A Verified Information-Flow Architecture

SAFE is a clean-slate design for a highly secure computer system, with pervasive mechanisms for tracking and limiting information flows. At the lowest level, the SAFE hardware supports fine-grained programmable tags, with efficient and flexible propagation and combination of tags as instructions are executed. The operating system virtualizes these generic facilities to present an information-flow abstract machine that allows user programs to label sensitive data with rich confidentiality policies. We present a formal, machine-checked model of the key hardware and software mechanisms used to dynamically control information flow in SAFE and an end-to-end proof of noninterference for this model. We use a refinement proof methodology to propagate the noninterference property of the abstract machine down to the concrete machine level. We use an intermediate layer in the refinement chain that factors out the details of the information-flow control policy and devise a code generator for compiling such information-flow policies into low-level monitor code. Finally, we verify the correctness of this generator using a dedicated Hoare logic that abstracts from low-level machine instructions into a reusable set of verified structured code generators

Junos Pulse Secure Access Service Administration Guide

This guide describes basic configuration procedures for Juniper Networks Secure Access Secure Access Service. This document was formerly titled Secure Access Administration Guide. This document is now part of the Junos Pulse documentation set. This guide is designed for network administrators who are configuring and maintaining a Juniper Networks Secure Access Service device. To use this guide, you need a broad understanding of networks in general and the Internet in particular, networking principles, and network configuration. Any detailed discussion of these concepts is beyond the scope of this guide.The Juniper Networks Secure Access Service enable you to give employees, partners, and customers secure and controlled access to your corporate data and applications including file servers, Web servers, native messaging and e-mail clients, hosted servers, and more from outside your trusted network using just a Web browser. Secure Access Service provide robust security by intermediating the data that flows between external users and your company’s internal resources. Users gain authenticated access to authorized resources through an extranet session hosted by the appliance. During intermediation, Secure Access Service receives secure requests from the external, authenticated users and then makes requests to the internal resources on behalf of those users. By intermediating content in this way, Secure Access Service eliminates the need to deploy extranet toolkits in a traditional DMZ or provision a remote access VPN for employees. To access the intuitive Secure Access Service home page, your employees, partners, and customers need only a Web browser that supports SSL and an Internet connection. This page provides the window from which your users can securely browse Web or file servers, use HTML-enabled enterprise applications, start the client/server application proxy, begin a Windows, Citrix, or Telnet/SSH terminal session, access corporate e-mail servers, start a secured layer 3 tunnel, or schedule or attend a secure online meeting

Semantic discovery and reuse of business process patterns

Patterns currently play an important role in modern information systems (IS) development and their use has mainly been restricted to the design and implementation phases of the development lifecycle. Given the increasing significance of business modelling in IS development, patterns have the potential of providing a viable solution for promoting reusability of recurrent generalized models in the very early stages of development. As a statement of research-in-progress this paper focuses on business process patterns and proposes an initial methodological framework for the discovery and reuse of business process patterns within the IS development lifecycle. The framework borrows ideas from the domain engineering literature and proposes the use of semantics to drive both the discovery of patterns as well as their reuse

Secure portable execution and storage environments: A capability to improve security for remote working

Remote working is a practice that provides economic benefits to both the employing organisation and the individual. However, evidence suggests that organisations implementing remote working have limited appreciation of the security risks, particularly those impacting upon the confidentiality and integrity of information and also on the integrity and availability of the remote worker’s computing environment. Other research suggests that an organisation that does appreciate these risks may veto remote working, resulting in a loss of economic benefits. With the implementation of high speed broadband, remote working is forecast to grow and therefore it is appropriate that improved approaches to managing security risks are researched. This research explores the use of secure portable execution and storage environments (secure PESEs) to improve information security for the remote work categories of telework, and mobile and deployed working. This thesis with publication makes an original contribution to improving remote work information security through the development of a body of knowledge (consisting of design models and design instantiations) and the assertion of a nascent design theory. The research was conducted using design science research (DSR), a paradigm where the research philosophies are grounded in design and construction. Following an assessment of both the remote work information security issues and threats, and preparation of a set of functional requirements, a secure PESE concept was defined. The concept is represented by a set of attributes that encompass the security properties of preserving the confidentiality, integrity and availability of the computing environment and data. A computing environment that conforms to the concept is considered to be a secure PESE, the implementation of which consists of a highly portable device utilising secure storage and an up-loadable (on to a PC) secure execution environment. The secure storage and execution environment combine to address the information security risks in the remote work location. A research gap was identified as no existing ‘secure PESE like’ device fully conformed to the concept, enabling a research problem and objectives to be defined. Novel secure storage and execution environments were developed and used to construct a secure PESE suitable for commercial remote work and a high assurance secure PESE suitable for security critical remote work. The commercial secure PESE was trialled with an existing telework team looking to improve security and the high assurance secure PESE was trialled within an organisation that had previously vetoed remote working due to the sensitivity of the data it processed. An evaluation of the research findings found that the objectives had been satisfied. Using DSR evaluation frameworks it was determined that the body of knowledge had improved an area of study with sufficient evidence generated to assert a nascent design theory for secure PESEs. The thesis highlights the limitations of the research while opportunities for future work are also identified. This thesis presents ten published papers coupled with additional doctoral research (that was not published) which postulates the research argument that ‘secure PESEs can be used to manage information security risks within the remote work environment’

ESIIG2

331 p. , Il, Tablas, Gráficos.Libro ElectrónicoESIIG2 - The Second European Summit on Interoperability in the iGovernment, represents an unprecedented occasion to develop new synergies and create contacts with representatives of the European Commission, of the national and regional governments of Europe, of the research field, the Academia and experts of the ICT sector. Mrs Viviane Reding, Member of the European Commission for Information Society and Media gave her official patronage to the Second European Summit of Interoperability in the iGovernment, ESIIG2. Event with the patronage CISIS (Italian Interregional Centre of Information and Statistic Systems) The European Commission initiative i2010, through the DG Information and Media Society offered its support to ESIIG2.ForewordXI ESIIG 3 What is ESIIG2? 3 Commissioner Reding message 4 ESIIG 2 Co - hosted events5 The Programme 6 ESIIG2 Supporters8 The Regional Ministry for consumer protection and administrative simplification13 The Technical and Scientific Committee15 Structure of the Technical and Scientific Committee15 What does the Committee do?15 Important and innovative initiatives of ESIIG 219 Publication of the Call for Papers Results23 T-Seniority: E-inclusion and Interoperability25 Alejandro Echeverria Security and Privacy Preserving Data in E-Government Integration31 Claudio Biancalana, Francesco Saverio Profiti Proposal for Interoperability Between Public Universities39 Correcher E, Universidad Politécnica de Valencia, Spain A Cross-Application Reference Model to Support Interoperability 53 Elena Baralis, Tania Cerquitelli, Silvana Raffa Table of Contents VII Applying Soa to Mobile Secure eGovernment Services The Sweb Approach65 Silke Cuno, Yuri Glickman, Petra Hoepner, Linda Strick An Identity Metasystem Approach to Improve Eid Interoperability and Assure Privacy Compliance 74 Andrea Valboni Towards Interoperable Infrastructures of Geospatial Data 86 Sergio Farruggia, Emanuele Roccatagliata Modernization and Administrative Simplification Master Plan for the Local Councils of the Region of Murcia 101 Leandro Marín Muñoz, Pedro Olivares Sánchez, Isabel Belmonte Martínez Organizational Interoperability and Organizing for Interoperability in eGovernment109 Ralf Cimander, Herbert Kubicek The National Interoperability Framework: a New Regulatory Tool to Guarantee Interoperability Among Spanish Public Administrations 123 Agustí Cerrillo The Realization of the Greek E-Gif 131 Andreas Papadakis, Kostas Rantos, Antonis Stasis Build Government Interoperability Through Open Standard Technology 141 Goodwin Ting, Anne Rasanen, Marco Pappalardo Towards an Intercultural Representation of Mediterranean Intangible Cultural Heritage (Ich) An Xml Interoperability Framework for Regional Ich Databases 154 Jesse Marsh, Francesco Passantino Castile and Leon, a Model of Interoperability 168 Isabel Alonso Sánchez, José Ignacio de Uribe Ladrón de Cegama, Antonio Francisco Pérez Fernández, Jorge Ordás Alonso The Catalan Interoperability Model182 Ignasi Albors Identity and Residence Verification Data System189 Nimia Rodríguez Escolar, Jose A Eusamio Mazagatos From Extended Enterprise to Extended Government: Regione Lazio Interoperability and Egovernment Point of View 199 Claudio Biancalana, Dante Chiroli, Claudio Pisu, Francesco Saverio Profiti, Fabio Raimondi Contribution by the Members of the Technical and Scientific Committee 215 Interoperability and Egovernment Through Adoption of Standards 215 Flavia Marzano A Brief Compendium on Interoperability in Egovernment 224 Michele M Missikoff Table of Contents VIII Spc – The Italian Interoperabilty Framework with Services241 Francesco Tortorelli, Roberto Baldoni Exploitation of Digital Contents for the Public Administration 254 Giulio De Petra, Fabrizio Gianneschi, Giaime Ginesu Deploying the full transformational power of egovernment – collaboration and interoperability –270 Sylvia Archmann, Just Castillo Iglesias ICAR Report: Interoperability and Cooperation between applications among Italian Regions (English summary)278 CISIS - Central Staff of ICAR Project List of the finalists of the iG20 Award 297 IG20 AWARDS: Eucaris, the European car and driving licence information system297 INNOVATIVNESS: Interopcyl299 TRANSFERABILITY: Semic, Semantic Interoperability Center Europe301 IMPACT: Employment/unemployment status management: actual interoperability through the CO eService303 PRACTICAL RESULTS: Emilia Romagna Labour Information System 305 The ESIIG2 Summit results: the creation of ERNI and the Interoperability Declaration of Rome 309 The Interoperability Declaration of Rome 311 Follow the new and interesting developments of Esiig2 31

Proceedings of the 5th International Workshop on Reconfigurable Communication-centric Systems on Chip 2010 - ReCoSoC\u2710 - May 17-19, 2010 Karlsruhe, Germany. (KIT Scientific Reports ; 7551)

ReCoSoC is intended to be a periodic annual meeting to expose and discuss gathered expertise as well as state of the art research around SoC related topics through plenary invited papers and posters. The workshop aims to provide a prospective view of tomorrow\u27s challenges in the multibillion transistor era, taking into account the emerging techniques and architectures exploring the synergy between flexible on-chip communication and system reconfigurability

Establishing mandatory access control on Android OS

Common characteristic of all mobile operating systems for smart devices is an extensive middleware that provides a feature-rich API for the onboard sensors and user’s data (e.g., contacts). To effectively protect the device’s integrity, the user’s privacy, and to ensure non-interference between mutually distrusting apps, it is imperative that the middleware enforces rigid security and privacy policies. This thesis presents a line of work that integrates mandatory access control (MAC) mechanisms into the middleware of the popular, open source Android OS. While our early work established a basic understanding for the integration of enforcement hooks and targeted very specific use-cases, such as multi-persona phones, our most recent works adopt important lessons learned and design patterns from established MAC architectures on commodity systems and intertwine them with the particular security requirements of mobile OS architectures like Android. Our most recent work also complemented the Android IPC mechanism with provisioning of better provenance information on the origins of IPC communication. Such information is a crucial building block for any access control mechanism on Android. Lastly, this dissertation outlines further directions of ongoing and future research on access control on modern mobile operating systems.Gemeinsame Charakteristik aller modernen mobilen Betriebssysteme für sog. ”smart devices” ist eine umfangreiche Diensteschicht, die funktionsreiche Programmierschnittstellen zu der Gerätehardware sowie den Endbenutzerdaten (z.B. Adressbuch) bereitstellt. Um die Systemintegrität, die Privatsphäre des Endbenutzers, sowie die Abgrenzung sich gegenseitig nicht vertrauender Apps effektiv zu gewährleisten, ist es unabdingbar, dass diese Diensteschichten rigide Sicherheitspolitiken umsetzen. Diese Dissertation präsentiert mehrere Forschungsarbeiten, die “Mandatory Access Control” (MAC) in die Diensteschicht des weit verbreiteten Android Betriebssystems integrieren. Die ersten dieser Arbeiten schufen ein grundlegendes Verständnis für die Integration von Zugriffsmechanismen in das Android Betriebssystem und waren auf sehr spezielle Anwendungsszenarien ausgerichtet. Neuere Arbeiten haben hingegen wichtige Erkenntnisse und Designprinzipien etablierter MAC Architekturen auf herkömmlichen Betriebssystemen für Android adaptiert und mit den speziellen Sicherheitsanforderungen mobiler Systeme verflochten. Die letzte Arbeit in dieser Reihe hat zudem Androids IPC Mechanismus untersucht und dahingehend ergänzt, dass er bessere Informationen über den Ursprung von IPC Nachrichten bereitstellt. Diese Informationen sind fundamental für jedwede Art von Zugriffskontrolle auf Android. Zuletzt diskutiert diese Dissertation aktuelle und zukünftige Forschungsthemen für Zugriffskontrollen auf modernen, mobilen Endgeräten

Securely Scaling Blockchain Base Layers

This thesis presents the design, implementation and evaluation of techniques to scale the base layers of decentralised blockchain networks---where transactions are directly posted on the chain. The key challenge is to scale the base layer without sacrificing properties such as decentralisation, security and public verifiability. It proposes Chainspace, a blockchain sharding system where nodes process and reach consensus on transactions in parallel, thereby scaling block production and increasing on-chain throughput. In order to make the actions of consensus-participating nodes efficiently verifiable despite the increase of on-chain data, a system of fraud and data availability proofs is proposed so that invalid blocks can be efficiently challenged and rejected without the need for all users to download all transactions, thereby scaling block verification. It then explores blockchain and application design paradigms that enable on-chain scalability on the outset. This is in contrast to sharding, which scales blockchains designed under the traditional state machine replication paradigm where consensus and transaction execution are coupled. LazyLedger, a blockchain design where the consensus layer separated from the execution layer is proposed, where the consensus is only responsible for checking the availability of the data in blocks via data availability proofs. Transactions are instead executed off-chain, eliminating the need for nodes to execute on-chain transactions in order to verify blocks. Finally, as an example of a blockchain use case that does not require an execution layer, Contour, a scalable design for software binary transparency is proposed on top of the existing Bitcoin blockchain, where all software binary records do not need to be posted on-chain

High-Performance Modelling and Simulation for Big Data Applications

This open access book was prepared as a Final Publication of the COST Action IC1406 “High-Performance Modelling and Simulation for Big Data Applications (cHiPSet)“ project. Long considered important pillars of the scientific method, Modelling and Simulation have evolved from traditional discrete numerical methods to complex data-intensive continuous analytical optimisations. Resolution, scale, and accuracy have become essential to predict and analyse natural and complex systems in science and engineering. When their level of abstraction raises to have a better discernment of the domain at hand, their representation gets increasingly demanding for computational and data resources. On the other hand, High Performance Computing typically entails the effective use of parallel and distributed processing units coupled with efficient storage, communication and visualisation systems to underpin complex data-intensive applications in distinct scientific and technical domains. It is then arguably required to have a seamless interaction of High Performance Computing with Modelling and Simulation in order to store, compute, analyse, and visualise large data sets in science and engineering. Funded by the European Commission, cHiPSet has provided a dynamic trans-European forum for their members and distinguished guests to openly discuss novel perspectives and topics of interests for these two communities. This cHiPSet compendium presents a set of selected case studies related to healthcare, biological data, computational advertising, multimedia, finance, bioinformatics, and telecommunications

Urban transformations and public health in the emergent city

Urban transformations and public health in the emergent city examines how urban health and wellbeing are shaped by migration, mobility, racism, sanitation and gender. Adopting a global focus, spanning Africa, Asia, Europe and Latin America, the essays in this volume bring together a wide selection of voices that explore the interface between social, medical and natural sciences. This interdisciplinary approach, moving beyond traditional approaches to urban research, offers a unique perspective on today’s cities and the challenges they face. Edited by Professor Michael Keith and Dr Andreza Aruska de Souza Santos, this volume also features contributions from leading thinkers on cities in Brazil, China, South Africa and the United Kingdom. This geographic diversity is matched by the breadth of their different fields, from mental health and gendered violence to sanitation and food systems. Together, they present a complex yet connected vision of a ‘new biopolitics’ in today’s metropolis, one that requires an innovative approach to urban scholarship regardless of geography or discipline. This volume, featuring chapters from a number of renowned authors including the former deputy mayor of Rio de Janeiro Luiz Eduardo Soares, is an important resource for anyone seeking to better understand the dynamics of urban change. With its focus on the everyday realities of urban living, from health services to public transport, it contains valuable lessons for academics, policy makers and practitioners alike