Hodnocení zabezpečení obchodních informací / Rating of Security Business Informations

Veselý, Martin

January 2009

The thesis ”Rating of security business information” is focused on creating metrics in order to assess security of an information system of the company Tech4sec, spol.s.r.o. Risks of the information system and their impact on economy of the company are elaborated by application of the created metrics. To build the part of IS/IT strategy of the company that leads to elimitation of the risks found is dealt with in the thesis as well.

Secure Digital Provenance: Challenges and a New Design

Rangwala, Mohammed M.

January 2014

Indiana University-Purdue University Indianapolis (IUPUI) / Derived from the field of art curation, digital provenance is an unforgeable record of a digital object's chain of successive custody and sequence of operations performed on the object. It plays an important role in accessing the trustworthiness of the object, verifying its reliability and conducting audit trails of its lineage. Digital provenance forms an immutable directed acyclic graph (DAG) structure. Since history of an object cannot be changed, once a provenance chain has been created it must be protected in order to guarantee its reliability. Provenance can face attacks against the integrity of records and the confidentiality of user information, making security an important trait required for digital provenance. The digital object and its associated provenance can have different security requirements, and this makes the security of provenance different from that of traditional data. Research on digital provenance has primarily focused on provenance generation, storage and management frameworks in different fields. Security of digital provenance has also gained attention in recent years, particularly as more and more data is migrated in cloud environments which are distributed and are not under the complete control of data owners. However, there still lacks a viable secure digital provenance scheme which can provide comprehensive security for digital provenance, particularly for generic and dynamic ones. In this work, we address two important aspects of secure digital provenance that have not been investigated thoroughly in existing works: 1) capturing the DAG structure of provenance and 2) supporting dynamic information sharing. We propose a scheme that uses signature-based mutual agreements between successive users to clearly delineate the transition of responsibility of the digital object as it is passed along the chain of users. In addition to preserving the properties of confidentiality, immutability and availability for a digital provenance chain, it supports the representation of DAG structures of provenance. Our scheme supports dynamic information sharing scenarios where the sequence of users who have custody of the document is not predetermined. Security analysis and empirical results indicate that our scheme improves the security of the typical secure provenance schemes with comparable performance.

availability

confidentiality

cryptography

integrity

provenance

signatures

Cryptography -- Research

Data protection -- Research

Digital signatures

Cultural property -- Protection

Computer networks -- Security measures

Database management

Databases -- Quality control

Computer networks -- Monitoring

Information services -- Quality control

Application software -- Development

Computer programs -- Validation

Smart card fault attacks on public key and elliptic curve cryptography

Ling, Jie

January 2014

Indiana University-Purdue University Indianapolis (IUPUI) / Blömmer, Otto, and Seifert presented a fault attack on elliptic curve scalar multiplication called the Sign Change Attack, which causes a fault that changes the sign of the accumulation point. As the use of a sign bit for an extended integer is highly unlikely, this appears to be a highly selective manipulation of the key stream. In this thesis we describe two plausible fault attacks on a smart card implementation of elliptic curve cryptography. King and Wang designed a new attack called counter fault attack by attacking the scalar multiple of discrete-log cryptosystem. They then successfully generalize this approach to a family of attacks. By implementing King and Wang's scheme on RSA, we successfully attacked RSA keys for a variety of sizes. Further, we generalized the attack model to an attack on any implementation that uses NAF and wNAF key.

Smart Card

RSA

ECC

Fault Attack

Smart Card Security

Public Key

NAF

wNAF

Counter Fault Attack

Bit Flip Attack

Doubling Attack

Attack Simulation

Data encryption (Computer science)

Curves, Elliptic -- Data processing

Cryptography -- Mathematics

Public key cryptography -- Research

Data protection -- Research

Computer engineering -- Research

Coding theory

Computer security

Data structures (Computer science)

Embedded computer systems

Smart card industry

Computer networks -- Security measures

Computers -- Access control

論網路匿名言論之保障－以身分揭露程序為中心 / A Study on the Protection of Anonymous Online Speech: Focusing on the Procedure for Disclosing the Identity of Anonymous Speakers

鍾安, Chung, An

Unknown Date

在網路世界中，人們以匿名表達意見遠比現實生活中更為容易，這件事已劇烈地改變了匿名言論的量與質。從好的面向看，匿名帶來自主，讓異議者可以透過網路匿名，表達可能永遠都不敢在眾人面前說出來的真正想法，讓觀念市場變得多元豐富；另一方面，匿名提高了追究責任的困難。相較於現實世界的言論，損害他人或構成犯罪的惡質網路匿名言論，將造成影響更深遠且永久的傷害。 　　目前，關於網路匿名言論的管制方式，世界各國政府都是仰賴「事後追懲模式」和「實名認證模式」的其中一種。前者是網路使用者原則上可以匿名地發表言論，但如果發表不當言論並造成傷害，受害者或國家可以揭露其身份以對其展開司法追訴；後者是網路使用者在張貼言論前，必須先向國家機關指定的網路業者交出個人真實身份資料以進行驗證後，才能匿名發言，或甚至完全禁止以匿名方式發言，讓網路使用者感受到被眾人監督的壓力，不敢發表不當內容。 　　本文主張，網路匿名言論是受到憲法所保障的權利，而「事後追懲模式」相較於「實名認證模式」，較能調和不同權利間的衝突。不過，儘管我國政府採取此模式，卻在設計民刑事訴訟制度時，漏未導入匿名言論權利的思考，導致網路匿名表意者一經策略性訴訟攻擊，真實身份就會立即暴露，使得匿名表意自由不過徒有虛幻表象。因此，本文建議，為落實對匿名言論自由的保護，立法者宜參考美國法，修改部分訴訟法來處理此問題。 / On the internet, people can express themselves anonymously far easier than in the physical world. This fact has dramatically changed both the quantities and qualities of anonymous speech. On the bright side, anonymity brings more autonomy. Dissenters can express their real opinions, which they might never have the courage to speak out in public. It, in turn will promote the diversity and integrity of the marketplace of ideas. Yet, anonymity also makes it more difficult to hold the speakers accountable. In addition, compared to speech in the real physical world, malicious online anonymous speech will cause more serious permanent harms. 　　Today, governments around the world are either relying on the “Ex Post Compensation and Punishment” approach or the “Real-Name Verification System” to regulate online anonymous speech. Under the former approach, internet users can express their opinions anonymously, but if the content of their speech is malicious and causes damages to other people, the victim can seek disclosure of the speaker’s identity in order to take legal actions against the speaker. In contrast, under the latter system, internet users have to provide their personal information (real identities) to the ISPs or ICPs appointed by governments and complete the verification process before they can post their words. Some real name systems go even further by banning anonymous speech completely. By making users feel like they are being supervised by the public, the real name system wishes to deter indecent contents 　　This thesis argues that online anonymous speech is protected by the Constitution, and the ‘Ex Post Compensation and Punishment’ is a preferred approach because it can better balance the conflicting rights. In Taiwan, although the government has chosen the ‘Ex Post Compensation and Punishment’ approach, current civil/criminal procedural laws and practices afford little protection to online anonymous speakers. The plaintiff, who is allegedly harmed by the anonymous speech, can easily bring a “Strategic Lawsuit,” with the sole purpose of obtaining the identity of the online anonymous speaker. Consequently, this thesis suggests that, in order to better protect the freedom of anonymous speech, the legislators of Taiwan should refer to U.S. laws and practices and revise several provisions of Taiwan’s Code of Civil Procedure and Code of Criminal Procedure.

匿名言論

資訊隱私

匿名性

網路匿名言論

網路鬆綁效應

責任

網路實名制

策略性訴訟

網路服務提供者

網路內容提供者

個人資料保護法

Anonymous Speech

Information Privacy

Anonymity

Online Anonymous Speech

Online Disinhibition Effect

Liability

Real-Name Verification System

Strategic Lawsuit

Internet Service Provider

Internet Content Provider

Personal Data Protection Act

Quantitative Agricultural Policy Impact Analysis at Enhanced Farm & Regional Resolution

Gocht, Alexander

18 June 2024

In dieser Habilitationsschrift werden elf ausgewählte Zeitschriftenartikel vorgestellt. Alle Artikel zielen darauf ab, die Heterogenität der Betriebe des Agrarsektors durch eine bessere Auflösung der Angebotsmodelle zu berücksichtigen. Der erste Abschnitt konzentriert sich auf die Anwendungen mit dem partiellen Gleichgewichtsmodell CAPRI. Der Abschnitt deckt ein breites Spektrum politischer Fragen ab, zum Beispiel, Kopplung bzw. Konvergenz der Direktzahlungen, Ökologisierung, Verringerung der Treibhausgasemissionen und Kohlenstoffsequestrierung. Ich zeige, dass betriebsbezogene Angebotsmodelle eine detailliertere Analyse politischer Auswirkungen ermöglichen. Zudem erlauben diese Angebotsmodelle eine Verknüpfung mit Modellen höherer räumlicher Auflösung. Der zweite Abschnitt befasst sich mit methodischen Fragen zur Schätzung struktureller Veränderungen auf der Ebene der Betriebstypen in einem EU-weiten Ansatz. Der entwickelte Ansatz hilft, Faktoren, die den landwirtschaftlichen Strukturwandel beeinflussen, besser zu bestimmen und bietet die Möglichkeit einer umfassenden Analyse des landwirtschaftlichen Strukturwandels in der EU. Es wird gezeigt, dass die Ergebnisse zum Strukturwandel auch in der Modellierung berücksichtigt werden können. Dafür wurden Methoden entwickelt, die die Wahrung der Konsistenz der regionalen Ebene und die Berücksichtigung von betriebstypspezifischen Bilanzen, Indikatoren und Veränderungen in der Zahl der landwirtschaftlichen Betriebe gewähren. Der letzte Abschnitt befasst sich mit Methoden zur Rückschätzung von zensierten Daten. Ich untersuche verschiedene Datenaggregationsansätze, wie zum Beispiel, ein lokales gewichtetes Durchschnittsverfahren und ein bayesianisches Schätzverfahren, um Parameter für die zensierten Daten zu ermitteln, die der Realität so weit wie möglich entsprechen. / In this habilitation thesis, eleven selected journal articles were presented. All articles aimed to improve the resolution and thus reduce aggregation error to better account for farm heterogeneity in the agricultural sector models. The first section focused on model application with the partial equilibrium model CAPRI at the farm-type level. It covered many policy issues, such as coupling, convergence, greening, GHG mitigation, and carbon sequestration. I demonstrate that the farm-type supply models enable a detailed analysis of various policy impacts. It was demonstrated that the EU's supply models could improve model linkage with higher spatial resolution models, thus further closing the gap with spatial land-use models. The second section addressed significant methodological queries about estimating structural changes at the farm-type level in an EU-wide approach. A regional approach helps to identify better factors affecting agricultural structural change. The approach offers the opportunity for a comprehensive and previously unachievable analysis of agricultural structural change in the EU. Integrating the development into the CAPRI farm-type model poses challenges with the top-down approach. It requires maintaining consistency with the regional NUTS2 level and considering farm-type-specific balances, indicators, and changes in the number of farms from the structural change estimation. The last section addressed methods for back-estimating censored data. I explored different data aggregation approaches, such as a local weighted average method and a Bayesian estimation procedure, to establish parameters for the censored data that match reality as closely as possible.

Einkommensverteilungseffekte

GAP-Reform

Modellierung auf Betriebsebene

Direktzahlungen

Bodenrenten

Anbaudiversifizierung

Betriebsmodell

Dauergrünland

Kohlenstoffbindung

Treibhausgasemissionen

Produktivitätsanalyse

Ländliche und regionale Entwicklung

Genom-Editierung

Handelsverzerrung

Betrieblicher Strukturwandel

Produktionsspezialisierung

Betriebsstandort

Baseline

Betriebstypologien

Highest Posterior Density Estimation

Zensusdaten

Clusteranalyse

Income distributional effects

CAP reform

Farm-level modeling

Direct payments

Land rents

Crop diversification

Ecological focus area

Economic and environmental impacts

Farm model

Permanent grassland

Carbon sequestration

Greenhouse gas emissions

Productivity analysis

Rural and regional development

Genome editing

Trade distortion

Farm structural change

Production specialization

Farm location

Baseline

Farm typologies

Highest posterior density

Data protection regulation

Census data

ddc:630

Las nuevas tecnologías en la administración de justicia. La validez y eficacia del documento electrónico en sede procesal

Jaume Bennasar, Andrés

09 October 2009

La tesis se encarga de analizar, por un lado, la integración y el desarrollo de las nuevas tecnologías en la Administración de Justicia; y, por otro, los parámetros que constituyen la validez y eficacia del documento electrónico. La primera cuestión se centra en la configuración de los Sistemas de Información de la Oficina Judicial y del Ministerio Fiscal, así como de la informatización de los Registros Civiles, donde el art. 230 LOPJ es la pieza clave. Se estudian sus programas, aplicaciones, la videoconferencia, los ficheros judiciales y las redes de telecomunicaciones que poseen la cobertura de la firma electrónica reconocida, donde cobran gran relevancia los convenios de colaboración tecnológica. La digitalización de las vistas quizá sea una de las cuestiones con más trascendencia, teniendo en cuenta que el juicio es el acto que culmina el proceso. Aunque no todos los proyectos adoptados en el ámbito de la e.justicia se han desarrollado de forma integral, ni han llegado a la totalidad de los órganos judiciales. El objetivo final es lograr una Justicia más ágil y de calidad, a lo cual aspira el Plan Estratégico de Modernización de la Justicia 2009-2012 aprobado recientemente.En referencia a la segunda perspectiva, no cabe duda que el Ordenamiento jurídico y los tribunales, en el ámbito de la justicia material, otorgan plena validez y eficacia al documento electrónico. Nuestra línea de investigación se justifica porque cada vez son más los procesos que incorporan soportes electrónicos de todo tipo, ya sea al plantearse la acción o posteriormente como medio de prueba (art. 299.2 LEC). Entre otros temas examinamos el documento informático, la problemática que rodea al fax, los sistemas de videograbación y el contrato electrónico. / La tesi s'encarrega d'analitzar, per una part, la integració i el desenvolupament de les noves tecnologies dins l´Administració de Justícia; i, per l'altra, els paràmetres que constitueixen la validesa i l'eficàcia del document electrònic. La primera qüestió es centra en la configuració dels Sistemes d´Informació de l´Oficina Judicial i del Ministeri Fiscal, així com de la informatització dels Registres Civils, on l'art. 230 LOPJ es la peça clau. S'estudien els seus programes, aplicacions, la videoconferència, el fitxers judicials i les xarxes de telecomunicacions que tenen la cobertura de la firma electrònica reconeguda, on cobren gran rellevància els convenis de col·laboració tecnològica. La digitalització de les vistes tal vegada sigui una de les qüestions amb més transcendència, tenint amb compte que el judici es l'acte que culmina el procés. Però no tots el projectes adoptats en l'àmbit de la e.justicia s'han desenvolupat d'una manera integral ni han arribat a la totalitat dels òrgans judicials. L'objectiu final es assolir una Justícia més àgil i de qualitat, al que aspira el Pla Estratègic de Modernització de la Justícia 2009-2012 aprovat recentment. En referència a la segona perspectiva, no hi ha dubte que l´Ordenament jurídic i els tribunals, en l'àmbit de la justícia material, donen plena validesa i eficàcia al document electrònic. La nostra línia d'investigació es justifica perquè cada vegada son més el processos que incorporen suports electrònics de tot tipus, ja sigui quant es planteja l'acció o posteriorment como a medi de prova (art. 299.2 LEC). Entre altres temes examinem el document informàtic, la problemàtica que envolta al fax, els sistemes de videogravació i el contracte electrònic. / The thesis seeks to analyse, on the one hand, the integration and development of the new technologies in the Administration of Justice; and, on the other, the parameters which constitute the validity and efficiency of the electronic document.The first question centres on the configuration of the Information Systems of the Judicial Office and the Public Prosecutor, as well as the computerisation of the Civil Registers, where the art. 230 LOPJ it's the part key. Their programmes, applications, the Video Conferencing, the judicial registers and the telecommunication networks which are covered by the recognised electronic signatures, are studied, where the agreements on technological collaboration gain great relevance. The digitalisation of evidence might perhaps be one of the questions with most consequence, bearing in mind that the judgment is the act by which the process is culminated. Although not all the projects adopted within the compass of e.justice have developed completely nor have reached all the judicial organs. The final objective is to achieve an agile, quality Justice, to which the recently approved Strategic Plan for the Modernisation of Justice aspires.With reference to the second perspective, there is no doubt that the juridical Ordinance and the tribunals within the compass of material justice grant full validity and efficacy to the electronic document. Our line of investigation is justified because there are more and more processes which are sustained by electronic supports of all kinds, whether it be at the establishment of the action or later, as a proof of it (art. 299.2 LEC). Amongst other things, we examine the computerised document, the problems which surround the fax, the systems for video recording and the electronic contract.

Minerva Programme

Libra Programme

e.justice

contracte informàtic

document informàtic

consentiment electrònic

contracte electrònic

registres fonogràfics

videogravació

suports electrònics

dades

so i la imatge

mitjans reproducció paraula

mitjans de prova art. 299.2 LEC

Procés Monitori

xarxes Judicials Unió Europea

Pla Transparència Judicial

Estadística Judicial

Centre Documentació Judicial (CENDOJ)

aplicació Inter-Ius

Punt Neutre Judicial

Sistema Lexnet

firma electrònica

informàtics i similars

videoconferència

Agenda d'assenyalaments electrònica

Sistema Gravació Digital Arconte

elements de convicció

immediació

documentació d'actuacions i vistes

protecció de dades

fitxers judicials

informatització registres civils

Programa Minerva

Programa Libra

e.justícia

LOPJ

contrato informático

documento informático

consentimiento electrónico

contrato electrónico

registros fonográficos

videograbaciones

soportes electrónicos

datos

el sonido y la imagen

medios reproducción palabra

art. 299.2 LEC

medios prueba

Proceso Monitorio

iniciativas tecnológicas

Comunidades Autónomas

Redes Judiciales Unión Europea

Plan Transparencia Judicial

tratamiento sistemas informáticos

Estadística Judicial

Centro Documentación Judicial (CENDOJ)

Aplicación Inter-Ius

Punto Neutro Judicial

Sistema Lexnet

firma electrónica

informáticos y similares

videoconferencia

Agenda señalamientos electrónica

Sistema Grabación Digital Arconte

elementos de convicción

inmediación

Documentación de actuaciones y vistas

protección de datos

ficheros judiciales

Informatización registros civiles

Programa Minerva

Programa Libra

LOPJ

e.justicia

computerisation of civil registers

Judicial records

data protection

documentation of acts and evidence

immediacy

elements of conviction

the Arconte system of Digital Recording

Agenda of electronic signals

video Conferencing

computerised and other means

electronic signature

Lexnet System

Judicial Neutral Position

application Inter-Ius

Judicial Statistic

treatment by information systems

the Plan for Judicial Transparency

European Union Judicial networks

Monitoring process

means of proof art. 299.2 LEC

means of reproduction of word

sound and image

instruments which permit filing

recognising and reproducing words

data

electronic supports

video recording

phonographic registers

electronic contract

electronic consent

contracts drawn up by automatic devices

computerised document

computerised contract

Dret Processal

34

340