A framework for security requirements engineering

This paper presents a framework for security requirements elicitation and analysis, based upon the construction of a context for the system and satisfaction arguments for the security of the system. One starts with enumeration of security goals based on assets in the system. These goals are used to derive security requirements in the form of constraints. The system context is described using a problem-centered notation, then this context is validated against the security requirements through construction of a satisfaction argument. The satisfaction argument is in two parts: a formal argument that the system can meet its security requirements, and a structured informal argument supporting the assumptions expressed in the formal argument. The construction of the satisfaction argument may fail, revealing either that the security requirement cannot be satisfied in the context, or that the context does not contain sufficient information to develop the argument. In this case, designers and architects are asked to provide additional design information to resolve the problems

State of New York Public Employment Relations Board Decisions from December 29, 2005

BD_Mtng_12_29_2005.pdf: 278 downloads, before Oct. 1, 2020

Maryland v. King: The Fourth Amendment Spirals Down the Double Helix

This commentary previews an upcoming Supreme Court case, Maryland v. King, in which the Court may decide whether requiring an arrestee to submit to a buccal swab for identification purposes violates the arrestee\u27s privacy interests under the Fourth Amendment

Justice on Appeal in Criminal Cases: A Twentieth-Century Perspective

Criminal appeals was a hot topic in the 1970s, reflecting the politics of the Great Society and the development of the constitutional requirements of due process. There was then widespread agreement that the function of the criminal appeal was to assure that the appropriate judges were giving visible attention to all convictions to assure that they were justified. This paper will pose the question: what has become of that vision of a former generation

The case for cloud service trustmarks and assurance-as-a-service

Cloud computing represents a significant economic opportunity for Europe. However, this growth is threatened by adoption barriers largely related to trust. This position paper examines trust and confidence issues in cloud computing and advances a case for addressing them through the implementation of a novel trustmark scheme for cloud service providers. The proposed trustmark would be both active and dynamic featuring multi-modal information about the performance of the underlying cloud service. The trustmarks would be informed by live performance data from the cloud service provider, or ideally an independent third-party accountability and assurance service that would communicate up-to-date information relating to service performance and dependability. By combining assurance measures with a remediation scheme, cloud service providers could both signal dependability to customers and the wider marketplace and provide customers, auditors and regulators with a mechanism for determining accountability in the event of failure or non-compliance. As a result, the trustmarks would convey to consumers of cloud services and other stakeholders that strong assurance and accountability measures are in place for the service in question and thereby address trust and confidence issues in cloud computing

The quasi-judicial role of large retailers: An efficiency hypothesis of their relation with suppliers

The paper explores an efficiency hypothesis regarding the contractual process between large retailers, such as Wal-Mart and Carrefour, and their suppliers. The empirical evidence presented supports the idea that large retailers play a quasi-judicial role, acting as "courts of first instance" in their relationships with suppliers. In this role, large retailers adjust the terms of trade to on-going changes and sanction performance failures, sometimes delaying payments. A potential abuse of their position is limited by the need for re-contracting and preserving their reputations. Suppliers renew their confidence in their retailers on a yearly basis, through writing new contracts. This renovation contradicts the alternative hypothesis that suppliers are expropriated by large retailers as a consequence of specific investments.Retailing, distribution, contracts, transaction costs, self-enforcement

Expert testimony, law and epistemic authority

© Society for Applied Philosophy, 2016 This article discusses the concept of epistemic authority in the context of English law relating to expert testimony. It distinguishes between two conceptions of epistemic authority (and epistemic deference), one strong and one weak, and argues that only the weak conception is appropriate in a legal context, or in any other setting where reliance on experts can be publicly justified. It critically examines Linda Zagzebski's defence of a stronger conception of epistemic authority and questions whether epistemic authority is as closely analogous to practical authority as she maintains. Zagzebski elucidates a kind of deference that courts generally, and rightly, try to avoid. Her concept of ‘first person reasons’, however, does capture an important aspect of the deliberations of conscientious legal actors