17 research outputs found

    From abuse to trust and back again

    Get PDF
    oai:westminsterresearch.westminster.ac.uk:w7qv

    Intelligence Oversight In Times of Transnational Impunity: Who Will Watch the Watchers?

    Get PDF
    This book adopts a critical lens to look at the workings of Western intelligence and intelligence oversight over time and space. Largely confined to the sub-field of intelligence studies, scholarly engagements with intelligence oversight have typically downplayed the violence carried out by secretive agencies. These studies have often served to justify weak oversight structures and promoted only marginal adaptations of policy frameworks in the wake of intelligence scandals. The essays gathered in this volume challenge the prevailing doxa in the academic field, adopting a critical lens to look at the workings of intelligence oversight in Europe and North America. Through chapters spanning across multiple disciplines–political sociology, history, and law–the book aims to recast intelligence oversight as acting in symbiosis with the legitimisation of the state’s secret violence and the enactment of impunity, showing how intelligence actors practically navigate the legal and political constraints created by oversight frameworks and practices, for instance by developing transnational networks of interdependence. The book also explores inventive legal steps and human rights mechanisms aimed at bridging some of the most serious gaps in existing frameworks, drawing inspiration from recent policy developments in the international struggle against torture. This book will be of much interest to students of intelligence studies, sociology, security studies, and international relations

    XXIII EdiciĂłn del Workshop de Investigadores en Ciencias de la ComputaciĂłn : Libro de actas

    Get PDF
    CompilaciĂłn de las ponencias presentadas en el XXIII Workshop de Investigadores en Ciencias de la ComputaciĂłn (WICC), llevado a cabo en Chilecito (La Rioja) en abril de 2021.Red de Universidades con Carreras en InformĂĄtic

    The 11th Conference of PhD Students in Computer Science

    Get PDF

    An Internet-Wide Analysis of Diffie-Hellman Key Exchange and X.509 Certificates in TLS

    Get PDF
    Transport Layer Security (TLS) is a mature cryptographic protocol, but has flexibility during implementation which can introduce exploitable flaws. New vulnerabilities are routinely discovered that affect the security of TLS implementations. We discovered that discrete logarithm implementations have poor parameter validation, and we mathematically constructed a deniable backdoor to exploit this flaw in the finite field Diffie-Hellman key exchange. We described attack vectors an attacker could use to position this backdoor, and outlined a man-in-the-middle attack that exploits the backdoor to force Diffie-Hellman use during the TLS connection. We conducted an Internet-wide survey of ephemeral finite field Diffie-Hellman (DHE) across TLS and STARTTLS, finding hundreds of potentially backdoored DHE parameters and partially recovering the private DHE key in some cases. Disclosures were made to companies using these parameters, resulting in a public security advisory and discussions with the CTO of a billion-dollar company. We conducted a second Internet-wide survey investigating X.509 certificate name mismatch errors, finding approximately 70 million websites invalidated by these errors and additionally discovering over 1000 websites made inaccessible due to a combination of forced HTTPS and mismatch errors. We determined that name mismatch errors occur largely due to certificate mismanagement by web hosting and content delivery network companies. Further research into TLS implementations is necessary to encourage the use of more secure parameters

    Development of an open-source mobile application for emergency data collection

    Get PDF
    This Master degree project identified disasters and emergencies as a global humanitarian and technological challenge. Emergency management organizations' need for access to accurate and up-to-date information about the emergency situation, to help respond to, recover from and mitigate the effects of disasters and emergencies, presents a challenge to the field of Geomatics. Today the use of remote sensing technologies presents an increasing number of solutions. There are types of spatial data, however, e.g. submerged, non-visual or otherwise hidden features that still require emergency field personnel and volunteers to interpret and record. By utilizing the increasing ubiquity and computational power of modern smartphones, in order to reach a large number of potential users and volunteers, a mobile application for emergency field data collection was developed. It was developed as a component of a system that, in order to be as collaborative, adaptable and accessible as possible, also to resource-poor organizations, was, with a minor exception, completely open-source licensed. Field trials were held that, due to low participation, could not conclusively evaluate the application and its general applicability to emergency field data collection. They did, however, provide an adequate proof-of-concept and showed that it was possible to apply the application and the implemented system to a specific emergency field data collection task. The system has great collaborative potential, achieved through openness, mobility, standards compliance, multi-source capability and adaptability. Its administrators are given a high degree of control that lets them adapt the system to suit the current users and situation and its flexibility make it widely applicable, not only for emergency management. From literature, the field trials and the experience gained while developing and using the application, some ideas for improving the application and the system were discussed and some future research topics were suggested.Under och efter katastrofer och nödsituationer samlas mĂ„nga olika organisationer för att hjĂ€lpa de drabbade. Det kan vara t.ex. polis, brandkĂ„r, sjukvĂ„rd, eller elbolag som mĂ„ste reparera ledningsnĂ€t. Vid större katastrofer kan myndigheter och internationella hjĂ€lporganisationer ocksĂ„ behöva komma till undsĂ€ttning. För att dessa organisationer ska kunna hjĂ€lpa till pĂ„ ett effektivt sĂ€tt mĂ„ste de ha tillgĂ„ng till uppdaterad och korrekt information om krislĂ€get. En stor del av den hĂ€r informationen Ă€r kopplad till en specifik plats; den Ă€r geografisk. Idag fĂ„r organisationer som jobbar med krishantering mycket av sin geografiska information frĂ„n satelliter och flygbilder, men en del typer av information kan inte ses med satellit. Dessa kan vara t.ex. ledningar som ligger begravda under markytan eller mĂ€nskliga skador och behov. DĂ€rför behövs ocksĂ„ nĂ„gon form av system som personal och volontĂ€rer i fĂ€lt kan anvĂ€nda för att rapportera till krisledningscentraler pĂ„ ett effektivt sĂ€tt. MĂ„nga sĂ„dana system har historiskt sett varit dyra att skaffa eftersom de krĂ€vt avancerade datorprogram och dyr teknisk utrustning till personalen i fĂ€lt. Eftersom de dessutom mĂ„nga gĂ„nger varit svĂ„ra att anvĂ€nda har det varit svĂ„rt för krishanterings-organisationer att fĂ„ ihop tillrĂ€ckligt mĂ„nga personer att hjĂ€lpa till. Det hĂ€r projektet syftade till att utveckla en mobil-app, d.v.s. ett program till moderna mobiltelefoner (s.k. smartphones). MĂ„let med appen var att alla som Ă€ger en smartphone av rĂ€tt typ skulle kunna bidra till att samla viktig geografisk information till krisledningscentralen. Genom att lĂ„ta appen vara en del av ett system som Ă€r helt gratis att anvĂ€nda och med öppen kĂ€llkod, kan Ă€ven organisationer med smĂ„ resurser och lite pengar anvĂ€nda den. Tack vare att sĂ„ mĂ„nga redan Ă€ger smartphones som de dessutom redan Ă€r vana vid att anvĂ€nda kan det bli lĂ€ttare att fĂ„ fler att kunna medverka. Utvecklingen av appen lyckades och hela systemet Ă€r gratis att anvĂ€nda och utgivet – nĂ€stan – helt med öppen kĂ€llkod. Appen testades, men av för fĂ„ deltagare för att kunna dra nĂ„gra definitiva slutsatser om systemet Ă€r lĂ€mpligt att anvĂ€nda för krishantering. Dock visade appen och systemet god potential under testerna och att det var möjligt att anvĂ€nda appen för att samla information i en katastrofsituation

    Authoritative linked data descriptions of debian source packages using ADMS.SW

    Get PDF
    Part 1: Full Papers - FOSS TechnologiesInternational audienceThe Debian Package Tracking System is a Web dashboard for Debian contributors and advanced users. This central tool publishes the status of subsequent releases of source packages in the Debiandistribution. It has been improved to generate RDF meta-data documenting the urcepackages, their releases and links to other packaging artifacts, using the ADMS.SW 1.0 model. This constitutes an authoritative source ofmachine-readable Debian "facts" and proposes a reference URI naming scheme for Linked Data resources about Debian packages. This should enable the interlinking of these Debian package descriptions with other ADMS.SW or DOAP descriptions of FLOSS projects available on the Semantic Web also using Linked Data principles. This will be particularly interesting for traceability with upstream projects whose releases are packaged in Debian, derivative istributions reusing Debian source packages, or with other FLOSS distributions

    A Comprehensive Review and Synthesis of Open Source Research

    Get PDF
    The open source movement has grown steadily and matured in recent years, and this growth has been mirrored by a rise in open source related research. The objective of this paper is to pause and reflect on the state of the field. We start by conducting a comprehensive literature review of open source research, and organize the resulting 618 peer-reviewed articles into a taxonomy. Elements of this taxonomy are defined and described. We then draw on a number of existing categorization schemes to develop a framework to situate open source research within a wider nomological network. Building on concepts from systems theory, we propose a holistic framework of open source research. This framework incorporates current research, as represented by the taxonomy, identifies gaps and areas of overlap, and charts a path for future work

    Usage Analysis & Demonstrators - Version 2.0

    Get PDF
    This second version of the "Usage Analysis and Demonstrators " document mainly presents four case studies done during the second part of the SCOrWare project: ● (Task 3.1) Component and service-oriented architecture in the Scientific Software field (improvements of works done during the first year) ● (Task 3.2) SCA as a SOA design methodology in the domain of CDE (Collaborative Development Environment). Following the withdraw of one of the partners (eXo Platform, provider of an open-source portal solution) during the first year, some changes have been decided during the second part of the project and an alternative demonstrator has been designed. ● (Task 3.3) How SCA contributes to reusing and enriching software components. Following the first year project's review, this scenario has been reinforced, and is the major demonstrator for the SCOrWare platform in the field of enterprise business applications. ● (Task 3.5) Using the SCOrWare platform and a component-oriented architecture in the context of a network monitoring system. A new partner (Thales Communications, in collaboration with Open Wide and EBM Websourcing) has joined the SCOrWare consortium during the second part of the project, following the withdraw of Amadeus
    corecore