ANALISYS OF IT OUTSOURCING CONTRACTS AT THE TCU (FEDERAL COURT OF ACCOUNTS) AND OF THE LEGISLATION THAT GOVERNS THESE CONTRACTS IN THE BRAZILIAN FEDERAL PUBLIC ADMINISTRATION

Information technology (IT) outsourcing has for a long time been a major trend in business and government. Accountability of IT outsourcing contracts in the public administration is recognized as an important factor contributing to government transparency and public services quality, given the legislation governing these contracts and the amount of related expenditures. Considering the trend towards open government data publishing, including data on outsourcing contracts, there is an interesting opportunity for citizens to participate in the open auditing of these contracts as a means to assess the good application of public resources. In this study we explore this possibility by analyzing open data published by the Brazilian Federal Court of Accounts (TCU is its acronym in Portuguese), an interesting case since this agency has a paramount role in auditing the whole Brazilian Federal Public Administration. To this end, we gathered open data from the TCU regarding all outsourced IT services contracts maintained by the agency during the years 2000-2013. This data is analyzed to verify, from an external point of view, the related duration and values, identifying diferences between the predicted and actual amounts spent and evaluating the administration of such contracts regarding legislation. This analysis is based on a detailed survey of the relevant legislation as well as the verification of original contract terms and their addendums. As a result, we observed substantial differences in the amount spent on execution with respect to those predicted in the original contracts. Also, we identified the utilization of special justifications prescribed by law to sustain the extension of some contracts. Given these results, it is possible that IT outsourcing is not necessarily proved to be the best solution for the public sector problems regarding the lack of skilled personnel, which implies the need to assess the cost-benefit of maintaining these contracts. Also, it is possible that the existing legislation needs development in order to provide more flexibility to outsourcing contract management

A model of trust applied to the management ofinformation technology

This work presents a model of trust as it relates to the management of informationtechnology (IT). We comment on the definition of trust as applied to contemporarybusiness environments, and discuss the associated risks due to the complexity of modernglobalized relationships. This work focuses on IT management, emphasizing the necessityof aligning organizational strategies with a company’s activities as recent studies haveconcluded that organizations that exhibit “business-focused” IT management are subjectto less risk. In this context, our proposed model enables the evaluation of trust as itrelates to IT management, by means of metrics that are related to business factors. Afield application of this model demonstrates the relevance of measuring trust as a meansto mitigate business risks related to IT management

Group trust yields improved scalability and anomalydetection for p2p systems

This paper implements an existing computational model of trust and reputationapplied to a P2P environment, and extends the approach using a novel group trust calculationthat demonstrates improved scalability and anomaly detection for P2P systems. Our analysis isbased on results obtained by simulating a P2P environment using the JXTA open source platform.A trust and reputation model was implemented in the same platform, allowing to constructinga baseline for the behavior of the nodes using combined trust and reputation coefficients in ascenario without malicious nodes. Then simulations were conducted with malicious nodes andthe effect of trust and reputation factors were analyzed regarding their influence on the anomalydetection capacity and scalability in P2P communications. Several simulation scenarios wereconfigured and explored, considering the presence of different number of malicious nodes in theP2P environment, with both constant and variable behavior. Other scenarios included calculationsof combined trust and reputation for node groups. The results show that group trust ensure moreinteractions among nodes, even in the presence of a large number of malicious nodes (60% of thetotal), besides providing focused identification of malicious nodes inside groups

Towards establishing trust in manet:An integrated approach for auto-configuration,Authentication and certification

In this paper, we discuss open issues regarding certification, auto-configuration and authentication of routing messages for mobile ad-hoc networks (MANET). We describe and discuss existing models for these operations and highlight their specific problems. Considering routing protocols usage, we propose new solutions based on protocol modifications and distributed certifications that can be integrated to establish trust relationships for MANET operation and utilizatio

Determinação do Sexo a partir da Contagem de Linhas Brancas nas Impressões Digitais de Brasileiros

A credibilidade das impressões digitais como marcadores biométricos de identidade tem sido uma constante desde os primórdios da humanidade, tal fato se baseia em importantes características das impressões digitais: estabilidade após o desenvolvimento completo, fácil classificação dos padrões de desenhos, coleta não invasiva e singularidade ao longo da vida de um indivíduo. Neste estudo, as linhas brancas (albodatilares) das dez impressões digitais de 100 homens e de 100 mulheres brasileiros foram contadas e estatisticamente analisadas. O principal objetivo foi verificar se esta característica depende do sexo a ponto de permitir distingui-lo categoricamente. Em alguns casos foi possível perceber diferenças significativas entre as mãos, os dedos e os tipos fundamentais das impressões digitais. A partir da contagem de linha branca (WLC) foram desenvolvidos limiares para discriminação sexual em eventuais casos de identificação humana no Brasil

Set of usability heuristics for quality assessment of mobile applications on smartphones

The innovations proposed by the cell phone market have grown steadily in recent years, along with the increasing complexity of the hardware, operating systems, and applications available in this market. These changes bring new challenges related to usability that need to be considered during the development process of these applications since the new forms of user-application interactions increasingly require adapting the behavior of smartphone users. In this situation, usability is an important issue that depends on factors such as the Users, their characteristics and abilities, the Task which the users intend to achieve and also the application usage Context. This work presents a systematic literature review with the objective of identifying the heuristics and usability metrics used in the literature and/or industry. Based on the review results, this work presents another contribution with a proposal of a set of usability heuristics focused in mobile applications on smartphones, considering the User, Task and Context as usability factors and Cognitive Load as an important attribute of usability. The components of this set are detailed in a model intended to be used in empirical validations allowing to dynamically incorporate improvements to the proposal

Acquisition and Analysis of Digital Evidencein Android Smartphones

From an expert's standpoint, an Android phone is a large data repositorythat can be stored either locally or remotely. Besides, its platform allows analysts toacquire device data and evidence, collecting information about its owner and facts underinvestigation. This way, by means of exploring and cross referencing that rich data source,one can get information related to unlawful acts and its perpetrator. There are widespreadand well documented approaches to forensic examining mobile devices and computers.Nevertheless, they are neither specific nor detailed enough to be conducted on Androidcell phones. These approaches are not totally adequate to examine modern smartphones,since these devices have internal memories whose removal or mirroring procedures areconsidered invasive and complex, due to difficulties in having direct hardware access. Theexam and analysis are not supported by forensic tools when having to deal with specific filesystems, such as YAFFS2 (Yet Another Flash File System). Furthermore, specific featuresof each smartphone platform have to be considered prior to acquiring and analyzing itsdata. In order to deal with those challenges, this paper proposes a method to perform dataacquisition and analysis of Android smartphones, regardless of version and manufacturer.The proposed approach takes into account existing techniques of computer and cellphone forensic examination, adapting them to specific Android characteristics, its datastorage structure, popular applications and the conditions under which the device wassent to the forensic examiner. The method was defined in a broad manner, not namingspecific tools or techniques. Then, it was deployed into the examination of six Androidsmartphones, which addressed different scenarios that an analyst might face, and wasvalidated to perform an entire evidence acquisition and analysis

A parallel approach to pca based malicious activitydetection in distributed honeypot data

Model order selection (MOS) schemes, which are frequently employed inseveral signal processing applications, are shown to be effective tools for the detectionof malicious activities in honeypot data. In this paper, we extend previous results byproposing an efficient and parallel MOS method for blind automatic malicious activitydetection in distributed honeypots. Our proposed scheme does not require any previousinformation on attacks or human intervention. We model network traffic data as signalsand noise and then apply modified signal processing methods. However, differently fromthe previous centralized solutions, we propose that the data colected by each honeypotnode be processed by nodes in a cluster (that may consist of the collection nodesthemselves) and then grouped to obtain the final results. This is achieved by having eachnode locally compute the Eigenvalue Decomposition (EVD) to its own sample correlationmatrix (obtained from the honeypot data) and transmit the resulting eigenvalues to acentral node, where the global eigenvalues and final model order are computed. Themodel order computed from the global eigenvalues through RADOI represents the numberof malicious activities detected in the analysed data. The feasibility of the proposedapproach is demonstrated through simulation experiments

Trust-based security for the OLSR routing protocol

International audienceThe trust is always present implicitly in the protocols based on cooperation, in particular, between the entities involved in routing operations in Ad hoc networks. Indeed, as the wireless range of such nodes is limited, the nodes mutually cooperate with their neighbors in order to extend the remote nodes and the entire network. In our work, we are interested by trust as security solution for OLSR protocol. This approach fits particularly with characteristics of ad hoc networks. Moreover, the explicit trust management allows entities to reason with and about trust, and to take decisions regarding other entities. In this paper, we detail the techniques and the contributions in trust-based security in OLSR. We present trust-based analysis of the OLSR protocol using trust specification language, and we show how trust-based reasoning can allow each node to evaluate the behavior of the other nodes. After the detection of misbehaving nodes, we propose solutions of prevention and countermeasures to resolve the situations of inconsistency, and counter the malicious nodes. We demonstrate the effectiveness of our solution taking different simulated attacks scenarios. Our approach brings few modifications and is still compatible with the bare OLSR