Актуальные проблемы привлечения к ответственности лиц за преступления в сфере информационных технологий
The article analyzes the issues of legal regulation concerning liability for offences in the field of information technology (cybercrime). Author outlines the main issues of regulation in the field of information technology, examines current approaches of Russian lawyers and expressed her own proposals to resolve issues in the designated area.
Catherine Meadows has played an important role in the advancement of formal methods for protocol security verification. Her insights on the use of, for example, narrowing and rewriting logic has made possible the automated discovery of new attacks and the shaping of new protocols. Meadows has also investigated other security aspects, such as, distance-bounding protocols and denial of service attacks. We have been greatly inspired by her work. This paper describes the use of Multiset Rewriting for the specification and verification of timing aspects of protocols, such as network delays, timeouts, timed intruder models and distance-bounding properties. We detail these timed features with a number of examples and describe decidable fragments of related verification problems.
System design where cyber-physical applications are securely coordinated from the cloud may simplify the development process. However, all private data are then pushed to these remote “swamps,” and human users lose actual control as compared to when the applications are executed directly on their devices. At the same time, computing at the network edge is still lacking support for such straightforward multidevice development, which is essential for a wide range of dynamic cyber-physical services. This article proposes a novel programming model as well as contributes the associated secure-connectivity framework for leveraging safe coordinated device proximity as an additional degree of freedom between the remote cloud and the safety-critical network edge, especially under uncertain environment constraints. This article is part of a special issue on Software Safety and Security Risk Mitigation in Cyber-physical Systems.
The article deals with the problems of ensuring functional, informational and cyber security for vehicles and transport infrastructure facilities. The analysis of the factors causing the growth of threats to the transport sector has been carried out, the list of typical cyber attacks on the components of the transport infrastructure is given. The results of the analysis of the features of automated process control systems of technological processes of vehicles and transport infrastructure facilities are presented. Recommendations on the development of transport security systems are given taking into account the specifics of various types of transport
This volume contains the papers selected for presentation at the 18th European Symposium on Research in Computer Security (ESORICS 2013), held during September 9–13, 2013, in Egham, UK. In response to the symposium’s call for papers, 242 papers were submitted to the conference from 38 countries. These papers were evaluated on the basis of their significance, novelty, technical quality, as well as on their practical impact and/or their level of advancement of the field’s foundations. The Program Committee’s work was carri ed out electronically, yielding in- tensive discussions over a period of a few weeks. Of the papers submitted, 43 were selected for presentation at the conf erence (resulting in an acceptance rate of 18%). We note that many top-quality submissions were not selected for pre- sentation because of the high technical level of the overall submissions, and we are certain that many of these submissions will, nevertheless, be published at other competitive forums in the future.
The book contains selected papers that were presented on PhD Summer schools on Scientific Computing jointly organized by Waterford Institute of Technology, Lomonosov Moscow State University, Kyiv National Taras Shevchenko University, Saint-Petersburg State University and Nanjing University of Technology. The schoold were mainly organized in teleconference mode and linked researchers and PhD students from several countries.
Phenomenology - in literal interpretation is none other than the doctrine of phenomena, i.e. about the observed phenomena or events. In modern philosophy, it acts as a method of scientific analysis of consciousness and immanent, a priori structures of human existence. This article is the result of applying this method to setting and understanding the best ways to solve problems directly related to the investigation of crimes committed using modern information technologies. Having resorted to historical generalizations, the author made an attempt to find an answer to the question why, against the backdrop of the scientific achievements of domestic criminalistics, with so many new ideas, concepts, technologies, forensic algorithms and investigation programs, progress in combating crime remains unobservable? The main reason for this state of affairs he sees in the fact that Russian criminalistics for a long time developed apart from the leading foreign research schools. At the same time, such a state of the world is still preserved, despite the global integration processes that have taken hold practically all the countries of the world. As the main direction of overcoming the crisis phenomena, the author positions the implementation in the scientific resources of domestic criminalistics of modern information technologies in general, and, to increase the effectiveness of combating crimes committed using computer and network capabilities, in particular. He considers the fight against them to be an international problem, since measures to prevent, detect, uncover and investigate crimes committed using modern information technologies can not be effective only at the national level, because of the transnational and transborder nature of the Internet itself. Given the continuing increase in the number of its users, which naturally causes their dependence on the information community and the vulnerability of all kinds of cyber attacks, a scientific analysis of the current state of investigation of crimes of this kind is made and recommendations are formulated to improve the effectiveness of this activity.
Many security protocols rely on the assumptions on the physical properties in which its protocol sessions will be carried out. For instance, Distance Bounding Protocols take into account the round trip time of messages and the transmission velocity to infer an upper bound of the distance between two agents. We classify such security protocols as Cyber-Physical. Time plays a key role in design and analysis of many of these protocols. This paper investigates the foundational differences and the impacts on the analysis when using models with discrete time and models with dense time. We show that there are attacks that can be found by models using dense time, but not when using discrete time. We illustrate this with an attack that can be carried out on most Distance Bounding Protocols. In this attack, one exploits the execution delay of instructions during one clock cycle to convince a verifier that he is in a location different from his actual position. We additionally present a probabilistic analysis of this novel attack. As a formal model for representing and analyzing Cyber-Physical properties, we propose a Multiset Rewriting model with dense time suitable for specifying cyber-physical security protocols. We introduce Circle-Configurations and show that they can be used to symbolically solve the reachability problem for our model, and show that for the important class of balanced theories the reachability problem is PSPACE-complete. We also show how our model can be implemented using the computational rewriting tool Maude, the machinery that automatically searches for such attacks.
It is well-known that the Dolev-Yao adversary is a powerful adversary. Besides acting as the network, intercepting, sending, and composing messages, he can remember as much information as he needs. That is, his memory is unbounded.
We recently proposed a weaker Dolev-Yao like adversary, which also acts as the network, but whose memory is bounded. We showed that this Bounded Memory Dolev-Yao adversary, when given enough memory, can carry out many existing protocol anomalies. In particular, the known anomalies arise for bounded memory protocols, where there is only a bounded number of concurrent sessions and the honest participants of the protocol cannot remember an unbounded number of facts nor an unbounded number of nonces at a time. This led us to the question of whether it is possible to infer an upper-bound on the memory required by the Dolev-Yao adversary to carry out an anomaly from the memory restrictions of the bounded protocol. This paper answers this question negatively (Theorem 2).
The second contribution of this paper is the formalization of Progressing Collaborative Systems that may create fresh values, such as nonces. In this setting there is no unbounded adversary, although bounded memory adversaries may be present. We prove the NP-completeness of the reachability problem for Progressing Collaborative Systems that may create fresh values.
The article is devoted to a particular form of freedom of assembly — the right to counter-demonstrate. The author underlines the value of this right as an element of democratic society, but also acknowledges the risk of violent actions among participants of opposing demonstrations. Due to this risk, the government may adopt adequate measures restricting the right to counter-demonstrate, certain types of which are analyzed in this paper.
Development of standards of international controllability is reviewed in the article. Institutional approach is applied to development of international legal regime of Energy Charter. Definition of controllability is connected to development of international standards of dispute settlement, which are described in the article in detail. In connection with controllability, Russian interest, defense of investment in European Union and ecological investment encouragement, is reviewed in the article.
мировое управление и управляемость, Мировая экономика, международное экономическое право, энергетическая хартия, International control and controllability, International economics, international economic law, Energy Charter
международное частное право; недвижимость; ; школа бартолистов; бартолисты; теория статутов; статуарная теория/