ECHO Information sharing models

As part of the ECHO project, the Early Warning System (EWS) is one of four technologies under development. The E-EWS will provide the capability to share information to provide up to date information to all constituents involved in the E-EWS. The development of the E-EWS will be rooted in a comprehensive review of information sharing and trust models from within the cyber domain as well as models from other domains

Architektur und Werkzeuge für dynamisches Identitätsmanagement in Föderationen

Federated Identity Management (FIM) hat die Motivation, Identitätsdaten eines Benutzers von einer Heimatorganisation, d. h. Identity Provider (IdP), einem Dienstbetreiber, Service Provider (SP) genannt, bereitzustellen. Dies ermöglicht zum einen die Vermeidung von Redundanzen und Inkonsistenzen und zum anderen kann der Benutzer viele weitere Dienste nutzen, ohne sich zusätzliche Benutzerkonten merken zu müssen. Mit der Security Assertion Markup Language (SAML) und dem Protokoll OpenID Connect haben sich in Wirtschaft und Research & Education (R&E) zwei Standards etabliert. Durch die vermehrte Vernetzung zeigen sich zunehmend die Grenzen der aktuell eingesetzten Architektur. In dieser Arbeit wird zunächst eine umfangreiche Anforderungsanalyse anhand verschiedener Szenarien durchgeführt, die unterschiedliche Perspektiven auf die Architektur und ihre Anforderungen ermöglicht. Die Schwerpunkte dieser mehr als 70 strukturierten und gewichteten Anforderungen liegen dabei auf der Automatisierung und der Skalierbarkeit, Vertrauen sowie der Interoperabilität. Zudem sollen organisatorische Randbedingungen wie Sicherheits- und Datenschutzaspekte eingehalten werden. Im Rahmen eines umfassenden, gesamtheitlichen Architekturkonzepts wird anschließend eine Managementplattform für dynamisches Federated Identity Management erarbeitet. Neben der Spezifikation des orchestrierten, technischen Metadatenaustausches, der den bestehenden Ansätzen fehlt, fokussiert diese Arbeit auf die organisatorische Eingliederung hinsichtlich des IT Service Managements. Hierbei liegt der Fokus auf Security Management und Change Management. Zur Kompensation weiterer Defizite bisheriger Ansätze werden zwei zusätzliche Werkzeuge spezifiziert, die auf eine optimierte Interoperabilität bestehender FIM-Systeme sowie die Automatisierung und Skalierbarkeit existierender Abläufe abzielen. Eine Beschreibung der prototypischen Implementierung der Managementplattform und der Werkzeugkonzepte mit einer Diskussion ihrer Skalierbarkeit und die methodische Anwendung auf ein realistisches Szenario runden diese Arbeit ab.Federated Identity Management (FIM) has the motivation to provide identity data of users from their home organisation, also called Identity Provider (IdP), to a Service Provider (SP). This facilitates the prevention of redundancy and inconsistency, while users can re-use their home account for other services, without remembering further user accounts and passwords. The Security Assertion Markup Language (SAML) and the protocol OpenID Connect are two well-known standards within the industry sector and research & education (R&E) environment. Due to the ongoing interconnectedness, the limitations of the current architecture are increasingly revealed. In the first part of the thesis, a profound and comprehensive analysis is presented, in order to illustrate different perspectives on the architecture and the requirements. The focus of the more than seventy structured and weighted requirements in the categories function, non-functional, organizational as well as privacy- and security-specific categories lays in the automation and scalability of the approach as well as trust implications and interoperability. As part of the holistic, integrated architecture conceived in this thesis, a management platform for dynamic FIM has been developed. Besides the precise specification of the orchestrated, technical metadata exchange, special emphasis has been put on the organizational integration concerning the IT service management. Dependencies and effects on the security management and change management have been investigated in detail. To compensate further shortcomings of existing approaches, two new FIM components have been specified, which enhance the interoperability between FIM systems in heterogeneous identity federations, as well as the scalability and automation of existing workflows. The thesis is concluded with a description of the prototypical implementation of the management platform and the tool concepts as well as a discussion on their scalability characteristics and the application of the architecture to a realistic scenario

Architektur und Werkzeuge für dynamisches Identitätsmanagement in Föderationen

Federated Identity Management (FIM) hat die Motivation, Identitätsdaten eines Benutzers von einer Heimatorganisation, d. h. Identity Provider (IdP), einem Dienstbetreiber, Service Provider (SP) genannt, bereitzustellen. Dies ermöglicht zum einen die Vermeidung von Redundanzen und Inkonsistenzen und zum anderen kann der Benutzer viele weitere Dienste nutzen, ohne sich zusätzliche Benutzerkonten merken zu müssen. Mit der Security Assertion Markup Language (SAML) und dem Protokoll OpenID Connect haben sich in Wirtschaft und Research & Education (R&E) zwei Standards etabliert. Durch die vermehrte Vernetzung zeigen sich zunehmend die Grenzen der aktuell eingesetzten Architektur. In dieser Arbeit wird zunächst eine umfangreiche Anforderungsanalyse anhand verschiedener Szenarien durchgeführt, die unterschiedliche Perspektiven auf die Architektur und ihre Anforderungen ermöglicht. Die Schwerpunkte dieser mehr als 70 strukturierten und gewichteten Anforderungen liegen dabei auf der Automatisierung und der Skalierbarkeit, Vertrauen sowie der Interoperabilität. Zudem sollen organisatorische Randbedingungen wie Sicherheits- und Datenschutzaspekte eingehalten werden. Im Rahmen eines umfassenden, gesamtheitlichen Architekturkonzepts wird anschließend eine Managementplattform für dynamisches Federated Identity Management erarbeitet. Neben der Spezifikation des orchestrierten, technischen Metadatenaustausches, der den bestehenden Ansätzen fehlt, fokussiert diese Arbeit auf die organisatorische Eingliederung hinsichtlich des IT Service Managements. Hierbei liegt der Fokus auf Security Management und Change Management. Zur Kompensation weiterer Defizite bisheriger Ansätze werden zwei zusätzliche Werkzeuge spezifiziert, die auf eine optimierte Interoperabilität bestehender FIM-Systeme sowie die Automatisierung und Skalierbarkeit existierender Abläufe abzielen. Eine Beschreibung der prototypischen Implementierung der Managementplattform und der Werkzeugkonzepte mit einer Diskussion ihrer Skalierbarkeit und die methodische Anwendung auf ein realistisches Szenario runden diese Arbeit ab.Federated Identity Management (FIM) has the motivation to provide identity data of users from their home organisation, also called Identity Provider (IdP), to a Service Provider (SP). This facilitates the prevention of redundancy and inconsistency, while users can re-use their home account for other services, without remembering further user accounts and passwords. The Security Assertion Markup Language (SAML) and the protocol OpenID Connect are two well-known standards within the industry sector and research & education (R&E) environment. Due to the ongoing interconnectedness, the limitations of the current architecture are increasingly revealed. In the first part of the thesis, a profound and comprehensive analysis is presented, in order to illustrate different perspectives on the architecture and the requirements. The focus of the more than seventy structured and weighted requirements in the categories function, non-functional, organizational as well as privacy- and security-specific categories lays in the automation and scalability of the approach as well as trust implications and interoperability. As part of the holistic, integrated architecture conceived in this thesis, a management platform for dynamic FIM has been developed. Besides the precise specification of the orchestrated, technical metadata exchange, special emphasis has been put on the organizational integration concerning the IT service management. Dependencies and effects on the security management and change management have been investigated in detail. To compensate further shortcomings of existing approaches, two new FIM components have been specified, which enhance the interoperability between FIM systems in heterogeneous identity federations, as well as the scalability and automation of existing workflows. The thesis is concluded with a description of the prototypical implementation of the management platform and the tool concepts as well as a discussion on their scalability characteristics and the application of the architecture to a realistic scenario

Security of Cyber-Physical Systems

Cyber-physical system (CPS) innovations, in conjunction with their sibling computational and technological advancements, have positively impacted our society, leading to the establishment of new horizons of service excellence in a variety of applicational fields. With the rapid increase in the application of CPSs in safety-critical infrastructures, their safety and security are the top priorities of next-generation designs. The extent of potential consequences of CPS insecurity is large enough to ensure that CPS security is one of the core elements of the CPS research agenda. Faults, failures, and cyber-physical attacks lead to variations in the dynamics of CPSs and cause the instability and malfunction of normal operations. This reprint discusses the existing vulnerabilities and focuses on detection, prevention, and compensation techniques to improve the security of safety-critical systems

Social Enterprise in Asia

In the absence of a widely accepted and common definition of social enterprise (SE), a large research project, the ""International Comparative Social Enterprise Models"" (ICSEM) Project, was carried out over a five-year period; it involved more than 200 researchers from 55 countries and relied on bottom-up approaches to capture the SE phenomenon. This strategy made it possible to take into account and give legitimacy to locally embedded approaches, thus resulting in an analysis encompassing a wide diversity of social enterprises, while simultaneously allowing for the identification of major SE models to delineate the field on common grounds at the international level. These SE models reveal or confirm an overall trend towards new ways of sharing the responsibility for the common good in today’s economies and societies. We tend to consider as good news the fact that social enterprises actually stem from all parts of the economy. Indeed, societies are facing many complex challenges at all levels, from the local to the global level. The diversity and internal variety of SE models are a sign of a broadly shared willingness to develop appropriate—although sometimes embryonic—responses to these challenges, on the basis of innovative economic/business models driven by a social mission. In spite of their weaknesses, social enterprises may be seen as advocates for and vehicles of the general interest across the whole economy. Of course, the debate about privatisation, deregulation and globalised market competition—all factors that may hinder efforts in the search for the common good–has to be addressed as well. The first of a series of four ICSEM books, Social Enterprise in Asia will serve as a key reference and resource for teachers, researchers, students, experts, policy makers, journalists and other categories of people who want to acquire a broad understanding of the phenomena of social enterprise and social entrepreneurship as they emerge and develop across the world

Social Enterprise in Asia

In the absence of a widely accepted and common definition of social enterprise (SE), a large research project, the ""International Comparative Social Enterprise Models"" (ICSEM) Project, was carried out over a five-year period; it involved more than 200 researchers from 55 countries and relied on bottom-up approaches to capture the SE phenomenon. This strategy made it possible to take into account and give legitimacy to locally embedded approaches, thus resulting in an analysis encompassing a wide diversity of social enterprises, while simultaneously allowing for the identification of major SE models to delineate the field on common grounds at the international level. These SE models reveal or confirm an overall trend towards new ways of sharing the responsibility for the common good in today’s economies and societies. We tend to consider as good news the fact that social enterprises actually stem from all parts of the economy. Indeed, societies are facing many complex challenges at all levels, from the local to the global level. The diversity and internal variety of SE models are a sign of a broadly shared willingness to develop appropriate—although sometimes embryonic—responses to these challenges, on the basis of innovative economic/business models driven by a social mission. In spite of their weaknesses, social enterprises may be seen as advocates for and vehicles of the general interest across the whole economy. Of course, the debate about privatisation, deregulation and globalised market competition—all factors that may hinder efforts in the search for the common good–has to be addressed as well. The first of a series of four ICSEM books, Social Enterprise in Asia will serve as a key reference and resource for teachers, researchers, students, experts, policy makers, journalists and other categories of people who want to acquire a broad understanding of the phenomena of social enterprise and social entrepreneurship as they emerge and develop across the world

Globalization, social innovation, and co-operative development: A comparative analysis of Québec and Saskatchewan, 1980-2010.

This study examines the development gap that has emerged between the co-operative sectors of the Canadian provinces of Québec and Saskatchewan since 1980. It harnesses historical research, textual analysis, and semi-structured interviews to better understand how some movements are able to regenerate their movements in the face of crisis. The study finds that the regeneration of the Québec movement reflects the concertation (concerted action) of social movement, sector, and state actors. Deeply rooted in a collectivist tradition of cultural nationalism and state corporatism, this democratic partnership supported the renovation and expansion of the co-operative development system in a virtuous spiral of movement agency, innovation, and regeneration. Concertation of social movement and state actors created momentum for escalating orders of joint-action, institution-building, and policy and program development. By contrast, the degeneration of the Saskatchewan movement reflects the decline of the agrarian economy and movement and a failure to effectively coordinate the efforts of emerging social movements and the state for development action. This has yielded a vicious spiral of movement inertia, under-development, and decline. Although green shoots are in evidence, regeneration efforts in Saskatchewan lag Québec’s progress in rebuilding the foundations for effective democratic partnership. The study concludes with a detailed comparison of these diverging movements, offering conclusions and recommendations for the repair of the Saskatchewan development system and the regeneration of its co-operative movement

Por que os trabalhadores do setor financeiro dos EUA não são sindicalizados? : um problema atual com raízes no século 19

Orientador: Carlos Salas PáezDissertação (mestrado) - Universidade Estadual de Campinas, Instituto de EconomiaResumo: Trabalhadores do setor financeiro dos EUA apresentam a menor taxa de sindicalização em comparação aos trabalhadores de outras indústrias, e estão entre os menos organizados do mundo. À luz da recente crise econômica, o movimento operário dos EUA, junto com os sindicatos internacionais, tem tido grande interesse em reverter as sombrias taxas de sindicalização, devido à importância destes trabalhadores, que estão dentro de um mercado financeiro globalizado altamente dominado por empresas norte-americanas. O atual desafio em organizar estes trabalhadores está enraizado em uma história profunda de evasão, ignorância, desorientação, repressão, e derrotas para os interesses do sindicalismo dos trabalhadores de escritórios. Este trabalho explora as primeiras raízes dos obstáculos atuais que os trabalhadores do setor financeiro enfrentam na tentativa de se sindicalizar, examinando a resistência popular à formação do Setor Financeiro dos EUA no século 19. Uma visão geral do desenvolvimento inicial do setor financeiro, de suas respostas políticas e da organização do trabalho é fornecida, incluindo informações específicas sobre os trabalhadores do setor financeiro, quando disponíveis. O aumento da feminização do trabalho de colarinho branco após a Guerra Civil dos EUA também é explorado. Os fatores chave que contribuem para as baixas taxas de sindicalização incluem o impacto da liderança sindical influenciada pelo populismo, o que contribuiu para as reformas que promovem uma estrutura financeira descentralizada, a exclusão dos trabalhadores de escritório, a feminização da força de trabalho de escritórios, as atitudes das lideranças sindicais em relação às mulheres e trabalhadores de escritório, e a falta de um partido trabalhista nos EUA, tudo isso combinado com a repressão do governo contra os comunistas que pretendiam organizar o setor. Na conclusão, são apresentadas sugestões para a continuação da pesquisa sobre o porquê de os EUA não possuírem um sindicato dos trabalhadores do setor financeiroAbstract: Financial sector workers in the US suffer from the lowest rate of unionization of workers in any of the industries in the US, and are among the least organized in the world. In light of the recent economic crisis, and given the importance of US financial workers within a globalized financial market highly dominated by US firms, the US labor movement, along with unions internationally, has taken great interest in reversing these dismal unionization rates. The current challenge to organizing these workers is rooted in a deep history of avoidance, ignorance, misguidance, repression, and defeats for the interests of office worker unionism. This work explores the early roots of the current obstacles these workers face in attempting to unionize by examining the popular resistance to US Financial Sector formation in the 19th century. An overview of early financial sector development, political responses, and labor organization is provided, including specific information on financial sector workers when available. The increase and feminization of white-collar work after the US Civil War is explored, especially in the clerical industries of the financial sector. Key factors contributing to low unionization rates include the impact of populist-influenced labor leadership that preferred a decentralized financial structure and excluded clerical workers, the feminization of the clerical labor force, the attitudes of trade union leaders towards women and clerical workers, and the combination of a lack of a labor party in the US and government repression of communists who had the vision to organize the sector. Suggestions for continued research on why the US does not have a financial sector workers union are presented in the conclusionMestradoEconomia Social e do TrabalhoMestre em Desenvolvimento Econômic

The growth and regulation of the private security industry in India and South Africa

The lack of scientific research covering the factors contributing to the growth and regulation of the private security industry (PSI) in India and South Africa gave rise to the study. The study used qualitative research methods, a case study design and documentary analysis techniques, including personal interviews supported by a qualitative questionnaire and e-mailing the questionnaires to participants, to achieve the purpose and objectives of the study. The researcher interviewed seven participants from India personally and eight responded to the qualitative questionnaire sent by e-mail. The researcher conducted eight one-on-one interviews with South African participants and eleven members responded to the qualitative questionnaire sent by e-mail. The researcher carried out a pilot study to identify any shortcomings in the qualitative questionnaire. The study examined various theories on regulations and regulatory frameworks and considered the theoretical aspects of regulating the private security industry. This study confirmed that private security is growing at a rapid pace in India and South Africa, and the common factors encouraging growth include socio-economic factors like rapid growth and infrastructure, increasing urbanisation, growth of the middle class, poverty and unemployment, illegal immigration, growth in private property and increase in personal wealth. Indian participants especially, felt strongly that an increase in terror attacks is a key factor contributing to the rapid growth of the PSI, whilst South African participants confirmed, a fear of political violence and being scared of civil unrest were reasons for the increased presence of the PSI in the country. The participants corroborated that statutory-based legislation imposed by the Private Security Agencies (Regulation) Act 2005 and the Private Security Industry Regulation Act 2001 is not wholly effective in regulating the PSI in India.Ukusweleka kocwaningo lwesisayense olwengamela izinto ezinomthelela ekukhuleni kanye nemitheshwana yolawulo kwimboni yonogada bezokuvikeleka yangasese i-private security industry (PSI) eNdiya naseNingizimu Afrika kwenze ukuthi kube nalolu cwaningo. Ucwaningo lusebenzise izindlela ze-qualitative research methods, i-case study kanye nethekniki yohlaziyo lwamadokhumende, okubandakanya nama-interview nabantu ziqu, ngokusekelwa wuhla lwemibuzo ebhaliwe ye-qualitative kanye nohla lwemibuzo ebhaliwe (questionnaires) ethunyelwe nge-email kulabo ababambe iqhaza, ukufezekisa izinhloso nezinjongo zocwaningo. Umcwaningi wenze ama-interview nababambi qhaza abayisikhombisa ziqu baseNdiya kanti abayisishagalombili baphendule imibuzo yohla ebhaliwe ye-qualitative oluthunyelwe nge-email. Umcwaningi ubuye waba nama-interview okubhekana ubusu nobuso nababambi qhaza baseNingizimu Afrika abayisishagalombili, kwathi abayishumi nanye baphendula uhla lwemibuzo ebhaliwe ye-qualitative ethunyelwe nge-email. Kwenziwe ucwaningo lokulinga (pilot study) ukubheka ukuntengantenga kohla lwemibuzo ebhaliwe ye-qualitative. Lolu cwaningo luhlole amathiyori ahlukahlukene ngokwenziwa kwemithetho yolawulo kanye nohlaka lwemitheshwana yolawulo, kanye nokubonelela izingxenye zethiyori yemitheshwana yolawulo lwemboni yonogada bezokuvikeleka yangasese. Ucwaningo luqinisekise ukuthi imboni yonogada bangasese bezokuvikeleka ikhula ngokuyisimanga eNdiya kanye naseNingizimu Afrika, kanti okuyixhumanisayo nokufanayo, kubandakanya ukukhula kwezinto eziphathelene nabantu nezomnotho njengokukhula ngesivinini kwezingqalasizinda, ukuya kakhulu kwabantu ezindaweni zamadolobha, ukukhula kwe-middle class, inhlupheko nokusweleka kwemisebenzi, ukungena kakhulu kwabantu ababuya kwezinye izindawo ngokungemthetho (illegal migration), ukukhula kwempahla yangasese kanye nokwanda kokunotha kubantu. Ababambi qhaza baseNdiya bona banemizwa eqinile yokuthi uhlaselo lwamaphekulazikhuni (terror attacks) yinto enomthelela kakhulu ukukhuleni kwemboni ye-PSI. Ababambi qhaza baseNingizimu Afrika bona baqinise ukwesaba udlame lwezepolitiki kanye nokwesaba izivungu-vungu zovukelwano lwabantu, yikho okube yizizathu zokukhula kobukhona be-PSI ezweni. Ababambi qhaza baqinise ukuthi imithetho efakelwe ye-Private Security Agencies (Regulation) Act 2005 kanye nomthetho we-Private Security Industry Regulation Act 2001 ayisebenzi ngokufanele ukulawula kahle imboni ye-PSI eNdiya.Esi sifundo sibe ngunozala wokunqongophala kophando lobunzululwazi malunga nezinto ezincedisa ekukhuleni nasekulawulweni korhwebo lokhuselo lwabucala, iprivate security industry (PSI), kwilizwe laseIndia naseMzantsi Afrika. Isifundo sisebenzise indlela yophando lomgangatho, uyilo lwenkqubo engumzekelo, uhlalutyo lwemibhalo, udliwano ndlebe lobuso ngobuso nabantu ngabantu, oku kuxhaswa luluhlu lwemibuzo olubhaliweyo noluthunyelwe kubathathi nxaxheba ngeimeyile ukuze kuphunyezwe iinjongo zesi sifundo. Umphandi udlane indlebe nabathathi nxaxheba abasixhenxe abavela eIndia kanti abasibhozo baphendule uluhlu lwemibuzo yomgangatho kwi-imeyile. Umphandi uqhube udliwano ndlebe ubuso ngobuso nabathathi nxaxheba abasibhozo eMzantsi Afrika kanti abalishumi elinanye bona baphendule uluhlu lwemibuzo yomgangatho kwi-imeyile. Kwaqhutywa isifundo sokutshayelela ngenjongo yokuqonda ukuba akukho zikhwasilima na kuluhlu lwemibuzo yomgangatho. Isifundo siphonononge iingcingane okanye iithiyori ezingemigaqo nezakhelo zemigaqo yolawulo kwaza kwaqatshelwa imiba yeengcingane emalunga nokulawulwa norhwebo lokhuseleko lwabucala. Esi sifundo singqine ukuba ukhuselo lwabucala lukhula ngesantya esikhawulezayo eIndia naseMzantsi Afrika, kwaye izinto ezikhuthaza oku kukhula ziquka imiba yezentlalo noqoqosho njengokwanda okukhawulezayo nezibonelelo, ukwanda kweendlela zokuphila budolophu, ukukhula kwezinga loluntu eliphakathi (middle class), ubuhlwempu nentswela ngqesho, ukufudukela kwamanye amazwe ngokungekho mthethweni, ukwanda kokufumaneka komhlaba wabucala nokwanda kobutyebi babantu. Abathathi nxaxheba baseIndia bathi bacinga ukuba ukwanda kohlaselo ngabagrogrisi kuphambili ekuncediseni ukukhula korhwebo lokhuselo lwabucala. AbaseMzantsi Afrika bona bangqina ukuba uloyiko lobundlobogela bezopolitiko nokoyika uvukelo mbuso zizizathu zokwanda kobukho borhwebo lokhuselo lwabucala kweli lizwe. Abathathi nxaxheba bavuma ukuba imigaqo esekelwe emthethweni nebethelelwa nguMthetho Wokhuselo Lwabucala wama-2005, iPrivate Security Agencies (Regulation) Act 2005 kunye nePrivate Security Industry Regulation Act 2001 ayisebenzi ngokufezekileyo ekulawuleni urhwebo lokhuselo lwabucala eIndia.Criminology and Security SciencePh. D. (Criminal Justice