Challenges and Prospects for the EU’s Area of Freedom, Security and Justice: Recommendations to the European Commission for the Stockholm Programme. CEPS Working Document No. 313, 16 April 2009

The upcoming Swedish presidency of the EU will be in charge of adopting the next multi-annual programme on an Area of Freedom, Security and Justice (AFSJ), during its tenure in the second half of 2009. As the successor of the 2004 Hague Programme, it has already been informally baptised as the Stockholm Programme and will present the EU’s policy roadmap and legislative timetable over these policies for the next five years. It is therefore a critical time to reflect on the achievements and shortcomings affecting the role that the European Commission’s Directorate-General of Justice, Freedom and Security (DG JFS) has played during the last five years in light of the degree of policy convergence achieved so far. This Working Document aims at putting forward a set of policy recommendations for the DG JFS to take into consideration as it develops and consolidates its future policy strategies, while duly ensuring the legitimacy and credibility of the EU’s AFSJ within and outside Europe

Secure Virtualization and Multicore Platforms State-of-the-Art report

SVaM

Trusted Computing and Secure Virtualization in Cloud Computing

Large-scale deployment and use of cloud computing in industry is accompanied and in the same time hampered by concerns regarding protection of data handled by cloud computing providers. One of the consequences of moving data processing and storage off company premises is that organizations have less control over their infrastructure. As a result, cloud service (CS) clients must trust that the CS provider is able to protect their data and infrastructure from both external and internal attacks. Currently however, such trust can only rely on organizational processes declared by the CS provider and can not be remotely verified and validated by an external party. Enabling the CS client to verify the integrity of the host where the virtual machine instance will run, as well as to ensure that the virtual machine image has not been tampered with, are some steps towards building trust in the CS provider. Having the tools to perform such verifications prior to the launch of the VM instance allows the CS clients to decide in runtime whether certain data should be stored- or calculations should be made on the VM instance offered by the CS provider. This thesis combines three components -- trusted computing, virtualization technology and cloud computing platforms -- to address issues of trust and security in public cloud computing environments. Of the three components, virtualization technology has had the longest evolution and is a cornerstone for the realization of cloud computing. Trusted computing is a recent industry initiative that aims to implement the root of trust in a hardware component, the trusted platform module. The initiative has been formalized in a set of specifications and is currently at version 1.2. Cloud computing platforms pool virtualized computing, storage and network resources in order to serve a large number of customers customers that use a multi-tenant multiplexing model to offer on-demand self-service over broad network. Open source cloud computing platforms are, similar to trusted computing, a fairly recent technology in active development. The issue of trust in public cloud environments is addressed by examining the state of the art within cloud computing security and subsequently addressing the issues of establishing trust in the launch of a generic virtual machine in a public cloud environment. As a result, the thesis proposes a trusted launch protocol that allows CS clients to verify and ensure the integrity of the VM instance at launch time, as well as the integrity of the host where the VM instance is launched. The protocol relies on the use of Trusted Platform Module (TPM) for key generation and data protection. The TPM also plays an essential part in the integrity attestation of the VM instance host. Along with a theoretical, platform-agnostic protocol, the thesis also describes a detailed implementation design of the protocol using the OpenStack cloud computing platform. In order the verify the implementability of the proposed protocol, a prototype implementation has built using a distributed deployment of OpenStack. While the protocol covers only the trusted launch procedure using generic virtual machine images, it presents a step aimed to contribute towards the creation of a secure and trusted public cloud computing environment

Effectiveness of targeting in social protection programs aimed to children: lessons for a post-2015 agenda

One of the main challenges for the post-2015 agenda is to reach universal primary education for all children. The last decade experienced a boom of social protection programs aimed at increasing school enrollment, mostly in the form of Conditional Cash Transfers. These programs are mostly targeted to poor families and have proved to increase enrollment and attendance. However, not all vulnerable children are benefiting from these programs. As more children are to be reached, there is a higher risk to incur in inclusion errors. This paper discusses the main challenges of targeting this type of programs and draws some lessons for improving targeting effectiveness. It also highlights the importance of moving from enrollment and attendance to learning and attainment as we move forward towards reaching high education quality for all children. This paper was commissioned by the Education for All Global Monitoring Report as background information to assist in drafting the 2015 report. It has not been edited by the team. The views and opinions expressed in this paper are those of the author(s) and should not be attributed to the EFA Global Monitoring Report or to UNESCO. The papers can be cited with the following reference: “Paper commissioned for the EFA Global Monitoring Report 2015, Education for All 2000-2015: achievements and challenges

Algorithmic Jim Crow

This Article contends that current immigration- and security-related vetting protocols risk promulgating an algorithmically driven form of Jim Crow. Under the “separate but equal” discrimination of a historic Jim Crow regime, state laws required mandatory separation and discrimination on the front end, while purportedly establishing equality on the back end. In contrast, an Algorithmic Jim Crow regime allows for “equal but separate” discrimination. Under Algorithmic Jim Crow, equal vetting and database screening of all citizens and noncitizens will make it appear that fairness and equality principles are preserved on the front end. Algorithmic Jim Crow, however, will enable discrimination on the back end in the form of designing, interpreting, and acting upon vetting and screening systems in ways that result in a disparate impact

Behaviour Profiling for Mobile Devices

With more than 5 billion users globally, mobile devices have become ubiquitous in our daily life. The modern mobile handheld device is capable of providing many multimedia services through a wide range of applications over multiple networks as well as on the handheld device itself. These services are predominantly driven by data, which is increasingly associated with sensitive information. Such a trend raises the security requirement for reliable and robust verification techniques of users.This thesis explores the end-user verification requirements of mobile devices and proposes a novel Behaviour Profiling security framework for mobile devices. The research starts with a critical review of existing mobile technologies, security threats and mechanisms, and highlights a broad range of weaknesses. Therefore, attention is given to biometric verification techniques which have the ability to offer better security. Despite a large number of biometric works carried out in the area of transparent authentication systems (TAS) and Intrusion Detection Systems (IDS), each have a set of weaknesses that fail to provide a comprehensive solution. They are either reliant upon a specific behaviour to enable the system to function or only capable of providing security for network based services. To this end, the behaviour profiling technique is identified as a potential candidate to provide high level security from both authentication and IDS aspects, operating in a continuous and transparent manner within the mobile host environment.This research examines the feasibility of a behaviour profiling technique through mobile users general applications usage, telephone, text message and multi-instance application usage with the best experimental results Equal Error Rates (EER) of 13.5%, 5.4%, 2.2% and 10% respectively. Based upon this information, a novel architecture of Behaviour Profiling on mobile devices is proposed. The framework is able to provide a robust, continuous and non-intrusive verification mechanism in standalone, TAS or IDS modes, regardless of device hardware configuration. The framework is able to utilise user behaviour to continuously evaluate the system security status of the device. With a high system security level, users are granted with instant access to sensitive services and data, while with lower system security levels, users are required to reassure their identity before accessing sensitive services.The core functions of the novel framework are validated through the implementation of a simulation system. A series of security scenarios are designed to demonstrate the effectiveness of the novel framework to verify legitimate and imposter activities. By employing the smoothing function of three applications, verification time of 3 minutes and a time period of 60 minutes of the degradation function, the Behaviour Profiling framework achieved the best performance with False Rejection Rate (FRR) rates of 7.57%, 77% and 11.24% for the normal, protected and overall applications respectively and with False Acceptance Rate (FAR) rates of 3.42%, 15.29% and 4.09% for their counterparts

The Politics of Exhaustion: Immigration Control in the British-French Border Zone

Within a climate of growing anti-immigration and populist forces gaining traction across Europe, and in response to the increased number of prospective asylum seekers arriving in Europe, recent years have seen the continued hardening of borders and a disconcerting evolution of new forms of immigration control measures utilised by states. Based on extensive field research carried out amongst displaced people in Europe in 2016-2019, this article highlights the way in which individuals in northern France are finding themselves trapped in a violent border zone, unable to move forward whilst having no obvious alternative way out of their predicament. The article seeks to illustrate the violent dynamics inherent in the immigration control measures in this border zone, characterised by both direct physical violence as well as banalised and structural forms of violence, including state neglect through the denial of services and care. The author suggests that the raft of violent measures and micro practices authorities resort to in the French-British border zone could be understood as constituting one of the latest tools for European border control and obstruction of the access to asylum procedures; a Politics of Exhaustion

Community standards for open cell migration data

Cell migration research has become a high-content field. However, the quantitative information encapsulated in these complex and high-dimensional datasets is not fully exploited owing to the diversity of experimental protocols and non-standardized output formats. In addition, typically the datasets are not open for reuse. Making the data open and Findable, Accessible, Interoperable, and Reusable (FAIR) will enable meta-analysis, data integration, and data mining. Standardized data formats and controlled vocabularies are essential for building a suitable infrastructure for that purpose but are not available in the cell migration domain. We here present standardization efforts by the Cell Migration Standardisation Organisation (CMSO), an open community-driven organization to facilitate the development of standards for cell migration data. This work will foster the development of improved algorithms and tools and enable secondary analysis of public datasets, ultimately unlocking new knowledge of the complex biological process of cell migration