Security Patchworking in Lebanon: Infrastructuring Across Failing Infrastructures

In this paper we bring to light the infrastructuring work carried out by people in Lebanon to establish and maintain everyday security in response to multiple simultaneously failing infrastructures. We do so through interviews with 13 participants from 12 digital and human rights organisations and two weeks of ethnographically informed fieldwork in Beirut, Lebanon, in July 2022. Through our analysis we develop the notion of security patchworking that makes visible the infrastructuring work necessitated to secure basic needs such as electricity provision, identity authentication and financial resources. Such practices are rooted in differing mechanisms of protection that often result in new forms of insecurity. We discuss the implications for CSCW and HCI researchers and point to security patchworking as a lens to be used when designing technologies to support infrastructuring, while advocating for collaborative work across CSCW and security research.Comment: To appear at ACM Conference On Computer-Supported Cooperative Work And Social Computing (CSCW) 202

myTrustedCloud: Trusted cloud infrastructure for security-critical computation and data managment

Copyright @ 2012 IEEECloud Computing provides an optimal infrastructure to utilise and share both computational and data resources whilst allowing a pay-per-use model, useful to cost-effectively manage hardware investment or to maximise its utilisation. Cloud Computing also offers transitory access to scalable amounts of computational resources, something that is particularly important due to the time and financial constraints of many user communities. The growing number of communities that are adopting large public cloud resources such as Amazon Web Services [1] or Microsoft Azure [2] proves the success and hence usefulness of the Cloud Computing paradigm. Nonetheless, the typical use cases for public clouds involve non-business critical applications, particularly where issues around security of utilization of applications or deposited data within shared public services are binding requisites. In this paper, a use case is presented illustrating how the integration of Trusted Computing technologies into an available cloud infrastructure - Eucalyptus - allows the security-critical energy industry to exploit the flexibility and potential economical benefits of the Cloud Computing paradigm for their business-critical applications

CAID prediction portal: A comprehensive service for predicting intrinsic disorder and binding regions in proteins

Intrinsic disorder (ID) in proteins is well-established in structural biology, with increasing evidence for its involvement in essential biological processes. As measuring dynamic ID behavior experimentally on a large scale remains difficult, scores of published ID predictors have tried to fill this gap. Unfortunately, their heterogeneity makes it difficult to compare performance, confounding biologists wanting to make an informed choice. To address this issue, the Critical Assessment of protein Intrinsic Disorder (CAID) benchmarks predictors for ID and binding regions as a community blind-test in a standardized computing environment. Here we present the CAID Prediction Portal, a web server executing all CAID methods on user-defined sequences. The server generates standardized output and facilitates comparison between methods, producing a consensus prediction highlighting high-confidence ID regions. The website contains extensive documentation explaining the meaning of different CAID statistics and providing a brief description of all methods. Predictor output is visualized in an interactive feature viewer and made available for download in a single table, with the option to recover previous sessions via a private dashboard. The CAID Prediction Portal is a valuable resource for researchers interested in studying ID in proteins. The server is available at the URL: https://caid.idpcentral.org

Key Opportunities and Challenges of Data Migration in Cloud: Results from a Multivocal Literature Review

Cloud data migration is the procedure of moving information, localhost applications, services, and data to the distributed cloud computing infrastructure. The success of this data migration process is depending on several aspects like planning and impact analysis of existing enterprise systems. One of the most common operations is moving locally stored data in a public cloud computing environment. This paper, through a multivocal literature review, identifies the key advantages and consequences of migrating data into the cloud. There are five different cloud migration strategies and models prescribed to evaluate the performance, identifying security requirements, choosing a cloud provider, calculating the cost, and making any necessary organizational changes. The results of this research paper can give a road map for the data migration journey and can help decision makers towards a safe and productive migration to a cloud computing environment.publishedVersio

Land regularization through participatory approach in Tanzania : the case of Ubungo Darajani -- Dar es Salaam

Community Land Regularization in Ubungo Darajani stemmed from common problems in the community. These include poor vehicular accessibility, increasing land conflict and fear of eviction by the government due to insecure tenure. The commonly felt problems obliged the community to come together and collectively work to address land development and management (regularization) problems. Community togetherness is seen as an instrument for engendering social capital as well as strategy for resource mobilization. They were attracted to belong to the common course at the same time they wanted to associate with community achievements. This is power of collective and social network theory. Their effective mobilization, coordination among the actors and effective linkage with other institutions such as University College of Lands and Architectural Studies (UCLAS), the Kinondoni Municipal Authority, Utility Agencies and the Ministry of Lands and Human Settlements Development were the basis for the achievement recorded in this area. In addition, the trust, networking capacity building, common norms and rules negotiation were important factors leading to success of the project. Community participation guarantees that a felt need is involved, sense of ownership, an intrinsic value and a catalyst for further development efforts. The study concludes that unless the land Regularisation activities on going in informal settlements are closely monitored and regulated as the settlement grow, it will be costly socially and economically to retrofit. (Author abstract)Kessy, J. D. (2005). Land regularisation through participatory approach in Tanzania : the case of Ubungo Darajani -- Dar es Salaam. Retrieved from http://academicarchive.snhu.eduMaster of Science (M.S.)School of Community Economic Developmen

EXPLAINING AN E-IDENTIFICATION FRAMEWORK IMPLEMENTATION USING DIALECTICS

This article analyses the challenges of implementing a new electronic identification (eID) framework in Finland. We employ the theoretical lens of dialectics to explain how two opposing forces in the form of public and private actors, the government and banks respectively, engaged in a process of resistance and acquiescence. By interviewing the key organizations from both sides, we identify the rationale of the conflict, mechanisms that have led and may lead to further conflict, and the outcome. The root cause of the problems with the framework include the conflicting goals of the government and banks: the regulators’ interests to create more competition in the market, generate cost savings, decrease the dependence on banks vs. the objectives of the banks to maintain the status quo. Moreover, the framework implementation practices, such as the hard enforcement strategy, an inherent infrastructuring mindset of the government and communication problems, have considerably contributed to further conflict development. As a result, divergent views on the framework architecture and the pricing models are the outcomes of the confrontation. Our findings emphasize the importance of strategic and operational coherence in the governance of a changing ecosystem with a proprietary banking platform playing a role in a national eID scheme

CONSTRUCTION OF EFFICIENT AUTHENTICATION SCHEMES USING TRAPDOOR HASH FUNCTIONS

In large-scale distributed systems, where adversarial attacks can have widespread impact, authentication provides protection from threats involving impersonation of entities and tampering of data. Practical solutions to authentication problems in distributed systems must meet specific constraints of the target system, and provide a reasonable balance between security and cost. The goal of this dissertation is to address the problem of building practical and efficient authentication mechanisms to secure distributed applications. This dissertation presents techniques to construct efficient digital signature schemes using trapdoor hash functions for various distributed applications. Trapdoor hash functions are collision-resistant hash functions associated with a secret trapdoor key that allows the key-holder to find collisions between hashes of different messages. The main contributions of this dissertation are as follows: 1. A common problem with conventional trapdoor hash functions is that revealing a collision producing message pair allows an entity to compute additional collisions without knowledge of the trapdoor key. To overcome this problem, we design an efficient trapdoor hash function that prevents all entities except the trapdoor key-holder from computing collisions regardless of whether collision producing message pairs are revealed by the key-holder. 2. We design a technique to construct efficient proxy signatures using trapdoor hash functions to authenticate and authorize agents acting on behalf of users in agent-based computing systems. Our technique provides agent authentication, assurance of agreement between delegator and agent, security without relying on secure communication channels and control over an agent’s capabilities. 3. We develop a trapdoor hash-based signature amortization technique for authenticating real-time, delay-sensitive streams. Our technique provides independent verifiability of blocks comprising a stream, minimizes sender-side and receiver-side delays, minimizes communication overhead, and avoids transmission of redundant information. 4. We demonstrate the practical efficacy of our trapdoor hash-based techniques for signature amortization and proxy signature construction by presenting discrete log-based instantiations of the generic techniques that are efficient to compute, and produce short signatures. Our detailed performance analyses demonstrate that the proposed schemes outperform existing schemes in computation cost and signature size. We also present proofs for security of the proposed discrete-log based instantiations against forgery attacks under the discrete-log assumption

Measuring the e-Government Maturity in Indonesia using the Ranking of e-Government of Indonesia (PeGI)

In rapid development of Information Communication and Technology (ICT), citizens need fast and easy-to-access regarding e-Government services. To fulfil the requirements, Indonesian Government has been developed and implemented e-Government services in both local and central government. However, to measure the e-Government success, there is a model to measure the ranking of e-Government in Indonesia named PeGI. The measurement is applied to ministry, non-ministry government, and local government institution. This paper aims to measure e-Government development and implementation in a Ministry institution in Indonesia. The measurement model divided e-Government into 4 dimensions; policy, institutional, infrastructure, application, and planning. The result of the measurement indicated that the Ministry has 3.37 out of 4 and it belongs to good rating. Further in this paper, we also give recommendations to improve the e-Government development and implementation in the Ministry in order to deliver better services to citizen and other partners

Docker Technology for Small Scenario-Based Excercises in cybersecurity

This study aims to better prepare students for cybersecurity roles by providing practical tools that bridge the gap between theory and real-world applications. We investigate the role of small scenario-based exercises for students’ understanding of cybersecurity concepts. In particular, we assess the use of Docker technology to deliver training that includes a simple small scenario on html code injection. The effectiveness of scenario-based learning has long been defined and by using SBL, we are going to create hands-on activity that involves the fundamental topics in cybersecurity using Docker technology, allowing students to see the exploitation of the vulnerabilities and defense mechanisms against the attacks. The study’s results deduced from the analysis of responses from two surveys favored small scenario-based exercises for hands on activities in cybersecurity and the use of Docker technology for building such scenarios. By underlining the links between the studies discussed in the paper and our study, it shows the importance of scenario-based learning in cybersecurity education, highlighting its hands-on and practical nature. Also, it advocates for tailored educational programs that effectively integrate theoretical knowledge with practical application, emphasizing the value of this approach in preparing students for real-world cybersecurity challenges