt genèric de funcions que poden ser utilitzades pels desenvolupadors per desplegar aplicacions P2P. No obstant això, encara que el seu disseny es va centrar en qüestions com ara l'escalabilitat o el rendiment general, no va tenir en compte la seguretat. Aquest treball proposa un marc de seguretat, adaptat específicament a la idiosincràsia del JXTAOverlay.

JXTA security in mobile constrained devices

JXME is the JXTA protocols implementation formobile devices using J2ME. Two different flavors of JXME have been implemented, each one specific for a particular set of devices, according to their capabilities. The main value of JXME is its simplicity to create peer-to-peer (P2P) applications in limited devices. In addition to assessing JXME functionalities, it is also important to realize the default security level provided. This paper presents a brief analysis of the current state of security in JXME, focusing on the JXME-Proxied version, identifies existing vulnerabilities and proposes further improvements in this field.

Open Source Software : the Intersection of IP and Security in Open Source

The use of open source software continues to grow on a daily basis. Today, enterprise applications contain 40% to 70% open source code and this fact has legal, development, IT security, risk management and compliance organizations focusing their attention on its use, as never before. They increasingly understand that the open source content within an application must be detected. Once uncovered, decisions regarding compliance with intellectual property licensing obligations must be made and known security vulnerabilities must be remediated. It is no longer sufficient from a risk perspective to not address both open source issues.

Determination of the critical activities of a public-private intermediary organization with the help of value chain analysis

Tämän diplomityön tavoitteena oli selvittää arvoketjuanalyysin avulla toiminnot, joilla voittoatavoittelemattoman, julkisen osakeyhtiön toimintaa voitaisiin kuvata. Tarkoituksena oli selvittää mainitut toiminnot yleisesti ja luoda malli kohdeyrityksen arvoketjusta ja sen toiminnoista. Tutkielma jakautuu teoreettiseen ja empiiriseen osaan. Ensimmäinen pohjautuu aikaisempaan tutkimukseen ja kirjallisuuteen sidosryhmistä, arvon muodostumisesta ja arvoketjuanalyysistä. Jälkimmäinen on laadullista tapaustutkimusta. Empiriassa mallinnettiin Lappeenranta Innovation Oy:nsisäisiä toimintoja ja sidosryhmien odotuksia. Empiirinen tutkimus perustui kohdeyrityksen omistajille ja henkilöstölle tehtyihin haastatteluihin sekä yrityksen toiminnan päivittäiseen seurantaan. Johtopäätöksenätodettiin, että julkisen, voittoa tavoittelemattoman yrityksen toiminnot on mahdollista kuvata arvoketjuanalyysin avulla. Alan ja yrityksen asettamat erityispiirteet toivat haasteita määrittelylle, mutta silti arvoketju antoi selkeän tavan kohdeyrityksen toimintojen mallintamiselle.

Prevalence of overweight and underweight in public and private schools in the Seychelles.

Abstract Objective. We compared the prevalence of body weight categories between public and private schools in the Seychelles, a rapidly developing small island state in the African region. Methods. In 2004-2006, weight and height were measured and self-reported information on physical activity collected in children of three selected grades in all schools in the country. Overweight, obesity and thinness were defined according to standard criteria. Results. Based on 8 462 students (377 in private schools), the prevalence of overweight (including obesity) was markedly higher in private than public schools (boys: 37% [95% CI: 31-44] vs. 15% [14-16]; girls: 33% [26-41] vs. 20% [19-22]). The prevalence of thinness grade 1 was lower in private than public schools (boys: 9% [5-13] vs. 20% [19-21]; girls: 13% [8-18] vs. 19% [18-20]). Students in private schools reported more physical activity at leisure time while students in public schools reported larger weekly walking time. Conclusions. Our findings suggest that school type may be a useful indicator for assessing the association between socio-economic status and overweight in children, and that overweight affects wealthy children more often than others in developing countries.

Gender and Security Sector Reform: Gendering Differently?

Recent efforts to implement gender mainstreaming in the field of security sector reform have resulted in an international policy discourse on gender and security sector reform (GSSR). Critics have challenged GSSR for its focus on 'adding women' and its failure to be transformative. This article contests this assessment, demonstrating that GSSR is not only about 'adding women', but also, importantly, about 'gendering men differently' and has important albeit problematic transformative implications. Drawing on poststructuralist and postcolonial feminist theory, I propose a critical reading of GSSR policy discourse in order to analyse its built-in logics, tensions and implications. I argue that this discourse establishes a powerful 'grid of intelligibility' that draws on gendered and racialized dualisms to normalize certain forms of subjectivity while rendering invisible and marginalizing others, and contributing to reproduce certain forms of normativity and hierarchy. Revealing such processes of discursive in/exclusion and marginalized subjectivities can serve as a starting point to challenge and transform GSSR practice and identify sites of contestation.