Towards operational measures of computer security

Ideally, a measure of the security of a system should capture quantitatively the intuitive notion of ‘the ability of the system to resist attack’. That is, it should be operational, reflecting the degree to which the system can be expected to remain free of security breaches under particular conditions of operation (including attack). Instead, current security levels at best merely reflect the extensiveness of safeguards introduced during the design and development of a system. Whilst we might expect a system developed to a higher level than another to exhibit ‘more secure behaviour’ in operation, this cannot be guaranteed; more particularly, we cannot infer what the actual security behaviour will be from knowledge of such a level. In the paper we discuss similarities between reliability and security with the intention of working towards measures of ‘operational security’ similar to those that we have for reliability of systems. Very informally, these measures could involve expressions such as the rate of occurrence of security breaches (cf rate of occurrence of failures in reliability), or the probability that a specified ‘mission’ can be accomplished without a security breach (cf reliability function). This new approach is based on the analogy between system failure and security breach. A number of other analogies to support this view are introduced. We examine this duality critically, and have identified a number of important open questions that need to be answered before this quantitative approach can be taken further. The work described here is therefore somewhat tentative, and one of our major intentions is to invite discussion about the plausibility and feasibility of this new approach

Strategic Philanthropy Integrating Investments In Asset Building: A Framework for Impact

Despite philanthropy's commitments to improve family economic security, stability, and growth, a lack of cross-sector collaboration limits the impacts including constrained public resources and siloed programmatic services. A new approach to address these challenges is the development of a framework that can more effectively tie together and shape the disparate policies, investment structures, practices, and stakeholders to leverage resources and impacts. The strategic framework of asset development helps to create an effective, integrated, and sustainable system, enabling families to move through safety nets into financial security and opportunity. Asset building integration shifts investment goals from remedying deficiencies to building on strengths by increasing capability, access, and opportunity. It enables foundations to integrate and expand the scope, scale, and long-term impact of their work, shifting the focus from families' vulnerabilities to their opportunities for success. This paper provides compelling evidence about how funders are applying this strategic approach to effect greater social and economic impact

Reviving egalitarianism in the Global Transformation: Building occupational security

The world is in the midst of a Global Transformation, reflecting the painful creation of a global market society. Globalization was the disembedded phase, in which inequalities and insecurities multiplied as national systems of regulation, social protection and redistribution were dismantled or broke down. This reflected the collapse of labourism and systems of industrial citizenship, and an end to the building of national welfare states as the development objective. The outcomes were unsustainable. But what should be the counter-movement by which the global economic system will be re-embedded in society? This article suggests that a new approach to social and economic security is required, one that places work and occupation at the centre of life rather than labour, and one in which universal basic economic security is the primary development objective. In order to move in that direction, this article advocates the use of five policy decision principles by which all policies and institutional changes should be evaluated. It concludes by sketching a progressive strategy oriented to occupational citizenship, giving equal respect to liberty, equality and fraternity, or social solidarity. The world is in the midst of a Global Transformation, reflecting the painful creation of a global market society. Globalization was the disembedded phase, in which inequalities and insecurities multiplied as national systems of regulation, social protection and redistribution were dismantled or broke down. This reflected the collapse of labourism and systems of industrial citizenship, and an end to the building of national welfare states as the development objective. The outcomes were unsustainable. But what should be the counter-movement by which the global economic system will be re-embedded in society? This article suggests that a new approach to social and economic security is required, one that places work and occupation at the centre of life rather than labour, and one in which universal basic economic security is the primary development objective. In order to move in that direction, this article advocates the use of five policy decision principles by which all policies and institutional changes should be evaluated. It concludes by sketching a progressive strategy oriented to occupational citizenship, giving equal respect to liberty, equality and fraternity, or social solidarity

Security in transnational interoperable PPDR communications: threats and requirements

The relevance of cross border security operations has been identified as a priority at European level for a long time. A European network where Public Protection and Disaster Relief (PPDR) forces share communications processes and a legal framework would greatly enforce response to disaster recovery and security against crime. Nevertheless, uncertainty on costs, timescale and functionalities have slowed down the interconnection of PPDR networks across countries and limited the transnational cooperation of their PPDR forces so far. In this context, the European research project ISITEP is aimed at developing the legal, operational and technical framework to achieve a cost effective solution for PPDR interoperability across European countries. Inter alia, ISITEP project is specifying a new Inter-System-Interface (ISI) interface for the interconnection of current TETRA and TETRAPOL networks that can be deployed over Internet Protocol (IP) connectivity. This approach turns communications security as a central aspect to consider when deploying the new IP ISI protocol between PPDR national networks. Ensuring that threats to the interconnected communications systems and terminals are sufficiently and appropriately reduced by technical, procedural and environmental countermeasures is vital to realise the trusted and secure communication system needed for the pursued PPDR transnational cooperation activities. In this context, this paper describes the framework and methodology defined to carry out the development of the security requirements and provides a discussion on the undertaken security risk and vulnerability analysis.Peer ReviewedPostprint (author's final draft

Optimizing the Automotive Security Development Process in Early Process Design Phases

Security is a relatively new topic in the automotive industry. In the former days, the only security defense methods were the engine immobilizer and the anti-theft alarm system. The rising connection of vehicles to external networks made it necessary to extend the security effort by introducing security development processes. These processes include, amongothers, risk analysis and treatment steps. In parallel, the development of ISO/SAE 21434 and UN-ECE No. R155 started. The long development cycles in the automotive industry made it necessary to align the development processes' early designs with the standards' draft releases. This work aims to design a new consistent, complete and efficient security development process, aligned with the normative references. The resulting development process design aligns with the overall development methodology of the underlying, evaluated development process. Use cases serve as a basis for evaluating improvements and the method designs. This work concentrates on the left leg of the V-Model. Nevertheless, future work targets extensions for a holistic development approach for safety and security.:I. Foundation 1. Introduction 2. Automotive Development 3. Methodology II. Meta-Functional Aspects 4. Dependability as an Umbrella-Term 5. Security Taxonomy 6. Terms and Definitions III. Security Development Process Design 7. Security Relevance Evaluation 8. Function-oriented Security Risk Analysis 9. Security Risk Analysis on System Level 10. Risk Treatment IV. Use Cases and Evaluation 11. Evaluation Criteria 12. Use Case: Security Relevance Evaluation 13. Use Case: Function-oriented Security Risk Analysis 14. Use Case: System Security Risk Analysis 15. Use Case: Risk Treatment V. Closing 16. Discussion 17. Conclusion 18. Future Work Appendix A. Attacker Model Categories and Rating Appendix B. Basic Threat Classes for System SRA Appendix C. Categories of Defense Method Propertie

Discovery and Strategic Partnership Group Concept Mapping: 2014-2015 Progress Report

In 2014, New York State received funding from the U.S. Department of Education, Office of Special Education and Rehabilitative Services to begin the NYS PROMISE (Promote the Readiness of Minors in Supplemental Security Income) research initiative. The goal of this initiative is to coordinate the system of support surrounding these youths to better catalyze their potential to transition from Supplemental Security Income (SSI) to a sustainable future of living and earning as independent adults. To guide strategy and support PROMISE priorities over the course of the initiative, NYS PROMISE convened the NYS PROMISE Steering Committee, comprised of appointed liaisons from agencies who are connected to the NYS PROMISE initiative. To support sustainable partnership development for greater progress and impact on the goals of NYS PROMISE, the Steering Committee engaged in a structured, time sensitive strategic planning and partnership framework development effort. To develop the elements of a prioritized strategy, the group used Group Concept Mapping (GCM), and constructed a visual framework, or concept map, that served as the basis for prioritization and strategy development throughout the process. The GCM approach employs a group process to capture individual contributions for consensus around a given topic, using a structured approach with a specific sequence of steps that support timely and consistent engagement in the process. GCM incorporates opinions and values, and presents the results in ways that are understandable and usable. 25 individuals from 8 member agencies took part in the concept map development, contributing elements in response to the following prompt: “To yield enduring individual outcomes, a viable system to support youth with disabilities in their transition from high school to successful adult lives needs to include…

Proposing a secure component-based-application logic and system’s integration testing approach

Software engineering moved from traditional methods of software enterprise applications to com-ponent based development for distributed system’s applications. This new era has grown up forlast few years, with component-based methods, for design and rapid development of systems, butfact is that , deployment of all secure software features of technology into practical e-commercedistributed systems are higher rated target for intruders. Although most of research has been con-ducted on web application services that use a large share of the present software, but on the otherside Component Based Software in the middle tier ,which rapidly develops application logic, alsoopen security breaching opportunities .This research paper focus on a burning issue for researchersand scientists ,a weakest link in component based distributed system, logical attacks, that cannotbe detected with any intrusion detection system within the middle tier e-commerce distributed ap-plications. We proposed An Approach of Secure Designing application logic for distributed system,while dealing with logically vulnerability issue

Zakat Nature of Social Security Systems as Positive Law: Indonesia’ Law Perspective

The National Social Security System is one form of social protection organized by the Republic of Indonesia in order to guarantee the constitutional rights of the peoples. The National Social Security System as a procedure of maintaining the social security program. Zakat (tithe) is one of the social security system in the perspective of positive legislation in Indonesia. Considering the issues, this study emphasizes the effort to explore the essence of Zakat to find its contribution to the Social Security System in Indonesia, and then the approach used is a conceptual approach. The results shows that the essence of Zakat has three aspects; outer, inner and spiritual aspects. Outer aspect aims to clean or spend a portion of property as the rights of others under the provisions of syariah, obtained lawfully, and it reach amount dan period. Inner aspect aims to purify the soul of miserly and world love, and thus will grow spaciousness in the soul and compassion toward others. Spritual aspect aims to make man as a servant with a true servant. The government and especially for the House of Representatives is expected to encourage against the obligation of Zakat through new legislation. Through new legislation, the role and function of BAZNAS, especially for Amil Zakat (collector) to conduct planning and development in the form of a work program. Keywords: Zakat, Tithe, Islamic Law, Social Security System

Monitoring of food security in the Russian Federation : methodology and assessment

The paper presents the results of food security research in the Russia Federation. Providing food security and country’s independence becomes the core of keeping the national sovereignty under conditions of globalization and integration processes development. It determined the research relevance. The purpose of the research is the development of a new methodological approach to monitoring of food security as one of most important components of an efficient protection system of the latter. Integrative reproduction approach to monitoring of country’s food security meeting stability criteria, economic and social ecological efficiency, competitive ability and safety is suggested. The composition of indicators arranged in four groups is developed within the framework of such approach in order to carry out all-round monitoring of Russian Federation’s food security: agroindustrial complex production capacity and its efficient use; food accessibility; food affordability; food quality and level. The assessment of Russian Federation’s agriculture facilities, agricultural products output dynamics, agricultural raw materials and provisions export and import, level of staple foods consumption by the population and Russians’ diet is given based on indicative analysis. The main threats to Russia’s food security are revealed (productive powers deindustrialization; low level of investment to the agricultural sector; labour force reduction; increase in dependence on imported foodstuff; population’s low income level and living standards, etc.) Recommendations regarding Russian Federation’s food security level increase are given (carrying out augmented technologic modernization, establishing a brand new enterprise network, development of associations and cooperatives, increase in government control combined with agricultural producers’ business activity, development of market forms of cooperation and integration).peer-reviewe