Providing User Security Guarantees in Public Infrastructure Clouds

The infrastructure cloud (IaaS) service model offers improved resource flexibility and availability, where tenants - insulated from the minutiae of hardware maintenance - rent computing resources to deploy and operate complex systems. Large-scale services running on IaaS platforms demonstrate the viability of this model; nevertheless, many organizations operating on sensitive data avoid migrating operations to IaaS platforms due to security concerns. In this paper, we describe a framework for data and operation security in IaaS, consisting of protocols for a trusted launch of virtual machines and domain-based storage protection. We continue with an extensive theoretical analysis with proofs about protocol resistance against attacks in the defined threat model. The protocols allow trust to be established by remotely attesting host platform configuration prior to launching guest virtual machines and ensure confidentiality of data in remote storage, with encryption keys maintained outside of the IaaS domain. Presented experimental results demonstrate the validity and efficiency of the proposed protocols. The framework prototype was implemented on a test bed operating a public electronic health record system, showing that the proposed protocols can be integrated into existing cloud environments.

Assessing the influence of the Responsibility to Protect on the UN Security Council during the Arab Spring

This article challenges those perspectives which assert first, that the Security Council’s engagement with the Responsibility to Protect (R2P) during the Arab Spring evidences a generally positive trend, and second, that the response to the Arab Spring, particularly Syria, highlights the need for veto restraint. With respect to the first point, the evidence presented in this article suggests that the manner in which R2P has been employed by the Security Council during this period evidences three key trends: first, a willingness to invoke R2P only in the context of Pillar I; second, a pronounced lack of consensus surrounding Pillar III; and third, the persistent prioritisation of national interests over humanitarian concerns. With respect to veto restraint, this article argues that there is no evidence that this idea will have any significant impact on decision-making at the Security Council; the Council’s response to the Arab Spring suggests that national interests continue to trump humanitarian need.

Biblioteca para a realização de security token services

A família de especificações WS-* define um modelo de segurança para web services, baseado nos conceitos de claim, security token e Security Token Service (STS). Neste modelo, a informação de segurança dos originadores de mensagens (identidade, privilégios, etc.) é representada através de conjuntos de claims, contidos dentro de security tokens. A emissão e obtenção destes security tokens, por parte dos originadores de mensagens, são realizadas através de protocolos legados ou através de serviços especiais, designados de Security Token Services, usando as operações e os protocolos definidos na especificação WS-Trust. O conceito de Security Token Service não é usado apenas no contexto dos web services. Propostas como o modelo dos Information Cards, aplicável no contexto de aplicações web, também utilizam este conceito. Os Security Token Services desempenham vários papéis, dependendo da informação presente no token emitido. São exemplos o papel de Identity Provider, quando os tokens emitidos contêm informação de identidade, ou o papel de Policy Decision Point, quando os tokens emitidos definem autorizações. Este documento descreve o projecto duma biblioteca software para a realização de Security Token Services, tal como definidos na norma WS-Trust, destinada à plataforma .NET 3.5. Propõem-se uma arquitectura flexível e extensível, de forma a suportar novas versões das normas e as diversas variantes que os Security Token Services possuem, nomeadamente: o tipo dos security token emitidos e das claims neles contidas, a inferência das claims e os métodos de autenticação das entidades requerentes. Apresentam-se aspectos de implementação desta arquitectura, nomeadamente a integração com a plataforma WCF, a sua extensibilidade e o suporte a modelos e sistemas externos à norma. Finalmente, descrevem-se as plataformas de teste implementadas para a validação da biblioteca realizada e os módulos de extensão da biblioteca para: suporte do modelo associado aos Information Cards, do modelo OpenID e para a integração com o Authorization Manager.

Abordagem da segurança, higiene e saúde na organização e gestão escolar

A escola é o centro de convergência que justifica e fundamenta os recursos alocados ao sistema educativo. Durante o normal funcionamento das escolas, as condições de segurança, salubridade dos edifícios e equipamentos devem ser previstas e mantidas para garantir a salvaguarda da saúde e bem-estar dos seus ocupantes. A responsabilidade sobre estas questões encontra-se transferida para os Órgãos de Gestão dos estabelecimentos educativos. Neste âmbito efectuou-se um estudo que objectivou caracterizar a organização e a gestão escolar, no contexto da segurança, higiene e saúde; conhecer a forma da organização e da gestão da emergência nos estabelecimentos de ensino e o grau de satisfação dos gestores escolares relativamente aspectos relacionados com a Segurança, Higiene e Saúde. Neste sentido, foi aplicado um inquérito por questionário on-line, dirigido aos directores dos agrupamentos de escolas e escolas únicas da Região Norte de Portugal. Na generalidade os resultados obtidos demonstraram que ao nível da organização e gestão da emergência é evidenciada alguma preocupação, constatando-se no entanto, que nem todas as escolas possuam delegado de segurança, algumas não possuem plano de segurança, apenas metade evidenciou a existência de projectos educativos em áreas relacionadas com a temática e não existe ainda uma participação efectiva no seio escolar por parte da comunidade. Os gestores escolares, relativamente ao grau de satisfação, referiram as condições das infra-estruturas e estado de conservação dos estabelecimentos escolares, como factores de maior descontentamento. Percepcionou-se que a gestão escolar é centrada nos problemas do quotidiano, não existindo uma planificação ou um programa legitimado de segurança, higiene e saúde a longo prazo. A análise à actuação do gestor escolar face à segurança e higiene, não pode efectuar-se alheia e separadamente do actual regime de autonomia, administração e gestão dos estabelecimentos públicos da educação pré-escolar e dos ensinos básico e secundário, porque o desempenho dos diferentes actores no processo educativo é por si condicionada. Cabe ao gestor escolar, na figura do Director(a) consagrar a segurança, higiene e saúde integradas na dinâmica escolar, promovendo um ambiente escolar mais saudável e seguro.

Coordination between mid-term maintenance outage decisions and short-term security-constrained scheduling in smart distribution systems

Distribution systems are the first volunteers experiencing the benefits of smart grids. The smart grid concept impacts the internal legislation and standards in grid-connected and isolated distribution systems. Demand side management, the main feature of smart grids, acquires clear meaning in low voltage distribution systems. In these networks, various coordination procedures are required between domestic, commercial and industrial consumers, producers and the system operator. Obviously, the technical basis for bidirectional communication is the prerequisite of developing such a coordination procedure. The main coordination is required when the operator tries to dispatch the producers according to their own preferences without neglecting its inherent responsibility. Maintenance decisions are first determined by generating companies, and then the operator has to check and probably modify them for final approval. In this paper the generation scheduling from the viewpoint of a distribution system operator (DSO) is formulated. The traditional task of the DSO is securing network reliability and quality. The effectiveness of the proposed method is assessed by applying it to a 6-bus and 9-bus distribution system.

Contexts-management strategy in considering the security in urban computing based on urban design

Urban Computing (UrC) provides users with the situation-proper information by considering context of users, devices, and social and physical environment in urban life. With social network services, UrC makes it possible for people with common interests to organize a virtual-society through exchange of context information among them. In these cases, people and personal devices are vulnerable to fake and misleading context information which is transferred from unauthorized and unauthenticated servers by attackers. So called smart devices which run automatically on some context events are more vulnerable if they are not prepared for attacks. In this paper, we illustrate some UrC service scenarios, and show important context information, possible threats, protection method, and secure context management for people.

A Qualidade na administração pública e a CAF – Common assessment framework

Apresentação no âmbito da Dissertação de Mestrado Orientador: Doutora Alcina Dias

An Enhanced WLAN Security System With FPGA Implementation for Multimedia Applications

Maintaining a high level of data security with a low impact on system performance is more challenging in wireless multimedia applications. Protocols that are used for wireless local area network (WLAN) security are known to significantly degrade performance. In this paper, we propose an enhanced security system for a WLAN. Our new design aims to decrease the processing delay and increase both the speed and throughput of the system, thereby making it more efficient for multimedia applications. Our design is based on the idea of offloading computationally intensive encryption and authentication services to the end systems’ CPUs. The security operations are performed by the hosts’ central processor (which is usually a powerful processor) before delivering the data to a wireless card (which usually has a low-performance processor). By adopting this design, we show that both the delay and the jitter are significantly reduced. At the access point, we improve the performance of network processing hardware for real-time cryptographic processing by using a specialized processor implemented with field-programmable gate array technology. Furthermore, we use enhanced techniques to implement the Counter (CTR) Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) and the CTR protocol. Our experiments show that it requires timing in the range of 20–40 μs to perform data encryption and authentication on different end-host CPUs (e.g., Intel Core i5, i7, and AMD 6-Core) as compared with 10–50 ms when performed using the wireless card. Furthermore, when compared with the standard WiFi protected access II (WPA2), results show that our proposed security system improved the speed to up to 3.7 times.

Maritime Security in the Gulf of Guinea: Issues and Solutions for the 21st Century

A producer of 5.4 M bbl/d, totalling almost half of the consumption of the entire European Union, the Gulf of Guinea is a fundamental lifeline and maritime link between Europe, the Americas and Africa. Geographically positioned as a staging post for transit originating in Latin America and coupled with its relatively porous borders, the region is also the perfect stepping stone for contraband heading to European shores. While blessed with an enviable wealth of marine and mineral resources, the region is also plagued by an ever-increasing spectre of maritime piracy; accounting for around 30% of incidents in African waters from 2003 to 2011. It is for these reasons that this research centres around the issues of maritime security in the Gulf of Guinea, with a particular focus on the first two decades of the 21st century. This research looks to examine the overall picture of the present state of play in the area, before going on to provide an analysis of potential regional developments in maritime security. This research begins with the analysis of concepts/phenomena that have played a notable role in the shaping of the field of maritime security, namely Globalisation and security issues in the post-Cold War era. The ensuing chapter then focuses in on the Gulf of Guinea and the issues dominating the field of maritime security in the region. The penultimate chapter presents a SWOT analysis, undertaken as part of this research with the aim of correlating opinions from a variety of sectors/professions regarding maritime security in the Gulf of Guinea. The final chapter builds upon the results obtained from the abovementioned SWOT analysis, presenting a series of potential proposals/strategies that can contribute to the field of maritime security in the region over the coming years. This research draws to a close with the presentation of conclusions taken from this particular investigation, as well as a final overview of the earlier presented proposals applicable to the field of maritime security during the second decade of the 21st century.

Determinants of social security pensions expenditure in Portugal

In most European countries Social Security (SS) systems are characterized as Pay-asyou- go systems. Their sustainability is being challenged with demographic changes, namely population ageing. Portugal’s population is ageing rapidly being one of the countries where this problem is more critical. With the growing debate on this topic several public choice models have been developed so as to explain SS size. In this work project there is an attempt to understand whether these models contribute to better explain Social security expenditure with pensions (SSEP) and to establish the need of finding ways to reduce present commitment with pension expenditure in Portugal.

A intervenção dos orgãos de polícia criminal em sede de julgamento

Currently, Portugal assumes itself as a democratic rule of substantive law State, sustained by a legal system seeking the right balance between the guarantee of fundamental rights and freedoms constitutional foreseen in Portugal’s Fundamental Law and criminal persecution. The architecture of the penal code lies with, roughly speaking, a accusatory basic structure, “deliberately attached to one of the most remarkable achievements of the civilizational democratic progress, and by obedience to the constitutional commandment”, in balance with the official investigation principle, valid both for the purpose of prosecution and trial. Regarding the principle of non self-incrimination - nemo tenetur se ipsum accusare, briefly defined as the defendant’s right of not being obliged to contribute to the self-incrimination, it should be stressed that there isn’t an explicit consecration in the Portuguese Constitution, being commonly accepted in an implicit constitutional prediction and deriving from other constitutional rights and principles, first and foremost, the meaning and scope of the concept of democratic rule of Law State, embedded in the Fundamental Law, and in the guidelines of the constitutional principles of human person dignity, freedom of action and the presumption of innocence. In any case, about the (in) applicability of the principle of the prohibition of self-incrimination to the Criminal Police Bodies in the trial hearing in Court, and sharing an idea of Guedes Valente, the truth is that the exercise of criminal action must tread a transparent path and non-compliant with methods to obtain evidence that violate the law, the public order or in violation of democratic principles and loyalty (Guedes Valente, 2013, p. 484). Within the framework of the penal process relating to the trial, which is assumed as the true phase of the process, the witness represents a relevant figure for the administration of criminal justice, for the testimonial proof is, in the idea of Othmar Jauernig, the worst proof of evidence, but also being the most frequent (Jauernig, 1998, p. 289). As coadjutant of the Public Prosecutor and, in specific cases, the investigating judge, the Criminal Police Bodies are invested with high responsibility, being "the arms and eyes of Judicial Authorities in pursuing the criminal investigation..." which has as ultimate goal the fulfillment of the Law pursuing the defense of society" (Guedes Valente, 2013, p. 485). It is in this context and as a witness that, throughout operational career, the Criminal Police Bodies are required to be at the trial hearing and clarify the Court with its view about the facts relating to occurrences of criminal context, thus contributing very significantly and, in some cases, decisively for the proper administration of the portuguese criminal justice. With regards to the intervention of Criminal Police Bodies in the trial hearing in Court, it’s important that they pay attention to a set of standards concerning the preparation of the testimony, the very provision of the testimony and, also, to its conclusion. Be emphasized that these guidelines may become crucial for the quality of the police testimony at the trial hearing, thus leading to an improvement of the enforcement of justice system. In this vein, while preparing the testimony, the Criminal Police Bodies must present itself in court with proper clothing, to read before and carefully the case files, to debate the facts being judged with other Criminal Police Bodies and prepare potential questions. Later, while giving his testimony during the trial, the Criminal Police Bodies must, summing up, to take the oath in a convincing manner, to feel comfortable, to start well by convincingly answering the first question, keep an attitude of serenity, to adopt an attitude of collaboration, to avoid the reading of documents, to demonstrate deference and seriousness before the judicial operators, to use simple and objective language, to adopt a fluent speech, to use nonverbal language correctly, to avoid spontaneity responding only to what is asked, to report only the truth, to avoid hesitations and contradictions, to be impartial and to maintain eye contact with the judge. Finally, at the conclusion of the testimony, the Criminal Police Bodies should rise in a smooth manner, avoiding to show relief, resentment or satisfaction, leaving a credible and professional image and, without much formality, requesting the judge permission to leave the courtroom. As final note, it’s important to stress that "The intervention of the Police Criminal Bodies in the trial hearing in Court” encloses itself on a theme of crucial importance not only for members of the Police and Security Forces, who must welcome this subject with the utmost seriousness and professionalism, but also for the proper administration of the criminal justice system in Portugal.

A wave of change: Labor market and social security impacts of the EU refugee inflow

The recent massive inflow of refugees to the European Union (EU) raises a number of unanswered questions on the economic impact of this phenomenon. To examine these questions, we constructed an overlapping-generations model that describes the evolution of the skill premium and of the welfare benefit level in relevant European countries, in the aftermath of an inflow of asylum-seekers. In our simulation, relative wages of skilled workers increase between 8% and 11% in the period of the inflow; their subsequent time path is dependent on the initial skill premium. The entry of migrants creates a fiscal surplus of about 8%, which can finance higher welfare benefits in the subsequent periods. These effects are weaker in a scenario where refugees do not fully integrate into the labor market.