Information Security as Strategic (In)effectivity

Security of information flow is commonly understood as preventing any information leakage, regardless of how grave or harmless consequences the leakage can have. In this work, we suggest that information security is not a goal in itself, but rather a means of preventing potential attackers from compromising the correct behavior of the system. To formalize this, we first show how two information flows can be compared by looking at the adversary's ability to harm the system. Then, we propose that the information flow in a system is effectively information-secure if it does not allow for more harm than its idealized variant based on the classical notion of noninterference

Comparative Law as a Bridge Between the Nation-State and the Global Economy: An Essay for Herbert Bernstein

Professor Richard M. Buxbaum delivered the Fourth Annual Herbert L. Bernstein Memorial Lecture in Comparative Law in 2005 and this article is based on his remarks. The article is included in the inaugural volume of CICLOPs that collects the first six Bernstein lectures. In this paper, Richard Buxbaum is primarily concerned with the potential of comparative law as a method to bridge the disparities between the laws of nation-states and the needs of the globalized economy. Buxbaum investigates three separate roles for comparative law in closing this gap: First, he discusses the potential uses of comparative law with regard to the current primacy of national law over the increasingly transnational economic order. Second, he looks into the concern surrounding the growing need for national economic laws to move up a step; here, Buxbaum pays special attention to the problems and benefits created by federalism within both the American and the European systems. Thirdly, and finally, he tackles the elusiveness of what he calls “the slippery issue of ‘economic law’”. In dealing with each of these strands of thought, Buxbaum focuses predominantly on the European Union system and how comparative law can aid in its struggle not only to unify law, but also in efforts to coordinate law between national, sovereign entities. Due to the high degree of difference in the centralization of authority in the American system over the European Union, Buxbaum is able to cast into high relief the need for comparative law within Europe in the absence of a strong legislative body. Buxbaum uses comparative law to bridge the importance of national law in a transnational order with the challenges of achieving a unified economic law between nations, despite the inherent tension between the two concepts

Globally reasoning about localised security policies in distributed systems

In this report, we aim at establishing proper ways for model checking the global security of distributed systems, which are designed consisting of set of localised security policies that enforce specific issues about the security expected. The systems are formally specified following a syntax, defined in detail in this report, and their behaviour is clearly established by the Semantics, also defined in detail in this report. The systems include the formal attachment of security policies into their locations, whose intended interactions are trapped by the policies, aiming at taking access control decisions of the system, and the Semantics also takes care of this. Using the Semantics, a Labelled Transition System (LTS) can be induced for every particular system, and over this LTS some model checking tasks could be done. We identify how this LTS is indeed obtained, and propose an alternative way of model checking the not-yet-induced LTS, by using the system design directly. This may lead to over-approximation thereby producing imprecise, though safe, results. We restrict ourselves to finite systems, in the sake of being certain about the decidability of the proposed method. To illustrate the usefulness and validity of our proposal, we present 2 small case-study-like examples, where we show how the system can be specified, which policies could be added to it, and how to decide if the desired global security property is met. Finally, an Appendix is given for digging deeply into how a tool for automatically performing this task is being built, including some implementation issues. The tool takes advantage of the proposed method, and given some system and some desired global security property, it safely (i.e. without false positives) ensures satisfaction of it

Unification: An international aerospace information opportunity

Science and technology projects are becoming more and more international and interdisciplinary. Other parts of the world, notably Europe, are increasingly powerful players in the aerospace industry. This change has led to the development of various aerospace information initiatives in other countries. With scarce resources in all areas of government and industry, the NASA STI Program is reviewing its current acquisition and exchange practices and policies to factor in the changing requirements and new opportunities within the international community. Current NASA goals and activities are reviewed with a new view toward developing a scenario for establishing an international aerospace database, maintaining compatibility among national aerospace information systems, eliminating duplication of effort, and sharing resources through international cooperation wherever possible

Securing the state, undermining democracy: internationalization and privatization of western militaries

Changes in the field of security since the 1990s triggered off a number of still continuing military transformations in liberal democracies. Since their armed forces were designed for the purposes of the bipolar Cold war security constellation, they have been “redesigned” according to the new tasks as agreed upon in the new NATO strategic concepts or the assignments for the Europeanized forces within the European Union: Conflict prevention, crisis intervention, counter-terrorism have been added to the range of deployment missions. This recent transformation of the armed forces is pushed ahead in the political spirit of new public management well known from other policy areas in the OECD countries. The proclaimed reforms are guided by efficiency and effectiveness principles only, issues of democratic control and integration of the armed forces into the society are marginalized in the political discourse. But integration and cooperation within international organizations is only one of the two trends detrimental to democratic control of the military; increasing contracting with Private Security and Military Companies is the other. Contracting is intended to reduce political and financial costs and risks for Western governments. The authors argue that, in the long run, both trends of privatization and internationalization, though they seem to run into opposite directions from a purely etatist perspective, result in the joint effect of exacerbating democratic control and accountability of security policies. This point is illustrated by the employment of private military companies by the US government agencies and US military and the reform of the German armed forces. -- Seit Ende des Ost-West-Konflikts befinden sich die westlichen Streitkräfte in einem anhaltenden Transformationsprozess. Waren die Streitkräfte zuvor an der bipolaren Sicherheitskonstellation des Kalten Krieges ausgerichtet, werden sie seit 1990 umstrukturiert, um neue Missionen zu erfüllen, wie sie in den strategischen Konzepten der NATO oder den Aufgabenfeldern der Europäischen Sicherheits- und Verteidigungspolitik definiert sind. Unter den Vorzeichen eines New Public Managements vorangetrieben, das in den letzten Jahrzehnten als ökonomisch inspiriertes Reformprinzip bereits zahlreiche andere Politikfelder der OECD-Staaten geprägt hat, sind die Umstrukturierungen der Streitkräfte vorwiegend an Effizienz- und Effektivitäts-Gesichtspunkten orientiert. Fragen der demokratischen Kontrolle und der Integration des Militärs in die jeweilige Gesellschaft werden dagegen im politischen Diskurs vernachlässigt. Zwei Entwicklungstrends kennzeichnen derzeit die westliche Sicherheits- und Verteidigungspolitik: die Integration und Kooperation westlicher Streitkräfte im Rahmen von internationalen Organisationen sowie der zunehmende Einsatz privater Sicherheitsunternehmen. Obwohl Internationalisierung und Privatisierung von Sicherheitspolitik in einer staatszentrierten Perspektive auf den ersten Blick gegenläufige Tendenzen einer Stärkung der Exekutive einerseits und der Schwächung des Staates andererseits zu markieren scheinen, tragen jedoch beide zu einer Schädigung der nationalstaatlichen Demokratie bei. Diese These erläutern die Autorinnen anhand des vermehrten Rückgriffs der US-amerikanischen Regierung auf private Sicherheitsanbieter sowie der Transformation der deutschen Streitkräfte.

Towards alignment of architectural domains in security policy specifications

Large organizations need to align the security architecture across three different domains: access control, network layout and physical infrastructure. Security policy specification formalisms are usually dedicated to only one or two of these domains. Consequently, more than one policy has to be maintained, leading to alignment problems. Approaches from the area of model-driven security enable creating graphical models that span all three domains, but these models do not scale well in real-world scenarios with hundreds of applications and thousands of user roles. In this paper, we demonstrate the feasibility of aligning all three domains in a single enforceable security policy expressed in a Prolog-based formalism by using the Law Governed Interaction (LGI) framework. Our approach alleviates the limitations of policy formalisms that are domain-specific while helping to reach scalability by automatic enforcement provided by LGI

Rethinking Subsidiarity in the EU: Economic Principles

This chapter reconsiders and assesses subsidiarity as one of the general principles to guide the political and institutional development of the European Union, and proposes a framework to assess the consistency of alternative plans.

The CIS Common Electric Power Market

Trade in electric power and mutual investments are at a low level and do not correspond with the sector’s potential. The CIS is a net exporter of electric power, but the actual volumes of import and export are small. CIS countries are capable of more, having large coal and gas reserves with huge potential for energy production, vast hydropower potential, and competitive advantage in power engineering. In spite of the considerable revival during recent years, mutual investments remain at a low level and are characterised by a one-sided structure. Power markets (power industry, hydrocarbons, coal, uranium) are specific: it is necessary to combine a complex approach to fuel and energy balance with functional integration in these unique markets. In the 2000s, the EurAsEC began work on creating a common power market (CPM). It goes without saying that, at the level of conception, power markets must be regarded as interrelated, which allows the implementation of the principle of comparative advantages in the process of integrating different countries. Alongside this, power industries may form separate markets with their own specific regulations. The idea of a common power market, which is the basis of the systematic work of the EurAsEC, inadequately reflects the peculiarities of the power industry. In our opinion, the subject that should be considered is the creation of a number of common markets, such as: an electric power market, an oil and gas market, and a coal market. The creation of a uranium market may then follow. In spite of their evident dependence on each other, each of these markets is very specific and consequently should be regulated independently Creating a common power market entails a number of solvable problems. The completion of the liberalisation of the Russian market, which is the biggest, networked market of the CIS, is one of the most important preconditions for the development of a common power market. In general, the integration of the power market is dependant on the institutional peculiarities of the national electric-power industry in the key countries. Despite this, if an optimal regulative environment is established, a common power market can still be created even with the preservation of a considerable presence of public companies in the generation and distribution of energy. Advancement towards a continental Eurasian common power market is economically rational. Russia and its neighbours are interested in Eurasian integration, which would not be constrained by the boundaries of the post-Soviet space. The very logic of a CPM urges us to go beyond the boundaries of the post-Soviet area. Russia and Kazakhstan are keen promoters of the CPM, as are a number of other CIS countries including Armenia, Azerbaijan, Kyrgyzstan, Tajikistan, Uzbekistan, Turkmenistan, Ukraine and Belarus. Practically all of the CIS countries could gain real advantages as exporters and transmitters of electric power if real electric energy market mechanisms are introduced, thereby dealing with countries of Eurasia such as China, Iran, India, Turkey and EU countries. A CPM for Eurasia would develop gradually, founded on a number of bi- and multilateral agreements.post-Soviet space; electric power market; economic integration