UN Security Council decision-making: testing the bribery hypothesis

Liberal-Institutionalism and Structural Realism expectations about international organizations are confronted by looking at if and how US-controlled international aid is granted, and particularly if it is related or not to political affinity and to United Nations Security Council (UNSC) non-permanent membership. A preliminary assessment suggests that these relations only hold for the period of the Cold War, and, even then, only when UNSC non-permanent membership is in years in which the Security Council was deemed very important.

The US experience in contracting out security and lessons for other countries

The United States has gone further than any country in the "privatization of security". Other countries may find the economic or financial logic in the use of contractors persuasive. The US experience with contracting out security, particularly in Iraq, was problematic, and can serve as a cautionary tale in order that other countries might learn how to avoid the pitfalls.

Integration of Standardized Management Systems: A Dilemma?

Abstract: The growing proliferation of management systems standards (MSSs), and their individualized implementation, is a real problem faced by organizations. On the other hand, MSSs are aimed at improving efficiency and effectiveness of organizational responses in order to satisfy the requirements, needs and expectations of the stakeholders. Each organization has its own identity and this is an issue that cannot be neglected; hence, two possible approaches can be attended. First, continue with the implementation of individualized management systems (MSs); or, integrate the several MSSs versus related MSs into an integrated management system (IMS). Therefore, in this context, organizations are faced with a dilemma, as a result of the increasing proliferation and diversity of MSSs. This paper takes into account the knowledge gained through a case study conducted in the context of a Portuguese company and unveils some of the advantages and disadvantages of integration. A methodology is also proposed and presented to support organizations in developing and structuring the integration process of their individualized MSs, and consequently minimize problems that are generators of inefficiencies, value destruction and loss of competitiveness. The obtained results provide relevant information that can support Top Management decision in solving that dilemma and consequently promote a successful integration, including a better control of business risks associated to MSSs requirements and enhancing sustainable performance, considering the context in which organizations operate.

The right to medical care and its economic consequences: an American dilemma

The concepts of "rights" and of "right to health care" including its evolution in modern times are discussed. The consequences of implementing this right are discussed in economic terms, regarding the situation in the United States of America. A discussion is also included on the limitations of the role of Health Insurance as a measure to solve the problem of providing health care for all individuals.

Chagas' disease and social security: a case-control study in an urban area, Goiás, Brazil

One hundred and twenty subjects with Chagas' cardiopathy and 120 non-infected subjects were randomly selected from first time claimants of sickness benefits in the National Institute of Social Security (INPS) in Goiás. Cases of Chagas' cardiopathy were defined based on serological test, history of residence in an endemic area and, clinical and/or electrocardiogram (ECG) alterations suggestive of Chagas' cardiomyopathy. Controls were defined as subjects with at least two negative serological tests. Case and controls were compared in the analysis for age, sex, place of birth, migration history, socio-economic level, occupation, physical exertion at work, age at affiliation and years of contribution to the social security scheme, clinical course of their disease and ECG abnormalities. Chagas' disease patients were younger than other subjects and predominantly of rural origin. Non-infected subjects presented a better socio-economic level, were performing more skilled activities and had less changes of job than cases. No important difference was observed in relation to age at affiliation to INPS. About 60% of cases have claimed for benefits within the first four years of contribution while among controls this proportion was 38.5%. Cases were involved, proportionally more than controls, in "heavy" activities. A risk of 2.3 (95%CL 1.5 - 4.6) and 1.8 (95%CL 1.2- 3.5) was obtained comparing respectively "heavy" and "moderate" physical activity against "light". A relative risk of 8.5 (95%CL 4.9 - 14.8) associated with the presence of cardiopathy was estimated comparing the initial sample of seropositive subjects and controls. A high relative risk was observed in relation to right bundle branch block (RR = 37.1 95%CL = 8.8 - 155.6) and left anterior hemiblock (RR = 4.4, 95%CL = 2.1 - 9.1).

Biblioteca para a realização de security token services

A família de especificações WS-* define um modelo de segurança para web services, baseado nos conceitos de claim, security token e Security Token Service (STS). Neste modelo, a informação de segurança dos originadores de mensagens (identidade, privilégios, etc.) é representada através de conjuntos de claims, contidos dentro de security tokens. A emissão e obtenção destes security tokens, por parte dos originadores de mensagens, são realizadas através de protocolos legados ou através de serviços especiais, designados de Security Token Services, usando as operações e os protocolos definidos na especificação WS-Trust. O conceito de Security Token Service não é usado apenas no contexto dos web services. Propostas como o modelo dos Information Cards, aplicável no contexto de aplicações web, também utilizam este conceito. Os Security Token Services desempenham vários papéis, dependendo da informação presente no token emitido. São exemplos o papel de Identity Provider, quando os tokens emitidos contêm informação de identidade, ou o papel de Policy Decision Point, quando os tokens emitidos definem autorizações. Este documento descreve o projecto duma biblioteca software para a realização de Security Token Services, tal como definidos na norma WS-Trust, destinada à plataforma .NET 3.5. Propõem-se uma arquitectura flexível e extensível, de forma a suportar novas versões das normas e as diversas variantes que os Security Token Services possuem, nomeadamente: o tipo dos security token emitidos e das claims neles contidas, a inferência das claims e os métodos de autenticação das entidades requerentes. Apresentam-se aspectos de implementação desta arquitectura, nomeadamente a integração com a plataforma WCF, a sua extensibilidade e o suporte a modelos e sistemas externos à norma. Finalmente, descrevem-se as plataformas de teste implementadas para a validação da biblioteca realizada e os módulos de extensão da biblioteca para: suporte do modelo associado aos Information Cards, do modelo OpenID e para a integração com o Authorization Manager.

Improving Remote Voting Security with Code Voting

One of the major problems that prevents the spread of elections with the possibility of remote voting over electronic networks, also called Internet Voting, is the use of unreliable client platforms, such as the voter's computer and the Internet infrastructure connecting it to the election server. A computer connected to the Internet is exposed to viruses, worms, Trojans, spyware, malware and other threats that can compromise the election's integrity. For instance, it is possible to write a virus that changes the voter's vote to a predetermined vote on election's day. Another possible attack is the creation of a fake election web site where the voter uses a malicious vote program on the web site that manipulates the voter's vote (phishing/pharming attack). Such attacks may not disturb the election protocol, therefore can remain undetected in the eyes of the election auditors. We propose the use of Code Voting to overcome insecurity of the client platform. Code Voting consists in creating a secure communication channel to communicate the voter's vote between the voter and a trusted component attached to the voter's computer. Consequently, no one controlling the voter's computer can change the his/her's vote. The trusted component can then process the vote according to a cryptographic voting protocol to enable cryptographic verification at the server's side.

Coordination between mid-term maintenance outage decisions and short-term security-constrained scheduling in smart distribution systems

Distribution systems are the first volunteers experiencing the benefits of smart grids. The smart grid concept impacts the internal legislation and standards in grid-connected and isolated distribution systems. Demand side management, the main feature of smart grids, acquires clear meaning in low voltage distribution systems. In these networks, various coordination procedures are required between domestic, commercial and industrial consumers, producers and the system operator. Obviously, the technical basis for bidirectional communication is the prerequisite of developing such a coordination procedure. The main coordination is required when the operator tries to dispatch the producers according to their own preferences without neglecting its inherent responsibility. Maintenance decisions are first determined by generating companies, and then the operator has to check and probably modify them for final approval. In this paper the generation scheduling from the viewpoint of a distribution system operator (DSO) is formulated. The traditional task of the DSO is securing network reliability and quality. The effectiveness of the proposed method is assessed by applying it to a 6-bus and 9-bus distribution system.

Contexts-management strategy in considering the security in urban computing based on urban design

Urban Computing (UrC) provides users with the situation-proper information by considering context of users, devices, and social and physical environment in urban life. With social network services, UrC makes it possible for people with common interests to organize a virtual-society through exchange of context information among them. In these cases, people and personal devices are vulnerable to fake and misleading context information which is transferred from unauthorized and unauthenticated servers by attackers. So called smart devices which run automatically on some context events are more vulnerable if they are not prepared for attacks. In this paper, we illustrate some UrC service scenarios, and show important context information, possible threats, protection method, and secure context management for people.

A study on security grade assignment model for mobile users in urban computing

The relation between the information/knowledge expression and the physical expression can be involved as one of items for an ambient intelligent computing [2],[3]. Moreover, because there are so many contexts around user/spaces during a user movement, all appplcation which are using AmI for users are based on the relation between user devices and environments. In these situations, it is possible that the AmI may output the wrong result from unreliable contexts by attackers. Recently, establishing a server have been utilizes, so finding secure contexts and make contexts of higher security level for save communication have been given importance. Attackers try to put their devices on the expected path of all users in order to obtain users informationillegally or they may try to broadcast their SPAMS to users. This paper is an extensionof [11] which studies the Security Grade Assignment Model (SGAM) to set Cyber-Society Organization (CSO).

Demo: automatic personal identification system for security in critical services: a case study

The demonstration proposal moves from the capabilities of a wireless biometric badge [4], which integrates a localization and tracking service along with an automatic personal identification mechanism, to show how a full system architecture is devised to enable the control of physical accesses to restricted areas. The system leverages on the availability of a novel IEEE 802.15.4/Zigbee Cluster Tree network model, on enhanced security levels and on the respect of all the users' privacy issues.

A Logic and tool for local reasoning about security protocols

Trabalho apresentado no âmbito do Mestrado em Engenharia Informática, como requisito parcial para obtenção do grau de Mestre em Engenharia Informática

An Enhanced WLAN Security System With FPGA Implementation for Multimedia Applications

Maintaining a high level of data security with a low impact on system performance is more challenging in wireless multimedia applications. Protocols that are used for wireless local area network (WLAN) security are known to significantly degrade performance. In this paper, we propose an enhanced security system for a WLAN. Our new design aims to decrease the processing delay and increase both the speed and throughput of the system, thereby making it more efficient for multimedia applications. Our design is based on the idea of offloading computationally intensive encryption and authentication services to the end systems’ CPUs. The security operations are performed by the hosts’ central processor (which is usually a powerful processor) before delivering the data to a wireless card (which usually has a low-performance processor). By adopting this design, we show that both the delay and the jitter are significantly reduced. At the access point, we improve the performance of network processing hardware for real-time cryptographic processing by using a specialized processor implemented with field-programmable gate array technology. Furthermore, we use enhanced techniques to implement the Counter (CTR) Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) and the CTR protocol. Our experiments show that it requires timing in the range of 20–40 μs to perform data encryption and authentication on different end-host CPUs (e.g., Intel Core i5, i7, and AMD 6-Core) as compared with 10–50 ms when performed using the wireless card. Furthermore, when compared with the standard WiFi protected access II (WPA2), results show that our proposed security system improved the speed to up to 3.7 times.

Clinical Dilemma in the Treatment of a Patient with Microangiopathic Haemolytic Anaemia, Thrombocytopaenia and Severe Hypertension

While haemolytic uraemic syndrome in children is predominantly associated with Shiga toxin -producing Escherichia coli (typically 0157:H7), some cases occur without associated diarrhoea, or as the manifestation of an underlying disorder other than infection. Haemolytic uraemic syndrome is characterised by microangiopathic anaemia, thrombocytopaenia and renal failure, on occasion accompanied by severe hypertension. Malignant hypertension is a syndrome that sometimes exhibits the same laboratory abnormalities as haemolytic uraemic syndrome as it may share the same pathological findings: thrombotic microangiopathy. As clinical features of both entities overlap, the distinction between them can be very difficult. However, differentiation is essential for the treatment decision, since early plasma exchange dramatically reduces mortality in haemolytic uraemic syndrome not associated with diarrhoea. An increasing number of genetic causes of this pathology have been described and may be very useful in differentiating it from thrombotic microangiopathy due to other aetiologies. Despite advances in the understanding of the pathophysiology of haemolytic uraemic syndrome not associated with diarrhoea, the management often remains empirical. We describe a patient with simultaneous microangiopathic haemolytic anaemia, thrombocytopaenia and severe hypertension managed in the acute period of illness with plasma exchange.