Design, Management and Key Success Factors of an Offshore Cathodic Protection System for Corrosion Control

Corrosion is a very prevalent issue for offshore operations in the oil and gas industry. If the corrosion issues are not addressed adequately, these may lead to quality failures, safety incidents, compromise to asset integrity and high inspection costs. This research paper discusses and analyzes corrosion types, corrosion threats, mechanisms to protect against corrosion, design and management of cathodic protection system, and key success factors for a cathodic protection system for an offshore oil and gas production system

DASICS: Enhancing Memory Protection with Dynamic Compartmentalization

In the existing software development ecosystem, security issues introduced by third-party code cannot be overlooked. Among these security concerns, memory access vulnerabilities stand out prominently, leading to risks such as the theft or tampering of sensitive data. To address this issue, software-based defense mechanisms have been established at the programming language, compiler, and operating system levels. However, as a trade-off, these mechanisms significantly reduce software execution efficiency. Hardware-software co-design approaches have sought to either construct entirely isolated trusted execution environments or attempt to partition security domains within the same address space. While such approaches enhance efficiency compared to pure software methods, they also encounter challenges related to granularity of protection, performance overhead, and portability. In response to these challenges, we present the DASICS (Dynamic in-Address-Space Isolation by Code Segments) secure processor design, which offers dynamic and flexible security protection across multiple privilege levels, addressing data flow protection, control flow protection, and secure system calls. We have implemented hardware FPGA prototypes and software QEMU simulator prototypes based on DASICS, along with necessary modifications to system software for adaptability. We illustrate the protective mechanisms and effectiveness of DASICS with two practical examples and provide potential real-world use cases where DASICS could be applied.Comment: 16 pages, 6 figure

Dynamic deployment of context-aware access control policies for constrained security devices

Securing the access to a server, guaranteeing a certain level of protection over an encrypted communication channel, executing particular counter measures when attacks are detected are examples of security requirements. Such requirements are identi ed based on organizational purposes and expectations in terms of resource access and availability and also on system vulnerabilities and threats. All these requirements belong to the so-called security policy. Deploying the policy means enforcing, i.e., con guring, those security components and mechanisms so that the system behavior be nally the one speci ed by the policy. The deployment issue becomes more di cult as the growing organizational requirements and expectations generally leave behind the integration of new security functionalities in the information system: the information system will not always embed the necessary security functionalities for the proper deployment of contextual security requirements. To overcome this issue, our solution is based on a central entity approach which takes in charge unmanaged contextual requirements and dynamically redeploys the policy when context changes are detected by this central entity. We also present an improvement over the OrBAC (Organization-Based Access Control) model. Up to now, a controller based on a contextual OrBAC policy is passive, in the sense that it assumes policy evaluation triggered by access requests. Therefore, it does not allow reasoning about policy state evolution when actions occur. The modi cations introduced by our work overcome this limitation and provide a proactive version of the model by integrating concepts from action speci cation languages

Humanitarian Visas: Option or obligation?. CEPS Liberty and Security in Europe No. 68, 27 October 2014

Third-country nationals seeking protection have no EU-wide legal channels at present for entering EU territory and triggering protection mechanisms under the Common European Asylum System. As a result, many embark on hazardous journeys, with concomitant risks and loss of human life. The absence of ‘protection-sensitive’ mechanisms for accessing EU territory, along with EU external and extraterritorial border and migration management and control, undermine Member States' refugee and human rights obligations. Humanitarian visas may offer a remedy in this regard by enabling third-country nationals to apply in situ for entry to EU territory on humanitarian grounds or because of international obligations. This study asks whether the existing Visa Code actually obliges Member States to issue humanitarian visas. It also examines past implementation of humanitarian visa schemes by Member States and considers whether more could be done to encourage them to make use of existing provisions in EU law. Finally, with a Commission proposal for Visa Code reform on the table, it asks whether there is now an opportunity to lay down clear rules for humanitarian visa schemes

Anyone but Him: The Complexity of Precluding an Alternative

Preference aggregation in a multiagent setting is a central issue in both human and computer contexts. In this paper, we study in terms of complexity the vulnerability of preference aggregation to destructive control. That is, we study the ability of an election's chair to, through such mechanisms as voter/candidate addition/suppression/partition, ensure that a particular candidate (equivalently, alternative) does not win. And we study the extent to which election systems can make it impossible, or computationally costly (NP-complete), for the chair to execute such control. Among the systems we study--plurality, Condorcet, and approval voting--we find cases where systems immune or computationally resistant to a chair choosing the winner nonetheless are vulnerable to the chair blocking a victory. Beyond that, we see that among our studied systems no one system offers the best protection against destructive control. Rather, the choice of a preference aggregation system will depend closely on which types of control one wishes to be protected against. We also find concrete cases where the complexity of or susceptibility to control varies dramatically based on the choice among natural tie-handling rules.Comment: Preliminary version appeared in AAAI '05. Also appears as URCS-TR-2005-87

Lightweight reconfiguration security services for AXI-based MPSoCs

International audienceNowadays, security is a key constraint in MPSoC development as many critical and secret information can be stored and manipulated within these systems. Addressing the protection issue in an efficient way is challenging as information can leak from many points. However one strategic component of a bus-based MPSoC is the communication architecture as all information that an attacker could try to extract or modify would be visible on the bus. Thus monitoring and controlling communications allows an efficient protection of the whole system. Attacks can be detected and discarded before system corruption. In this work, we propose a lightweight solution to dynamically update hardware firewall enhancements which secure data exchanges in a bus-based MPSoC. It provides a standalone security solution for AXI-based embedded systems where no user intervention is required for security mechanisms update. An FPGA implementation demonstrates an area overhead of around 11% for the adaptive version of the hardware firewall compared to the static one

Toward unified security and privacy protection for smart meter networks

The management of security and privacy protection mechanisms is one fundamental issue of future smart grid and metering networks. Designing effective and economic measures is a non-trivial task due to a) the large number of system requirements and b) the uncertainty over how the system functionalities are going to be specified and evolve. The paper explores a unified approach for addressing security and privacy of smart metering systems. In the process, we present a unified framework that entails the analysis and synthesis of security solutions associated with closely interrelated components of a typical smart metering system. Ultimately, the proposed framework can be used as a guideline for embedding cross-domain security and privacy solutions into smart grid communication systems

The False Promise of Custody in Domestic Violence Protection Orders

This Article reveals the disconnect between the power and the will to enforce the custody and parenting time provisions of protection orders through criminal mechanisms and explores the further infirmity of civil enforcement by illustrating the shortcomings of available relief. Together, these barriers to effective enforcement threaten to render this court-granted protection meaningless and dangerously misleading. The barriers also undermine the many years of advocacy invested to secure these protections in the first place - reforms aimed at protecting victims and children from abusive parents.This Article explores ways to bring together the will and the power to enforce all aspects of protection orders criminally and to shore up the relief available through civil contempt so that the family law provisions of protection orders are more than illusory. This Article explores the ways in which the hard-fought system reforms now fail to offer protection to survivors in previously unforeseeable ways and also pushes further by seeking to explore and resolve the lack of reliable enforcement remedies in this area in a way that not only keeps survivors safe but contemplates the important interests of children at issue and the enhanced enforceability of civil injunctions generally

FAIR aspects of a health information protection and management system

Background: Privacy management is a key issue when dealing with storage and distribution of health information. However, FAIR (Findability, Accessibility, Interoperability, and Reusability) principles when sharing information are in increasing demand in several organizations, especially for information generated in public-funded research projects. Objectives: The two main objectives of the presented work are the definition of a secure and interoperable modular architecture to manage different kinds of medical content (xIPAMS [x, for Any kind of content, Information Protection And Management System] and HIPAMS [Health Information Protection And Management System]), and the application of FAIR principles to that architecture in such a way that privacy and security are compatible with FAIR. Methods: We propose the concept of xIPAMS as a modular architecture, following standards for interoperability, which defines mechanisms for privacy, protection, storage, search, and access to health-related information. Results: xIPAMS provides FAIR principles and preserves patient's privacy. For each module, we identify how FAIR principles apply. Conclusions: We have analyzed how xIPAMS, and in particular HIPAMS (Health content), support the FAIR principles focusing on security and privacy. We have identified the FAIR principles supported by the different xIPAMS modules, concluding that the four principles are supported. Our analysis has also considered a possible implementation based on the concept of DACS (Document Access and Communication System), a system storing medical documents in a private and secure way. In addition, we have analyzed security aspects of the FAIRification process and how they are provided by xIPAMS modules.The work presented in this article has been partially supported by the Spanish Government under the project: GenClinLab-Sec (Mechanisms for secure and efficient management of genomic information tailored to clinical laboratories: Security Aspects, PID2020-114394RB-C31) funded by MCIN/AEI/10.13039/501100011033 and by the Generalitat de Catalunya (2017 SGR 1749).Peer ReviewedPostprint (published version

Constitutionalization of Human Rights in Post-Soviet States and Latin America: A Comparative Analysis

This Article consists of four parts. The first, which is more general, addresses the question to what extent the system of governance adopted by the countries of the two regions affected the record of the states\u27 protection of human rights. For instance, this Article considers whether democratization of the political system necessarily results in better protection of human rights. The second part analyzes the placement of human rights in the framework of the Latin American and post-Soviet constitutions. The third part identifies and discusses the problem of individual and group rights, an issue crucial for both regions. The fourth part provides a comparative analysis of the main categories of constitutionalized rights and freedoms. Although this part examines the general approach of the constitutional drafters to social, economic, and cultural rights, it focuses on so-called first category rights, such as personal freedoms and civil and political rights, as well as on enforcement mechanisms. The conclusion will supply observations on the most important lessons that constitutional drafters can learn from the experiences of others