Information Flow Model for Commercial Security

Information flow in Discretionary Access Control (DAC) is a well-known difficult problem. This paper formalizes the fundamental concepts and establishes a theory of information flow security. A DAC system is information flow secure (IFS), if any data never flows into the hands of owner’s enemies (explicitly denial access list.

Measuring Norms of Income Transfers: Trust Experiments and Survey Data from Vietnam

This paper compares the patterns of income transfers within village communities in the north and south of Vietnam by analyzing household survey and experimental data. The results of household data analysis show private transfers flow from high-income households to low-income households in the south where social safety net is limited. In contrast, private transfers do not correlate with pre-transfer income in the north where public transfers are more widespread. In addition, public transfers crowd out private transfers in the north. We conducted a trust game in both regions and found consistent results. People in the south are more altruistic toward the poor: they send more to the poor without expecting higher repayment. This pattern is consistent with the idea that private norms of redistribution from rich to poor are active in the south, but are crowded out in the north, possibly by communist public institutions, although we observe higher levels of trust and reciprocity in the north

Bowtie models as preventive models in maritime safety

Aquest treball ha sorgit d’una proposta del Dr. Rodrigo de Larrucea que ha acabat de publicar un llibre ambiciós sobre Seguretat Marítima. Com ell mateix diu, el tema “excedeix amb molt les potencialitats de l’autor”, així que en el meu cas això és més cert. Es pot aspirar, però, a fer una modesta contribució a l’estudi i difusió de la seguretat de la cultura marítima, que només apareix a les notícies quan tenen lloc desastres molt puntuals. En qualsevol cas, el professor em va proposar que em centrés en els Bowtie Models, models en corbatí, que integren l’arbre de causes y el de conseqüències (en anglès el Fault Tree Analysis, FTA, i l’Event Tree Analysis, ETA). Certament, existeixen altres metodologies i aproximacions (i en el seu llibre en presenta vàries, resumides), però per la seva senzillesa conceptual i possibilitat de generalització i integració dels resultats era una bona aposta. Així, després d’una fase de meditació i recopilació de informació, em vaig decidir a presentar un model en corbatí molt general on caben les principals causes d’accidents (factores ambientals, error humà i fallada mecànica), comptant també que pot existir una combinació de causes. De tota manera, a l’hora d’explotar aquest model existeix la gran dificultat de donar una probabilitat de ocurrència, un nombre entre 0 i 1, a cada branca. Normalment les probabilitats d’ocurrència són petites i degut a això difícils d’estimar. Cada accident és diferent, de grans catàstrofes n’hi ha poques, i cada accident ja és estudiat de manera exhaustiva (més exhaustiva quan més greu és). Un altre factor que dificulta l’estima de la probabilitat de fallada és l’evolució constant del món marítim, tant des del punt de vista tècnic, de formació, legal i fins i tot generacional doncs cada generació de marins és diferent. Els esforços estan doncs enfocats a augmentar la seguretat, encara que sempre amb un ull posat sobre els costs. Així, he presentat un model en corbatí pel seu valor didàctic i gràfic però sense entrar en detalls numèrics, que si s’escau ja aniré afinant i interioritzant en l’exercici de la professió. En aquest treball també he intentat no mantenir-me totalment al costat de la teoria (ja se sap que si tot es fa bé, tot surt perfecte, etc…) sinó presentar amb cert detall 2 casos ben coneguts d’accidents marítims: el petroler Exxon Valdez, el 1989 i el ferry Estonia en 1994, entre altres esmentats. Són casos ja una mica vells però que van contribuir a augmentar la cultura de la seguretat, fins a arribar al nivell del que gaudim actualment, al menys als països occidentals. Doncs la seguretat, com esmenta Rodrigo de Larrucea “és una actitud i mai és fortuïta; sempre és el resultat d’una voluntat decidida, un esforç sincer, una direcció intel·ligent i una execució acurada. Sens lloc a dubtes, sempre suposa la millor alternativa”. The work has been inspired in its initial aspects by the book of my tutor Jaime Rodrigo de Larrucea, that presents a state of the art of all the maritime aspects related to safety. Evidently, since it covers all the topics, it cannot deepen on every topic. It was my opportunity to deepen in the Bowtie Model but finally I have also covered a wide variety of topics. Later, when I began to study the topics, I realized that the people in the maritime world usually do not understand to a great extent statistics. Everybody is concerned about safety but few nautical students take a probabilistic approach to the accidents. For this it is extremely important to study the population that is going to be studied: in our case the SOLAS ships Also, during my time at Riga, I have been very concerned with the most diverse accidents, some of them studied during the courses at Barcelona. I have seen that it is difficult to model mathematically the accidents, since each one has different characteristics, angles, and surely there are not 2 equal. Finally, it was accorded that I should concentrate on the Bowtie Model, which is not very complex from a statistical point of view. It is simply a fault tree of events model and a tree of effects. I present some examples in this Chapter 2. The difficulty I point out is to try to estimate the probabilities of occurrence of events that are unusual. We concentrated at major accidents, those that may cause victims or heavy losses. Then, for the sake of generality, at Chapter 4, I have divided the causes in 4 great classes: Natural hazards, human factor, mechanical failure and attacks (piracy and terrorism). The last concern maybe should not be included beside the others since terrorism and piracy acts are not accidents, but since there is an important code dedicated to prevent security threats, ISPS, it is example of design of barriers to prevent an undesired event (although it gives mainly guidelines to follow by the States, Port Terminals and Shipping Companies). I have presented a detailed study of the tragedy of the Estonia, showing how a mechanical failure triggered the failure of the ferry, by its nature a delicate ship, but there were other factors such as poor maintenance and heavy seas. At the next Chapter, certain characteristics of error chains are analyzed. Finally, the conclusions are drawn, offering a pretty optimistic view of the safety (and security) culture at the Western World but that may not easily permeate the entire World, due to the associated costs

Analyse the risks of ad hoc programming in web development and develop a metrics of appropriate tools

Today the World Wide Web has become one of the most powerful tools for business promotion and social networking. As the use of websites and web applications to promote the businesses has increased drastically over the past few years, the complexity of managing them and protecting them from security threats has become a complicated task for the organizations. On the other hand, most of the web projects are at risk and less secure due to lack of quality programming. Although there are plenty of frameworks available for free in the market to improve the quality of programming, most of the programmers use ad hoc programming rather than using frameworks which could save their time and repeated work. The research identifies the different frameworks in PHP and .NET programming, and evaluates their benefits and drawbacks in the web application development. The research aims to help web development companies to minimize the risks involved in developing large web projects and develop a metrics of appropriate frameworks to be used for the specific projects. The study examined the way web applications were developed in different software companies and the advantages of using frameworks while developing them. The findings of the results show that it was not only the experience of developers that motivated them to use frameworks. The major conclusions and recommendations drawn from this research were that the main reasons behind web developers avoiding frameworks are that they are difficult to learn and implement. Also, the motivations factors for programmers towards using frameworks were self-efficiency, habit of learning new things and awareness about the benefits of frameworks. The research recommended companies to use appropriate frameworks to protect their projects against security threats like SQL injection and RSS injectio

Thermodynamics and kinetics of heterogeneous reactions

Thermodynamics and kinetics of sublimation, catalytic, and oxidation reaction

Mergers and acquisitions transactions strategies in diffusion - type financial systems in highly volatile global capital markets with nonlinearities

The M and A transactions represent a wide range of unique business optimization opportunities in the corporate transformation deals, which are usually characterized by the high level of total risk. The M and A transactions can be successfully implemented by taking to an account the size of investments, purchase price, direction of transaction, type of transaction, and using the modern comparable transactions analysis and the business valuation techniques in the diffusion type financial systems in the finances. We developed the MicroMA software program with the embedded optimized near-real-time artificial intelligence algorithm to create the winning virtuous M and A strategies, using the financial performance characteristics of the involved firms, and to estimate the probability of the M and A transaction completion success. We believe that the fluctuating dependence of M and A transactions number over the certain time period is quasi periodic. We think that there are many factors, which can generate the quasi periodic oscillations of the M and A transactions number in the time domain, for example: the stock market bubble effects. We performed the research of the nonlinearities in the M and A transactions number quasi-periodic oscillations in Matlab, including the ideal, linear, quadratic, and exponential dependences. We discovered that the average of a sum of random numbers in the M and A transactions time series represents a time series with the quasi periodic systematic oscillations, which can be finely approximated by the polynomial numbers. We think that, in the course of the M and A transaction implementation, the ability by the companies to absorb the newly acquired knowledge and to create the new innovative knowledge bases, is a key predeterminant of the M and A deal completion success as in Switzerland.Comment: 160 pages, 9 figures, 37 table

Corruption and police legitimacy in Lahore, Pakistan

Police legitimacy is an important topic of criminological research, yet it has received only sporadic study in societies where there is widespread police corruption, where the position of the police is less secure, and where social order is more tenuous. Analysing data from a probability sample survey of adults in Lahore, Pakistan, we examine the empirical links between people’s experience of police corruption, their perceptions of the fairness and effectiveness of the police, and their beliefs about the legitimacy of the police. Our findings suggest that in a context in which minimal effectiveness and integrity is yet to be established, police legitimacy may rest not just on the procedural fairness of officers, but also on their demonstrated ability to control crime and avoid corruption

The effects of land registration on financial development and economic growth - a theoretical and conceptual framework

The author develops a theoretical framework to guide empirical analysis of how land registration affects financial development and economic growth. Most conceptual approaches investigate the effects of land registration on only one sector, nut land registration is commonly observed to affect not only other sectors but the economy as a whole. The author builds on the well-tested link between secure land ownership and farm productivity, adding to the framework theory about positive information and transaction costs. To map the relationship between land registration and financial development and economic growth, the framework links: 1) Land tenure security and investment incentives. 2) Land title, collateral, and credit. 3) Land markets, transactions, and efficiency. 4) Labor mobility and efficiency. 5) Land liquidity, deposit mobilization, and investment. Empirical results from applying the framework to a single case study - of Thailand, described in a separate paper - suggest that the framework is sound.Labor Policies,Environmental Economics&Policies,Banks&Banking Reform,Economic Theory&Research,Payment Systems&Infrastructure,Economic Theory&Research,Municipal Financial Management,Rural Land Policies for Poverty Reduction,Environmental Economics&Policies,Banks&Banking Reform

Seeing More than Orange: Organizational Respect and Positive Identity Transformation in a Prison Context

This paper develops grounded theory on how receiving respect at work enables individuals to engage in positive identity transformation and the resulting personal and work-related outcomes. A company that employs inmates at a state prison to perform professional business-to-business marketing services provided a unique context for data collection. Our data indicate that inmates experienced respect in two distinct ways, generalized and particularized, which initiated an identity decoupling process that allowed them to distinguish between their inmate identity and their desired future selves and to construct transitional identities that facilitated positive change. The social context of the organization provided opportunities for personal and social identities to be claimed, respected, and granted, producing social validation and enabling individuals to feel secure in their transitional identities. We find that security in personal identities produces primarily performance-related outcomes, whereas security in the company identity produces primarily well-being-related outcomes. Further, these two types of security together foster an integration of seemingly incompatible identities—”identity holism”—as employees progress toward becoming their desired selves. Our work suggests that organizations can play a generative role in improving the lives of their members through respect-based processes