34,717 research outputs found
Challenges and Prospects for the EU’s Area of Freedom, Security and Justice: Recommendations to the European Commission for the Stockholm Programme. CEPS Working Document No. 313, 16 April 2009
The upcoming Swedish presidency of the EU will be in charge of adopting the next multi-annual programme on an Area of Freedom, Security and Justice (AFSJ), during its tenure in the second half of 2009. As the successor of the 2004 Hague Programme, it has already been informally baptised as the Stockholm Programme and will present the EU’s policy roadmap and legislative timetable over these policies for the next five years. It is therefore a critical time to reflect on the achievements and shortcomings affecting the role that the European Commission’s Directorate-General of Justice, Freedom and Security (DG JFS) has played during the last five years in light of the degree of policy convergence achieved so far. This Working Document aims at putting forward a set of policy recommendations for the DG JFS to take into consideration as it develops and consolidates its future policy strategies, while duly ensuring the legitimacy and credibility of the EU’s AFSJ within and outside Europe
Trusted Computing and Secure Virtualization in Cloud Computing
Large-scale deployment and use of cloud computing in industry
is accompanied and in the same time hampered by concerns regarding protection of
data handled by cloud computing providers. One of the consequences of moving
data processing and storage off company premises is that organizations have
less control over their infrastructure. As a result, cloud service (CS) clients
must trust that the CS provider is able to protect their data and
infrastructure from both external and internal attacks. Currently however, such
trust can only rely on organizational processes declared by the CS
provider and can not be remotely verified and validated by an external party.
Enabling the CS client to verify the integrity of the host where the
virtual machine instance will run, as well as to ensure that the virtual
machine image has not been tampered with, are some steps towards building
trust in the CS provider. Having the tools to perform such
verifications prior to the launch of the VM instance allows the CS
clients to decide in runtime whether certain data should be stored- or calculations
should be made on the VM instance offered by the CS provider.
This thesis combines three components -- trusted computing, virtualization technology
and cloud computing platforms -- to address issues of trust and
security in public cloud computing environments. Of the three components,
virtualization technology has had the longest evolution and is a cornerstone
for the realization of cloud computing. Trusted computing is a recent
industry initiative that aims to implement the root of trust in a hardware
component, the trusted platform module. The initiative has been formalized
in a set of specifications and is currently at version 1.2. Cloud computing
platforms pool virtualized computing, storage and network resources in
order to serve a large number of customers customers that use a multi-tenant
multiplexing model to offer on-demand self-service over broad network.
Open source cloud computing platforms are, similar to trusted computing, a
fairly recent technology in active development.
The issue of trust in public cloud environments is addressed
by examining the state of the art within cloud computing security and
subsequently addressing the issues of establishing trust in the launch of a
generic virtual machine in a public cloud environment. As a result, the thesis
proposes a trusted launch protocol that allows CS clients
to verify and ensure the integrity of the VM instance at launch time, as
well as the integrity of the host where the VM instance is launched. The protocol
relies on the use of Trusted Platform Module (TPM) for key generation and data protection.
The TPM also plays an essential part in the integrity attestation of the
VM instance host. Along with a theoretical, platform-agnostic protocol,
the thesis also describes a detailed implementation design of the protocol
using the OpenStack cloud computing platform.
In order the verify the implementability of the proposed protocol, a prototype
implementation has built using a distributed deployment of OpenStack.
While the protocol covers only the trusted launch procedure using generic
virtual machine images, it presents a step aimed to contribute towards
the creation of a secure and trusted public cloud computing environment
Effectiveness of targeting in social protection programs aimed to children: lessons for a post-2015 agenda
One of the main challenges for the post-2015 agenda is to reach universal primary education for all children. The last decade experienced a boom of social protection programs aimed at increasing school enrollment, mostly in the form of Conditional Cash Transfers. These programs are mostly targeted to poor families and have proved to increase enrollment and attendance. However, not all vulnerable children are benefiting from these programs. As more children are to be reached, there is a higher risk to incur in inclusion errors. This paper discusses the main challenges of targeting this type of programs and draws some lessons for improving targeting effectiveness. It also highlights the importance of moving from enrollment and attendance to learning and attainment as we move forward towards reaching high education quality for all children.
This paper was commissioned by the Education for All Global Monitoring Report as background information to assist in drafting the 2015 report. It has not been edited by the team. The views and opinions expressed in this paper are those of the author(s) and should not be attributed to the EFA Global Monitoring Report or to UNESCO. The papers can be cited with the following reference: “Paper commissioned for the EFA Global Monitoring Report 2015, Education for All 2000-2015: achievements and challenges
Algorithmic Jim Crow
This Article contends that current immigration- and security-related vetting protocols risk promulgating an algorithmically driven form of Jim Crow. Under the “separate but equal” discrimination of a historic Jim Crow regime, state laws required mandatory separation and discrimination on the front end, while purportedly establishing equality on the back end. In contrast, an Algorithmic Jim Crow regime allows for “equal but separate” discrimination. Under Algorithmic Jim Crow, equal vetting and database screening of all citizens and noncitizens will make it appear that fairness and equality principles are preserved on the front end. Algorithmic Jim Crow, however, will enable discrimination on the back end in the form of designing, interpreting, and acting upon vetting and screening systems in ways that result in a disparate impact
Behaviour Profiling for Mobile Devices
With more than 5 billion users globally, mobile devices have become ubiquitous in our daily life.
The modern mobile handheld device is capable of providing many multimedia services through a
wide range of applications over multiple networks as well as on the handheld device itself. These
services are predominantly driven by data, which is increasingly associated with sensitive
information. Such a trend raises the security requirement for reliable and robust verification
techniques of users.This thesis explores the end-user verification requirements of mobile devices and proposes a novel
Behaviour Profiling security framework for mobile devices. The research starts with a critical
review of existing mobile technologies, security threats and mechanisms, and highlights a broad
range of weaknesses. Therefore, attention is given to biometric verification techniques which have
the ability to offer better security. Despite a large number of biometric works carried out in the
area of transparent authentication systems (TAS) and Intrusion Detection Systems (IDS), each have
a set of weaknesses that fail to provide a comprehensive solution. They are either reliant upon a
specific behaviour to enable the system to function or only capable of providing security for
network based services. To this end, the behaviour profiling technique is identified as a potential
candidate to provide high level security from both authentication and IDS aspects, operating in a
continuous and transparent manner within the mobile host environment.This research examines the feasibility of a behaviour profiling technique through mobile users
general applications usage, telephone, text message and multi-instance application usage with the
best experimental results Equal Error Rates (EER) of 13.5%, 5.4%, 2.2% and 10% respectively.
Based upon this information, a novel architecture of Behaviour Profiling on mobile devices is
proposed. The framework is able to provide a robust, continuous and non-intrusive verification
mechanism in standalone, TAS or IDS modes, regardless of device hardware configuration. The
framework is able to utilise user behaviour to continuously evaluate the system security status of
the device. With a high system security level, users are granted with instant access to sensitive
services and data, while with lower system security levels, users are required to reassure their
identity before accessing sensitive services.The core functions of the novel framework are validated through the implementation of a
simulation system. A series of security scenarios are designed to demonstrate the effectiveness of
the novel framework to verify legitimate and imposter activities. By employing the smoothing
function of three applications, verification time of 3 minutes and a time period of 60 minutes of
the degradation function, the Behaviour Profiling framework achieved the best performance with
False Rejection Rate (FRR) rates of 7.57%, 77% and 11.24% for the normal, protected and overall
applications respectively and with False Acceptance Rate (FAR) rates of 3.42%, 15.29% and 4.09%
for their counterparts
The Politics of Exhaustion: Immigration Control in the British-French Border Zone
Within a climate of growing anti-immigration and populist forces gaining traction across Europe, and in response to the increased number of prospective asylum seekers arriving in Europe, recent years have seen the continued hardening of borders and a disconcerting evolution of new forms of immigration control measures utilised by states. Based on extensive field research carried out amongst displaced people in Europe in 2016-2019, this article highlights the way in which individuals in northern France are finding themselves trapped in a violent border zone, unable to move forward whilst having no obvious alternative way out of their predicament. The article seeks to illustrate the violent dynamics inherent in the immigration control measures in this border zone, characterised by both direct physical violence as well as banalised and structural forms of violence, including state neglect through the denial of services and care. The author suggests that the raft of violent measures and micro practices authorities resort to in the French-British border zone could be understood as constituting one of the latest tools for European border control and obstruction of the access to asylum procedures; a Politics of Exhaustion
Community standards for open cell migration data
Cell migration research has become a high-content field. However, the quantitative information encapsulated in these complex and high-dimensional datasets is not fully exploited owing to the diversity of experimental protocols and non-standardized output formats. In addition, typically the datasets are not open for reuse. Making the data open and Findable, Accessible, Interoperable, and Reusable (FAIR) will enable meta-analysis, data integration, and data mining. Standardized data formats and controlled vocabularies are essential for building a suitable infrastructure for that purpose but are not available in the cell migration domain. We here present standardization efforts by the Cell Migration Standardisation Organisation (CMSO), an open community-driven organization to facilitate the development of standards for cell migration data. This work will foster the development of improved algorithms and tools and enable secondary analysis of public datasets, ultimately unlocking new knowledge of the complex biological process of cell migration
- …