Applying the take-grant protection model

The Take-Grant Protection Model has in the past been used to model multilevel security hierarchies and simple protection systems. The models are extended to include theft of rights and sharing information, and additional security policies are examined. The analysis suggests that in some cases the basic rules of the Take-Grant Protection Model should be augmented to represent the policy properly; when appropriate, such modifications are made and their efforts with respect to the policy and its Take-Grant representation are discussed

Applying the Take-Grant Protection Model

The Take-Grant Protection Model has in the past been used to model multilevel security hierarchies and simple protection systems. The models are extended to include theft of rights and sharing of information, and additional security policies are examined. The analysis suggests that in some cases the basic rules of the Take-Grant Protection Model should be augmented to represent the policy properly; when appropriate, such modifications are made and their effects with respect to the policy and its Take-Grant representations are discussed

Stolen Wages in the Nation's Capital: Fixing DC's Broken Wage Theft Claims Process

Today in the District of Columbia ("the District" or "DC"), low wage workers are being shortchanged. Policies currently in place make it very difficult, to nearly impossible, for victims of wage theft to hold employers accountable for failing to pay wages owed. The Wage Theft Prevention Act of 2014, co-introduced on February 4, 2014 by Councilmembers Vincent Orange, Jim Graham, and Mary Cheh, would provide needed accountability and stronger protections to ensure that those working an honest day receive honest pay for their labor. This document provides an introduction to the current barriers affecting workers in the District, and presents an overview of the ways in which the Wage Theft Prevention Act of 2014 would ameliorate these problems; thereby making the District a better place for workers and responsible businesses

Newspaper Theft, Self-Preservation and the Dimensions of Censorship

One of the most common yet understudied means of suppressing free expression on college and university campuses is the theft of freely-distributed student publications, particularly newspapers. This study examines news accounts of nearly 300 newspaper theft incidents at colleges and universities between 1995 and 2008 in order to identify the manifestations and consequences of this peculiar form of censorship, and to augment existing research on censorship and tolerance by looking, not at what people say about free expression, but at what they do when they have the power of censorship in their own hands. Among the key findings is that men commit nearly 70% of newspaper thefts, which is inconsistent with much of the existing research on censorship and gender, and that those who censor college newspapers are far more concerned with their own self-preservation than with shaping public dialog on controversial social or political issues

Law Firm Cybersecurity: The State of Preventative and Remedial Regulation Governing Data Breaches in the Legal Profession

With the looming threat of the next hacking scandal, data protection efforts in law firms are becoming increasingly crucial in maintaining client confidentiality. This paper addresses ethical and legal issues arising with data storage and privacy in law firms. The American Bar Association’s Model Rules present an ethical standard for cybersecurity measures, which many states have adopted and interpreted. Other than state legislation mandating timely disclosure after a data breach, few legal standards govern law firm data breaches. As technology advances rapidly, the law must address preventative and remedial measures more effectively to protect clients from data breaches caused by outdated or ineffective cybersecurity procedures in law firms. These measures should include setting a minimum standard of care for data security protection and creating a private cause of action for individuals whose personal information has been improperly accessed because of a failure to comply with those standards

The sharing of rights and information in a capability-based protection system

The question of sharing of rights and information in the Take-Grant Protection Model is examined by concentrating on the similarities between the two; in order to do this, new theorems are stated and proven for each that specifically show the similarities. The proof for one of the original theorems is also provided. These statements of necessary and sufficient conditions are contrasted to illustrate the proposition that transferring rights and transferring information are fundamentally the same, as one would expect in a capability-based system. Directions are then discussed for future research in light of these results

Credit bureaus between risk-management, creditworthiness assessment and prudential supervision

"This text may be downloaded for personal research purposes only. Any additional reproduction for other purposes, whether in hard copy or electronically, requires the consent of the author. If cited or quoted, reference should be made to the full name of the author, the title, the working paper or other series, the year, and the publisher."This paper discusses the role and operations of consumer Credit Bureaus in the European Union in the context of the economic theories, policies and law within which they work. Across Europe there is no common practice of sharing the credit data of consumers which can be used for several purposes. Mostly, they are used by the lending industry as a practice of creditworthiness assessment or as a risk-management tool to underwrite borrowing decisions or price risk. However, the type, breath, and depth of information differ greatly from country to country. In some Member States, consumer data are part of a broader information centralisation system for the prudential supervision of banks and the financial system as a whole. Despite EU rules on credit to consumers for the creation of the internal market, the underlying consumer data infrastructure remains fragmented at national level, failing to achieve univocal, common, or defined policy objectives under a harmonised legal framework. Likewise, the establishment of the Banking Union and the prudential supervision of the Euro area demand standardisation and convergence of the data used to measure debt levels, arrears, and delinquencies. The many functions and usages of credit data suggest that the policy goals to be achieved should inform the legal and institutional framework of Credit Bureaus, as well as the design and use of the databases. This is also because fundamental rights and consumer protection concerns arise from the sharing of credit data and their expanding use

PlaceRaider: Virtual Theft in Physical Spaces with Smartphones

As smartphones become more pervasive, they are increasingly targeted by malware. At the same time, each new generation of smartphone features increasingly powerful onboard sensor suites. A new strain of sensor malware has been developing that leverages these sensors to steal information from the physical environment (e.g., researchers have recently demonstrated how malware can listen for spoken credit card numbers through the microphone, or feel keystroke vibrations using the accelerometer). Yet the possibilities of what malware can see through a camera have been understudied. This paper introduces a novel visual malware called PlaceRaider, which allows remote attackers to engage in remote reconnaissance and what we call virtual theft. Through completely opportunistic use of the camera on the phone and other sensors, PlaceRaider constructs rich, three dimensional models of indoor environments. Remote burglars can thus download the physical space, study the environment carefully, and steal virtual objects from the environment (such as financial documents, information on computer monitors, and personally identifiable information). Through two human subject studies we demonstrate the effectiveness of using mobile devices as powerful surveillance and virtual theft platforms, and we suggest several possible defenses against visual malware

Participatory Evaluation of the Tribal Victim Assistance Programs at the Lummi Nation and Passamaquoddy Tribe

The high rate of crime in American Indian/Alaska Native (AI/AN) communities and/or against AI/AN people reflected in numerous studies in the last three decades, demonstrates the need for victim assistance programs in Indian Country to help victims cope with and heal from violent crime (Wolk 1982; Allen 1985; Sacred Shawl Women’s Society, no date; McIntire 1988; DeBruyn, Lujan & May 1995; Norton & Manson 1995; Fairchild et. al 1998; Greenfield & Smith 1999; Alba, Zieseniss, et al 2003; Perry 2004). The U.S. Department of Justice, Office for Victims of Crime (OVC) became aware of the lack of resources available to AI/AN crime victims living on Indian lands. OVC, acknowledging the intense and extensive need for culturally relevant resources on reservations, established the Victim Assistance in Indian Country (VAIC) Discretionary Program in 1988, which later became the Tribal Victim Assistance Program (TVA). OVC initiated this program to establish “on-reservation” victim assistance programs that would provide permanent, accessible, and responsive victim assistance services on tribal lands. Recognizing the need for evaluation of promising victim services programs operating in Indian Country, OVC, in collaboration with the USDOJ National Institute of Justice (NIJ) supported an evaluation of two TVA programs—the Lummi Victims of Crime (LVOC) Program in Washington and the Passamaquoddy Tribal Victim Outreach Advocate (TVOA) Program in Maine. This report summarizes the results of the participatory evaluation conducted at these two sites