Global ETD Search

41	Um modelo de detecção de eventos em redes baseado no rastreamento de fluxos / Corrêa, Jorge Luiz. January 2009 (has links) Orientador: Adriano Mauro Cansian / Banca: Kalinka Regina Lucas Jaquie Castelo / Banca: Aleardo Manacero Junior / Resumo: Este trabalho apresenta um modelo de detecção de eventos em redes baseado no rastreamento de fluxos no padrão Netflow. Atualmente, a utilização de fluxos de rede como mecanismo de monitoria de tráfego tem se tornado cada vez mais importante devido a escalabilidade proporcionada. Inicialmente estabelece-se uma arquitetura de coleta e armazenamento de fluxos baseada em bancos de dados relacionais. Coletados os fluxos, criam-se estruturadas denominadas assinaturas para a descrição dos eventos de interesse no ambiente monitorado. O modelo utiliza duas vertentes na detecção de eventos: a baseada em abuso e a baseada em anomalias. A detecção baseada em abuso visa identificar eventos que produzam características fixas no tráfego de um ambiente. A detecção por anomalias visa identificar padrões de tráfego considerados anormais, podendo utilizar diferentes mecanismos de detecção. A arquitetura do sistema é capaz de coletar e armazenar fluxos, processá-los confrontando-os com uma base de assinaturas, utilizar mecanismos de detecção de anomalias e produzir relatórios para o administrador. O sistema foi testado em um ambiente isolado para coleta de informações, tais como taxas de erros e acertos, e no ambiente de produção do Instituto de Biociências, Letras e Ciências Exatas de São José do Rio Preto (IBILCE - UNESP). Além de eventos isolados de interesse dos administradores, podem ser descritos e detectados eventos como ataques de dicionário, hosts com aplicações de compartilhamento de arquivos (P2P), Bittorrent, chamadas de voz Skype, varreduras de redes e artefatos maliciosos. O modelo é aplicável em redes de pequeno e médio porte sem grandes investimentos, permitindo que eventos sejam detectados por meio da identificação de padrões comportamentais que estes geram no ambiente de rede. Testes mostraram que o modelo é capaz de descrever diversos protocolos... (Resumo completo, clicar acesso eletrônico abaixo) / Abstract: This work presents a detection model of networks events based on the tracking of Netflow standard flows. Currently, the use of network flows as a mechanism for monitoring traffic has become increasingly important because of the scalability provided. Initially an architecture is established for collection and storage of flows based on relational databases. Once collected the flows, structures called signatures are created to describe the events of interest in the environment monitored. The model uses two strands in the detection of events: one based on the abuse and one based on anomalies. The abuse detection aims to identify events that produce fixed characteristics in the traffic of an environment. The anomaly detection aims to identify traffic patterns considered abnormal and may use different mechanisms of detection. The architecture of the system is able to collect and store flows, process them confronting them with a signature database, make use mechanisms of anomaly detection and produce reports for the administrator. The system was tested in an isolated environment for collecting information such as rates of errors and successes, and in the production environment of the Instituto de Biociencias, Letras e Ciencias Exatas de Sao Jose do Rio Preto (IBILCE - UNESP). Further of isolated events of interest of administrators, can be detected and described events as a dictionary attack, hosts with file sharing applications (P2P), BitTorrent, Skype voice calls, network scans and malicious softwares. The model is applicable to networks of small and medium businesses without large investments, allowing events to be detected by identifying behavioral patterns that they generate in the network environment. Tests showed that the model is able to describe several protocols and patterns of attacks, with rates of hits and misses compatible with security tools known efficient. / Mestre Assinaturas digitais. Sistemas de segurança. Security systems. eng
42	Um modelo de detecção de eventos em redes baseado no rastreamento de fluxos Corrêa, Jorge Luiz [UNESP] 25 August 2009 (has links) (PDF) Made available in DSpace on 2014-06-11T19:29:40Z (GMT). No. of bitstreams: 0 Previous issue date: 2009-08-25Bitstream added on 2014-06-13T20:19:45Z : No. of bitstreams: 1 correa_jl_me_sjrp.pdf: 1580875 bytes, checksum: f27e3532f4fe7e993ae4b32275dcaf24 (MD5) / Coordenação de Aperfeiçoamento de Pessoal de Nível Superior (CAPES) / Este trabalho apresenta um modelo de detecção de eventos em redes baseado no rastreamento de fluxos no padrão Netflow. Atualmente, a utilização de fluxos de rede como mecanismo de monitoria de tráfego tem se tornado cada vez mais importante devido a escalabilidade proporcionada. Inicialmente estabelece-se uma arquitetura de coleta e armazenamento de fluxos baseada em bancos de dados relacionais. Coletados os fluxos, criam-se estruturadas denominadas assinaturas para a descrição dos eventos de interesse no ambiente monitorado. O modelo utiliza duas vertentes na detecção de eventos: a baseada em abuso e a baseada em anomalias. A detecção baseada em abuso visa identificar eventos que produzam características fixas no tráfego de um ambiente. A detecção por anomalias visa identificar padrões de tráfego considerados anormais, podendo utilizar diferentes mecanismos de detecção. A arquitetura do sistema é capaz de coletar e armazenar fluxos, processá-los confrontando-os com uma base de assinaturas, utilizar mecanismos de detecção de anomalias e produzir relatórios para o administrador. O sistema foi testado em um ambiente isolado para coleta de informações, tais como taxas de erros e acertos, e no ambiente de produção do Instituto de Biociências, Letras e Ciências Exatas de São José do Rio Preto (IBILCE - UNESP). Além de eventos isolados de interesse dos administradores, podem ser descritos e detectados eventos como ataques de dicionário, hosts com aplicações de compartilhamento de arquivos (P2P), Bittorrent, chamadas de voz Skype, varreduras de redes e artefatos maliciosos. O modelo é aplicável em redes de pequeno e médio porte sem grandes investimentos, permitindo que eventos sejam detectados por meio da identificação de padrões comportamentais que estes geram no ambiente de rede. Testes mostraram que o modelo é capaz de descrever diversos protocolos... / This work presents a detection model of networks events based on the tracking of Netflow standard flows. Currently, the use of network flows as a mechanism for monitoring traffic has become increasingly important because of the scalability provided. Initially an architecture is established for collection and storage of flows based on relational databases. Once collected the flows, structures called signatures are created to describe the events of interest in the environment monitored. The model uses two strands in the detection of events: one based on the abuse and one based on anomalies. The abuse detection aims to identify events that produce fixed characteristics in the traffic of an environment. The anomaly detection aims to identify traffic patterns considered abnormal and may use different mechanisms of detection. The architecture of the system is able to collect and store flows, process them confronting them with a signature database, make use mechanisms of anomaly detection and produce reports for the administrator. The system was tested in an isolated environment for collecting information such as rates of errors and successes, and in the production environment of the Instituto de Biociencias, Letras e Ciencias Exatas de Sao Jose do Rio Preto (IBILCE - UNESP). Further of isolated events of interest of administrators, can be detected and described events as a dictionary attack, hosts with file sharing applications (P2P), BitTorrent, Skype voice calls, network scans and malicious softwares. The model is applicable to networks of small and medium businesses without large investments, allowing events to be detected by identifying behavioral patterns that they generate in the network environment. Tests showed that the model is able to describe several protocols and patterns of attacks, with rates of hits and misses compatible with security tools known efficient. Assinaturas digitais Sistemas de segurança Análise de fluxos Detecção de intrusão Abuso e anomalia Security systems
43	Maquinas virtuais em ambientes seguros / Virtual machines in secure environments Castro, Arthur Bispo de 02 October 2006 (has links) Orientador: Paulo Licio de Geus / Dissertação (mestrado) - Universidade Estadual de Campinas, Instituto de Computação / Made available in DSpace on 2018-08-10T18:08:43Z (GMT). No. of bitstreams: 1 Castro_ArthurBispode_M.pdf: 1955953 bytes, checksum: 46cf350cf44d894dc72583bf5206f94e (MD5) Previous issue date: 2006 / Resumo: Desde o início da computação a idéia de máquinas virtuais vem sendo aplicada para estender o multiprocessamento, multi-programação e multi-acesso, tornando os sistemas multi-ambiente. O contínuo aumento no poder de processamento dos computadores fez com que máquinas muito rápidas estivessem ao alcance de qualquer usuário, surgindo PCs com processamento, espaço em disco e memória suficiente para comportar mais de um sistema compartilhando o mesmo hardware. Basicamente, o objetivo das máquinas virtuais é produzir um sistema mais simples, que permita que no mesmo hardware sejam executados vários sistemas operacionais. Sua implementação se resume a um programa gerenciador chamado VMM (Virtual Machine Monitor), que cria um ambiente que simula o acesso direto ao hardware. Este gerenciador é classificado em vários tipos, apresentados neste trabalho. Graças às suas funcionalidades e variedades, o uso das máquinas virtuais pode ser estendido a fim de promover maior segurança e desempenho em redes, apresentando diversas vantagens e garantindo um ambiente mais confiável. São aplicáveis às estações de trabalho, à detecção e aprendizado de novos ataques a sistemas operacionais e aplicações, além de focar o aumento de segurança de servidores. Devido à disponibilidade de um laboratório de segurança de redes, pode-se colocar uma implementação de máquinas virtuais em sistemas reais de produção: servidor web, ftp, dns, e-mail, etc., e seus resultados confirmam o êxito desta utilização / Abstract: Since the beginning of computing, the concept of virtual machines has been associated with extending multi-processing, multi-programming and multi-access to create multienvironment systems. The continual increase in computer processing power has resulted in the common user having access to personal computers whose processing speed, disk space and memory are sufficient to support more than one operating system, whilst sharing, the same hardware. In simple terms, the goal of a virtual machine is to produce a simple system that permits that various operating systems can be executed on the same hardware. It is implemented via a managing program called VMM (Virtual Machine Monitor) that creates an environment that simulates direct access to the hardware. This managing program can be implemented in diverse ways, as will be discussed in this work. Due to its functionality and flexibility, virtual machines can be employed to provide greater security and performance in networked environments, offering various advantages and guaranteeing a trustworthy environment. In this work, virtual machines have been employed in workstations to detectand learn new attacks against operating systems and applications, as well as to increase .the security of the servers. Due to availability of a network security laboratory the ideas proposed have been implemented in real production systems: web server, ftp, dns, e-mail, etc., and the results confirm the effectiveness of the utilizations / Mestrado / Segurança de Redes / Mestre em Ciência da Computação Redes de computadores Sistemas operacionais (Computadores) Sistemas de segurança Computer networks Operating systems (Computers) Security systems
44	Uma infraestrutura para laboratórios de acesso remoto federados com suporte à virtualização / An infraestructure for federated remote access laboratories with virtualization support Feliciano, Guilherme de Oliveira, 1982- 08 December 2013 (has links) Orientador: Eleri Cardozo / Dissertação (mestrado) - Universidade Estadual de Campinas, Faculdade de Engenharia Elétrica e de Computação / Made available in DSpace on 2018-08-23T13:04:59Z (GMT). No. of bitstreams: 1 Feliciano_GuilhermedeOliveira_M.pdf: 2077722 bytes, checksum: 5dd4458ac834821b2bacb4160ad55aee (MD5) Previous issue date: 2013 / Resumo: O resumo poderá ser visualizado no texto completo da tese digital / Abstract: The Abstract is available with the full electronic document / Mestrado / Engenharia de Computação / Mestre em Engenharia Elétrica Redes de computadores Sistemas de segurança Virtualização Ensino à distância Robótica Computer networks Security systems Virtualization Distance education Robotics
45	Uma arquitetura para monitoramento de segurança baseada em acordos de níveis de serviço para nuvens de infraestrutura / An architecture for security monitoring based on services level agreements for cloud infrastructure services Ferreira, Anderson Soares, 1973- 23 August 2018 (has links) Orientador: Paulo Lício de Geus / Dissertação (mestrado) - Universidade Estadual de Campinas, Instituto de Computação / Made available in DSpace on 2018-08-23T17:54:44Z (GMT). No. of bitstreams: 1 Ferreira_AndersonSoares_M.pdf: 1713313 bytes, checksum: 51dca461e2b83cdfcc2dc93cad68a877 (MD5) Previous issue date: 2013 / Resumo: Apesar do extensivo uso da computação em nuvens na atualidade, ainda há um grande número de organizações que optam por utilizar arquiteturas computacionais tradicionais por considerarem esta tecnologia não confiável, devido a problemas não resolvidos relacionados a segurança e privacidade. A garantia da segurança em ambientes de nuvens é atualmente perseguida através de acordos de níveis de serviço de segurança; apesar disto, o monitoramento destes acordos até agora tem sido dificultada por obstáculos técnicos relacionados a virtualização, compartilhamento de recursos e multi-locação Visando o acompanhamento destes acordos e consequentemente a melhoria da segurança em nuvens de serviços de infraestrutura, este trabalho apresenta uma solução de monitoramento baseada em mecanismos seguros para coleta de informações. Utilizando-se técnicas como monitoramento caixa preta e introspecção, elimina-se a necessidade de instalação de ferramentas de monitoramento na máquina virtual. Através de informações de desempenho coletadas através da solução de monitoramento, apresenta-se também um estudo sobre a identificação de ataques a máquinas virtuais em ambientes de nuvens, através da detecção de anomalias de segurança / Abstract: Despite the extensive use of cloud computing today, there is a large number of organizations that choose to stick to traditional architectures, since this technology is considered unreliable due to as yet unsolved problems related to security and privacy. Ensuring security in cloud environments is currently being pursued through security-minded service level agreements. However, monitoring such agreements has so far been hampered by technical obstacles related to virtualization, resource sharing and multi-tenancy. Aiming at monitoring these agreements and consequently improving security in cloud infrastructure services, this work presents a monitoring architecture based on external mechanisms for collecting information. Through the use of techniques such as blackbox monitoring and introspection, one eliminates the need to install monitoring tools on the virtual machine. Also, by using performance information collected by the monitoring solution, this work presents a study about the identification of attacks to virtual machines in cloud environments through anomaly detection / Mestrado / Ciência da Computação / Mestre em Ciência da Computação Computação em nuvem Sistemas de segurança Virtualização Cloud computing Security systems Virtualization
46	Análise do mecanismo de segurança da arquitetura IMS / Analysis of the security mechanism in the IMS architecture Nobôa, Francisco José Viudes 20 August 2018 (has links) Orientador: Yuzo Iano / Dissertação (mestrado) - Universidade Estadual de Campinas, Faculdade de Engenharia Elétrica e de Computação / Made available in DSpace on 2018-08-20T16:13:03Z (GMT). No. of bitstreams: 1 Noboa_FranciscoJoseViudes_M.pdf: 2562716 bytes, checksum: 8090bd81ec54aaeab629033ee45a1ef0 (MD5) Previous issue date: 2012 / Resumo: Considerando-se que para controlar e possibilitar a entrega de diversos conteúdos e serviços a qualquer tipo de acesso fazia-se necessário um núcleo bem definido e estruturado, surgiu o IMS (IP Multimedia Subsystem) com o propósito de prover a integração completa das redes e serviços. O IMS define uma arquitetura completa e framework que habilita a convergência de voz, vídeo, dados e tecnologia de rede móvel através de uma infraestrutura baseada em IP, preenchendo a distância entre os dois paradigmas de comunicação mais bem sucedidos, celular e tecnologia IP. Este trabalho apresenta a arquitetura IMS como controle central de todas as redes, e uma arquitetura para o desenvolvimento de aplicações móveis que incorporem voz, vídeo e dados. A arquitetura IMS apesar de promissora apresenta inúmeras oportunidades de melhoria no seu mecanismo de segurança, muitas dessas oportunidades de melhoria estão relacionadas a falhas e até mesmo a falta de especificações de segurança quando a arquitetura foi originalmente implementada. Assim o maior desafio na implantação e globalização da arquitetura IMS são as falhas de segurança e a vulnerabilidade que a arquitetura possui a diversos tipos de ataques que podem atingir e prejudicar, tanto operadoras quanto usuários da rede. O objetivo deste projeto de pesquisa é apresentar uma análise detalhada sobre a estrutura da arquitetura IMS focando principalmente na arquitetura de segurança desenvolvida pela 3GPP, e assim prover análises e soluções para os ataques, vulnerabilidades e falhas de segurança que atingem a arquitetura tanto do ponto de vista de operadoras e provedores de serviço quanto na perspectiva do usuário / Abstract: Considering that to control and enable the delivery of diverse content and services to any type of access it should make necessary a core well-defined and structuralized, appeared the IMS (IP Multimedia Subsystem) in order to provide the complete integration of networks and services. IMS defines a complete architecture and framework that enables the convergence of voice, video, data and mobile network technology over an infrastructure based on IP, in addition to filling the gap between the two communications paradigms most successful, cellular and IP technology. This paper presents the IMS architecture as central control of all networks, and architecture for developing mobile applications that incorporate voice, video and data. The IMS architecture despite being promising presents numerous opportunities for improvement in its security mechanism, many of these opportunities for improvement are related to failures and even the lack of security specifications when creating the architecture. So the biggest challenge in the implementation of the IMS architecture and globalization are the security issues and vulnerabilities that the architecture faces being vulnerable to several types of attacks that can reach and affect carriers and network users. The objective of this research project is to present a detailed analysis on the structure of the IMS architecture focusing primarily on security architecture developed by 3GPP, and thus provide analysis and solutions about the attacks, vulnerabilities and security issues that affect the architecture from the point of view of carriers, service providers and from the network users / Mestrado / Telecomunicações e Telemática / Mestre em Engenharia Elétrica Segurança Redes Redes de computadores Arquitetura de redes Sistemas de segurança Security Networks Computing network Network architecture Security systems
47	MOSS : a model for open system security Van Zyl, Pieter Willem Jordaan 12 September 2012 (has links) Ph.D / This thesis looks at current security problems within open system environments, that is security problems within heterogeneous computer system environments that are interconnected via computer networks. Thereafter two security models, Kerberos and the Path Context Model, are considered together with their respective ability to address these security problems. Using concepts of the Path Context Model, a new security model, called MOSS (Model for Open System Security), is developed and it is shown how MOSS can address all the security problems identified. Two possible implementations of MOSS are then considered: the one is based on the concept of Static Security Agents (SSAs) for contemporary open system environments, and the other is based on the concept of Roaming Security Agents (RSAs) for object orientated open system environments. The research is concluded with a summary of possible future research considerations Computer security - South Africa Computer networks - Security measures Security systems - Models. Computers - Access control
48	Computação autonômica aplicada ao diagnóstico e solução de anomalias de redes de computadores / Autonomic computing applied to the diagnosis and solution of network anomalies Amaral, Alexandre de Aguiar, 1986- 27 August 2018 (has links) Orientadores: Leonardo de Souza Mendes, Mario Lemes Proença Junior / Tese (doutorado) - Universidade Estadual de Campinas, Faculdade de Engenharia Elétrica e de Computação / Made available in DSpace on 2018-08-27T01:36:35Z (GMT). No. of bitstreams: 1 Amaral_AlexandredeAguiar_D.pdf: 3847801 bytes, checksum: 71773e4b12743836bc5dc38e572c1c63 (MD5) Previous issue date: 2015 / Resumo: A tarefa de gerenciamento de redes tem se tornado cada vez mais desafiadora. Dentre esses desafios está o problema de diagnosticar e solucionar as anomalias. As soluções atuais não têm sido suficiente para atender os requisitos demandados para a aplicação em ambientes de rede de grande escala. Os principais motivos decorrem da falta de autonomicidade e escalabilidade. Nesta tese, os conceitos da computação autonômica e distribuída são explorados para diagnosticar e solucionar anomalias de rede em tempo real. A proposta é constituída de entidades autonômicas hierarquicamente distribuídas, responsáveis por detectar e reparar as anomalias nas suas regiões de domínio com a mínima intervenção humana. Isto permite a escalabilidade, viabilizando a implantação do sistema em redes de grande escala. A autonomicidade das entidades autonômicas reduz intervenções manuais e a probabilidade de erros na análise e tomada de decisão, fazendo com que a complexidade percebida pela gerência no processo de detecção de anomalias seja reduzida. Experimentos foram realizados em duas diferentes redes: Universidade Tecnológica Federal do Paraná ¿ Campus Toledo e no Instituto Federal de Santa Catarina ¿ Campus GW. Os resultados demonstraram a eficácia e autonomicidade da solução para detectar e tratar diferentes anomalias em tempo real, com a mínima intervenção humana / Abstract: The challenges inherent to network administration increase daily. Among these challenges, there is the problem of diagnosing and repairing network anomalies. Current solutions have not been enough to meet the requirements of large scale networks. The main reasons stem from the lack of autonomicity and scalability. In this thesis, autonomic and distributed computing concepts are exploited presenting a solution to diagnose and treat network anomalies in real time. In this pro-posal, autonomic entities are hierarchically distributed, being responsible for detecting and repair-ing the anomalies in their domain, with minimal human intervention. This provides scalability, enabling the system to be deployed in large scale networks. The autonomic entities autonomicity reduces the manual intervention and the likelihood of errors in the analysis and decision process, minimizing the complexity perceived by the network management in the anomaly detection pro-cedure. Experiments were performed at two different networks: Federal University of Technolo-gy Paraná (UTFPR) - Toledo Campus and at the Federal Institute of Science and Technology Santa of Catarina - GW Campus. The results demonstrated the efficacy of the solution and its autonomicity to detect and repair various anomalies in real time, with minimal human interven-tion / Doutorado / Telecomunicações e Telemática / Doutor em Engenharia Elétrica Redes de computadores - Gerência Anomalias Computer networks - Management Anomalies Computer networks - Security systems
49	An assessment of the impact of the management of the social security system on access to services in Limpopo Province Munshedzi, Thivhakoni Kingsley January 2016 (has links) Thesis (M. Dev.) -- University of Limpopo, 2016 / In attacking poverty in post-apartheid South Africa, the country’s new government adopted a multiple approach focusing on building institutions and organisations on a macro regional and local level, levels to facilitate growth, reconstruction and social upliftment. In its effort to alleviate poverty and inequality, the Government of South Africa introduced a social security system. In an endeavour to address the deficiencies surrounding this system, the government has established a number of mechanisms. In order to distribute these grants to the right people in the right place, the government formed the South African Social Security Agency (SASSA). The research problem was, therefore, to find out how the management and administration of social security by SASSA is enhancing or retarding access to the services for which the agency was established to render. The aim of this study was to assess how the management and administration of the social security system impact on the accessibility of social services by those who require them. In order to achieve the aim of this study, the following objectives were addressed: how social security is managed in the Limpopo Province; to assess the impact of the management of the system on access to services; to identify possible strategies that could enhance access to social security services; and to provide recommendations based on the literature and research findings. The findings of this study was that the administration system of the South African grant system has been somewhat cumbersome for both the applicant and the administrator because the forms used for most grants are detailed and often quite technical. Furthermore, it was established that were service delivery challenges of severe staff shortages at critical operational levels where grant applications are processed and infrastructural challenges such as insufficient office space (too many staff members in a specific office) and insufficient or no connectivity at certain service delivery points. These are all organisational challenges that SASSA is facing. This research recommend that the Limpopo regional office must not only be responsible for giving information about newly enrolled recipients to the SASSA national office but the regional office should be able to complete the whole process within its offices without passing it on to the national office The research also recommends that a Monitoring and Evaluation unit must be established in regional offices. This unit will assist the management and administration of social grants in particular with improving services. This unit will visit different SASSA offices in the local municipalities on a regular basis in order to evaluate the performance of those particular offices. This will help to monitor the service delivery to the beneficiaries. Lastly, SASSA should do more research and development in consultation academic institutions or by structure within SASSA offices Social security systems Social security
50	Essays on the Politics of Maintaining Order Wilke, Anna M. January 2021 (has links) Maintaining order is a core function of the state. Yet, in many contexts, actors other than the state are involved in combating crime and violence. Such actors range from private security companies who sell protection to vigilante mobs who brutally punish criminal suspects. This dissertation explores how states maintain order when they are faced with private crime prevention efforts. Taken together, the three chapters of the dissertation provide insights into the determinants of law enforcement policy, the sources of citizens' willingness to cooperate with the state, and the social drivers of crime and violence. Chapter 1 presents a formal model that sheds light on the incentives of political parties to invest in law enforcement when citizens can purchase private protection. Private security measures like burglar alarms, camera systems, and security guards are pervasive in high income communities around the world. I model the supply of crime and the demand for private protection together with a political process that determines public spending on the police. The model provides conditions under which parties may over- and underspend on law enforcement relative to other government services. In relatively poor societies, left parties are prone to spend less and right parties are prone to spend more than the socially optimal amount on policing. The reverse is true in relatively rich societies, where the base of the right party can afford private protection. The results call into question the conventional wisdom that tough-on-crime policies are the domain of parties on the right, and provide an explanation for why such policies in various contexts have been implemented by left-wing politicians. Throughout the developing world, criminal suspects are often assaulted or even killed at the hands of their community. Chapter 2 considers the micro-dynamics of how state capacity affects citizens’ choice between the state and mob vigilantism. I present results from a field experiment in South Africa that creates variation in the capacity of police to locate households. Findings from mid- and endline surveys suggest households exposed to an increase in police capacity became more willing to rely on police and less willing to resort to vigilantism. Results from a mechanism experiment point towards increased fear of state punishment for vigilante violence rather than improved perceptions of police service quality as the link between state capacity and vigilantism. The broader implication is that citizens’ cooperation with capable state institutions may not necessarily reflect citizens’ satisfaction with state services. Instead, citizens may draw on state institutions because states limit citizens’ choices by sanctioning those who participate in informal practices that the state deems illegal. Chapter 3 draws on original surveys with more than 10,000 respondents from hundreds of communities in Uganda, Tanzania, and South Africa to show that women are more likely than men to support mob vigilantism. This result runs counter to a large literature in public opinion that finds women are less supportive of violence than men across a variety of domains throughout industrialized contexts. Drawing on qualitative evidence, a vignette experiment in Uganda, and additional survey measures from Tanzania, the chapter shows that men and women differ in their beliefs about the downsides of mob vigilantism. Men are more likely to think mob vigilantism creates risks of false accusation for those who do not commit crime. The chapter traces this divergence in beliefs to differences in the extent to which men and women are at personal risk of being accused of a crime that they did not commit. The results highlight the role that beliefs play in the link between gender and views about violence. Political science Crime--Political aspects Private security companies Burglar alarms Security systems Police--Citizen participation Vigilantes

Search results