7,771 research outputs found
Government cloud computing and the policies of data sovereignty
Government cloud services are a new development at the intersection of electronic government and cloud computing which holds the promise of rendering government service delivery more effective and efficient. Cloud services are virtual, dynamic and potentially stateless which has triggered governments' concern about data sovereignty. This paper explores data sovereignty in relation to government cloud services and how national strategies and international policy evolve. It concludes that for countries data sovereignty presents a legal risk which can not be adequately addressed with technology or through contractual arrangements alone. Governments therefore adopt strategies to retain exclusive jurisdiction over government information. --cloud computing,electronic government,data sovereignty,data ownership,information assurance,international data transfers
Analysis of security impact of making mShield an IPv4 to IPv6 converter box
info:eu-repo/semantics/acceptedVersio
When mobility is not a choice Problematising asylum seekers’ secondary movements and their criminalisation in the EU. CEPS Paper in Liberty and Security in Europe No. 2019-11, December 2019
The notion of ‘secondary movements’ is commonly used to describe the mobility of third country
nationals for the purpose of seeking international protection in an EU member state other than the
one of first irregular entry according to the EU Dublin Regulation. Secondary movements are often
identified as a major insecurity factor undermining the sustainability of the Schengen regime and
the functioning of the EU Dublin system. Consequently, EU policies have focused on their
‘criminalisation’, as testified by the range of sanctions included in the 2016 CEAS reform package,
and on a ‘policing’ approach, which has materialised in the expanded access to data stored in the
EURODAC database by police authorities, and its future interconnection with other EU databases
under the 2019 EU Interoperability Regulations.
This Paper shows that the EU notion of secondary movements is flawed and must be reconsidered
in any upcoming reform of the CEAS. The concept overlooks the fact that asylum seekers’ mobility
may be non-voluntary and thus cannot be understood as a matter of ‘free choice’ or in terms of
‘preferences’ about the member state of destination. Such an understanding is based on the wrong
assumption that asylum seekers’ decisions to move to a different EU country are illegitimate, as all
EU member states are assumed to be ‘safe’ for people in need of international protectio
The Politics of Exhaustion: Immigration Control in the British-French Border Zone
Within a climate of growing anti-immigration and populist forces gaining traction across Europe, and in response to the increased number of prospective asylum seekers arriving in Europe, recent years have seen the continued hardening of borders and a disconcerting evolution of new forms of immigration control measures utilised by states. Based on extensive field research carried out amongst displaced people in Europe in 2016-2019, this article highlights the way in which individuals in northern France are finding themselves trapped in a violent border zone, unable to move forward whilst having no obvious alternative way out of their predicament. The article seeks to illustrate the violent dynamics inherent in the immigration control measures in this border zone, characterised by both direct physical violence as well as banalised and structural forms of violence, including state neglect through the denial of services and care. The author suggests that the raft of violent measures and micro practices authorities resort to in the French-British border zone could be understood as constituting one of the latest tools for European border control and obstruction of the access to asylum procedures; a Politics of Exhaustion
On the Role of Hash-Based Signatures in Quantum-Safe Internet of Things:Current Solutions and Future Directions
The Internet of Things (IoT) is gaining ground as a pervasive presence around
us by enabling miniaturized things with computation and communication
capabilities to collect, process, analyze, and interpret information.
Consequently, trustworthy data act as fuel for applications that rely on the
data generated by these things, for critical decision-making processes, data
debugging, risk assessment, forensic analysis, and performance tuning.
Currently, secure and reliable data communication in IoT is based on public-key
cryptosystems such as Elliptic Curve Cryptosystem (ECC). Nevertheless, reliance
on the security of de-facto cryptographic primitives is at risk of being broken
by the impending quantum computers. Therefore, the transition from classical
primitives to quantum-safe primitives is indispensable to ensure the overall
security of data en route. In this paper, we investigate applications of one of
the post-quantum signatures called Hash-Based Signature (HBS) schemes for the
security of IoT devices in the quantum era. We give a succinct overview of the
evolution of HBS schemes with emphasis on their construction parameters and
associated strengths and weaknesses. Then, we outline the striking features of
HBS schemes and their significance for the IoT security in the quantum era. We
investigate the optimal selection of HBS in the IoT networks with respect to
their performance-constrained requirements, resource-constrained nature, and
design optimization objectives. In addition to ongoing standardization efforts,
we also highlight current and future research and deployment challenges along
with possible solutions. Finally, we outline the essential measures and
recommendations that must be adopted by the IoT ecosystem while preparing for
the quantum world.Comment: 18 pages, 7 tables, 7 figure
A Component-Based Approach for Securing Indoor Home Care Applications
eHealth systems have adopted recent advances on sensing technologies together with advances in information and communication technologies (ICT) in order to provide people-centered services that improve the quality of life of an increasingly elderly population. As these eHealth services are founded on the acquisition and processing of sensitive data (e.g., personal details, diagnosis, treatments and medical history), any security threat would damage the public's confidence in them. This paper proposes a solution for the design and runtime management of indoor eHealth applications with security requirements. The proposal allows applications definition customized to patient particularities, including the early detection of health deterioration and suitable reaction (events) as well as security needs. At runtime, security support is twofold. A secured component-based platform supervises applications execution and provides events management, whilst the security of the communications among application components is also guaranteed. Additionally, the proposed event management scheme adopts the fog computing paradigm to enable local event related data storage and processing, thus saving communication bandwidth when communicating with the cloud. As a proof of concept, this proposal has been validated through the monitoring of the health status in diabetic patients at a nursing home.This work was financed under project DPI2015-68602-R (MINECO/FEDER, UE), UPV/EHU under project PPG17/56 and GV/EJ under recognized research group IT914-16
The Impact of IPv6 on Penetration Testing
In this paper we discuss the impact the use of IPv6 has on remote penetration testing of servers and web applications. Several modifications to the penetration testing process are proposed to accommodate IPv6. Among these modifications are ways of performing fragmentation attacks, host discovery and brute-force protection. We also propose new checks for IPv6-specific vulnerabilities, such as bypassing firewalls using extension headers and reaching internal hosts through available transition mechanisms. The changes to the penetration testing process proposed in this paper can be used by security companies to make their penetration testing process applicable to IPv6 targets
A closer look at Intrusion Detection System for web applications
Intrusion Detection System (IDS) is one of the security measures being used
as an additional defence mechanism to prevent the security breaches on web. It
has been well known methodology for detecting network-based attacks but still
immature in the domain of securing web application. The objective of the paper
is to thoroughly understand the design methodology of the detection system in
respect to web applications. In this paper, we discuss several specific aspects
of a web application in detail that makes challenging for a developer to build
an efficient web IDS. The paper also provides a comprehensive overview of the
existing detection systems exclusively designed to observe web traffic.
Furthermore, we identify various dimensions for comparing the IDS from
different perspectives based on their design and functionalities. We also
provide a conceptual framework of an IDS with prevention mechanism to offer a
systematic guidance for the implementation of the system specific to the web
applications. We compare its features with five existing detection systems,
namely AppSensor, PHPIDS, ModSecurity, Shadow Daemon and AQTRONIX WebKnight.
The paper will highly facilitate the interest groups with the cutting edge
information to understand the stronger and weaker sections of the web IDS and
provide a firm foundation for developing an intelligent and efficient system
- …