Security assessment of code refactoring rules

Refactoring is a common approach to producing better quality software. Its impact on many software quality properties, including reusability, maintainability and performance, has been studied and measured extensively. However, its impact on the information security of programs has received relatively little attention. In this work, we assess the impact of a number of the most common code-level refactoring rules on data security, using security metrics that are capable of measuring security from the viewpoint of potential information flow. The metrics are calculated for a given Java program using a static analysis tool we have developed to automatically analyse compiled Java bytecode. We ran our Java code analyser on various programs which were refactored according to each rule. New values of the metrics for the refactored programs then confirmed that the code changes had a measurable effect on information security.

Emotional arousal of beginning physics teachers during extended experimental investigations

Teachers often have difficulty implementing inquiry-based activities, leading to the arousal of negative emotions. In this multicase study of beginning physics teachers in Australia, we were interested in the extent to which their expectations were realized and how their classroom experiences while implementing extended experimental investigations (EEIs) produced emotional states that mediated their teaching practices. Against rhetoric of fear expressed by their senior colleagues, three of the four teachers were surprised by the positive outcomes from their supervision of EEIs for the first time. Two of these teachers experienced high intensity positive emotions in response to their students’ success. When student actions / outcomes did not meet their teachers’ expectations, frustration, anger, and disappointment were experienced by the teachers, as predicted by a sociological theory of human emotions (Turner, 2007). Over the course of the EEI projects, the teachers’ practices changed along with their emotional states and their students’ achievements. We account for similarities and differences in the teachers’ emotional experiences in terms of context, prior experience, and expectations. The findings from this study provide insights into effective supervision practices that can be used to inform new and experienced teachers alike.

Elaborated intrusion theory : a cognitive-emotional theory of food craving

A clear understanding of the cognitive-emotional processes underpinning desires to overconsume foods and adopt sedentary lifestyles can inform the development of more effective interventions to promote healthy eating and physical activity. The Elaborated Intrusion Theory of Desires offers a framework that can help in this endeavor through its emphases on the roles of intrusive thoughts and elaboration of multisensory imagery. There is now substantial evidence that tasks that compete for limited working memory resources with food-related imagery can reduce desires to eat that food, and that positive imagery can promote functional behavior. Meditation mindfulness can also short-circuit elaboration of dysfunctional cognition. Functional Decision Making is an approach that applies laboratory-based research on desire, to provide a motivational intervention to establish and entrench behavior changes, so healthy eating and physical activity become everyday habits.

Exploring the effect of companion robots on emotional expression in older people with dementia : a pilot randomized controlled trial

This pilot study aimed to compare the effect of companion robots (PARO) to participation in an interactive reading group on emotions in people living with moderate to severe dementia in a residential care setting. A randomized crossover design, with PARO and reading control groups, was used. Eighteen residents with mid- to late-stage dementia from one aged care facility in Queensland, Australia, were recruited. Participants were assessed three times using the Quality of Life in Alzheimer’s Disease, Rating Anxiety in Dementia, Apathy Evaluation, Geriatric Depression, and Revised Algase Wandering Scales. PARO had a moderate to large positive influence on participants’ quality of life compared to the reading group. The PARO intervention group had higher pleasure scores when compared to the reading group. Findings suggest PARO may be useful as a treatment option for people with dementia; however, the need for a larger trial was identified.

Application-level simulation for network security

NeSSi (network security simulator) is a novel network simulation tool which incorporates a variety of features relevant to network security distinguishing it from general-purpose network simulators. Its capabilities such as profile-based automated attack generation, traffic analysis and support for detection algorithm plug-ins allow it to be used for security research and evaluation purposes. NeSSi has been successfully used for testing intrusion detection algorithms, conducting network security analysis and developing overlay security frameworks. NeSSi is built upon the agent framework JIAC, resulting in a distributed and extensible architecture. In this paper, we provide an overview of the NeSSi architecture as well as its distinguishing features and briefly demonstrate its application to current security research projects.

Teamworking for security : the collaborative approach

Collaborative methods are promising tools for solving complex security tasks. In this context, the authors present the security overlay framework CIMD (Collaborative Intrusion and Malware Detection), enabling participants to state objectives and interests for joint intrusion detection and find groups for the exchange of security-related data such as monitoring or detection results accordingly; to these groups the authors refer as detection groups. First, the authors present and discuss a tree-oriented taxonomy for the representation of nodes within the collaboration model. Second, they introduce and evaluate an algorithm for the formation of detection groups. After conducting a vulnerability analysis of the system, the authors demonstrate the validity of CIMD by examining two different scenarios inspired sociology where the collaboration is advantageous compared to the non-collaborative approach. They evaluate the benefit of CIMD by simulation in a novel packet-level simulation environment called NeSSi (Network Security Simulator) and give a probabilistic analysis for the scenarios.

Human rights, the law, cyber-security and democracy : after the European Convention

Many commentators have treated the internet as a site of democratic freedom and as a new kind of public sphere. While there are good reasons for optimism, like any social space digital space also has its dark side. Citizens and governments alike have expressed anxiety about cybercrime and cyber-security. In August 2011, the Australian government introduced legislation to give effect to Australia becoming a signatory to the European Convention on Cybercrime (2001). At the time of writing, that legislation is still before the Parliament. In this article, attention is given to how the legal and policy-making process enabling Australia to be compliant with the European Convention on Cybercrime came about. Among the motivations that informed both the development of the Convention in Europe and then the Australian exercise of legislating for compliance with it was a range of legitimate concerns about the impact that cybercrime can have on individuals and communities. This article makes the case that equal attention also needs to be given to ensuring that legislators and policy makers differentiate between legitimate security imperatives and any over-reach evident in the implementation of this legislation that affects rule of law principles, our capacity to engage in democratic practices, and our civic and human rights.

Relationship between emotional climate and the fluency of classroom interactions

This study examined emotional climate in relation to the teaching and learning of grade 7 science. A multi-method and multi-theoretic approach used sociocultural frameworks as a foundation for interpretive research, conversation analysis, prosody analysis, and studies of nonverbal conduct. Emotional climate varied continuously throughout a lesson. Dialogues occurred and afforded learning when interactions between the teacher and students were fluent and included humour and collective effervescence. Emotional climate was negatively valenced when the teacher and/or students endeavoured to establish and maintain power by restricting others’ participation to spectator roles. The teacher’s endeavours to maintain and establish control over students were potentially detrimental to teaching and learning, teachers and learners. This type of teaching gradually evolved into a form we referred to as cranky teaching, whereby the teacher and her students showed signs of frustration and the enacted teaching and learning roles lacked fluency. The methods we pioneered in the present study might be helpful for other teachers who wish to participate in research on their classes to ascertain what works and should be strengthened, and identify practices and rituals that are deleterious and in need of change.

Enhancing security of linux-based android devices

Our daily lives become more and more dependent upon smartphones due to their increased capabilities. Smartphones are used in various ways from payment systems to assisting the lives of elderly or disabled people. Security threats for these devices become increasingly dangerous since there is still a lack of proper security tools for protection. Android emerges as an open smartphone platform which allows modification even on operating system level. Therefore, third-party developers have the opportunity to develop kernel-based low-level security tools which is not normal for smartphone platforms. Android quickly gained its popularity among smartphone developers and even beyond since it bases on Java on top of "open" Linux in comparison to former proprietary platforms which have very restrictive SDKs and corresponding APIs. Symbian OS for example, holding the greatest market share among all smartphone OSs, was closing critical APIs to common developers and introduced application certification. This was done since this OS was the main target for smartphone malwares in the past. In fact, more than 290 malwares designed for Symbian OS appeared from July 2004 to July 2008. Android, in turn, promises to be completely open source. Together with the Linux-based smartphone OS OpenMoko, open smartphone platforms may attract malware writers for creating malicious applications endangering the critical smartphone applications and owners� privacy. In this work, we present our current results in analyzing the security of Android smartphones with a focus on its Linux side. Our results are not limited to Android, they are also applicable to Linux-based smartphones such as OpenMoko Neo FreeRunner. Our contribution in this work is three-fold. First, we analyze android framework and the Linux-kernel to check security functionalities. We survey wellaccepted security mechanisms and tools which can increase device security. We provide descriptions on how to adopt these security tools on Android kernel, and provide their overhead analysis in terms of resource usage. As open smartphones are released and may increase their market share similar to Symbian, they may attract attention of malware writers. Therefore, our second contribution focuses on malware detection techniques at the kernel level. We test applicability of existing signature and intrusion detection methods in Android environment. We focus on monitoring events on the kernel; that is, identifying critical kernel, log file, file system and network activity events, and devising efficient mechanisms to monitor them in a resource limited environment. Our third contribution involves initial results of our malware detection mechanism basing on static function call analysis. We identified approximately 105 Executable and Linking Format (ELF) executables installed to the Linux side of Android. We perform a statistical analysis on the function calls used by these applications. The results of the analysis can be compared to newly installed applications for detecting significant differences. Additionally, certain function calls indicate malicious activity. Therefore, we present a simple decision tree for deciding the suspiciousness of the corresponding application. Our results present a first step towards detecting malicious applications on Android-based devices.

Design and modeling of collaboration architecture for security

Threats against computer networks evolve very fast and require more and more complex measures. We argue that teams respectively groups with a common purpose for intrusion detection and prevention improve the measures against rapid propagating attacks similar to the concept of teams solving complex tasks known from field of work sociology. Collaboration in this sense is not easy task especially for heterarchical environments. We propose CIMD (collaborative intrusion and malware detection) as a security overlay framework to enable cooperative intrusion detection approaches. Objectives and associated interests are used to create detection groups for exchange of security-related data. In this work, we contribute a tree-oriented data model for device representation in the scope of security. We introduce an algorithm for the formation of detection groups, show realization strategies for the system and conduct vulnerability analysis. We evaluate the benefit of CIMD by simulation and probabilistic analysis.

From simulation to emulation : an integrated approach for network security evaluation

We present a virtual test bed for network security evaluation in mid-scale telecommunication networks. Migration from simulation scenarios towards the test bed is supported and enables researchers to evaluate experiments in a more realistic environment. We provide a comprehensive interface to manage, run and evaluate experiments. On basis of a concrete example we show how the proposed test bed can be utilized.

A simulation framework for smart meter security evaluation

The evolution of classic power grids to smart grids creates chances for most participants in the energy sector. Customers can save money by reducing energy consumption, energy providers can better predict energy demand and environment benefits since lower energy consumption implies lower energy production including a decrease of emissions from plants. But information and communication systems supporting smart grids can also be subject to classical or new network attacks. Attacks can result in serious damage such as harming privacy of customers, creating economical loss and even disturb the power supply/demand balance of large regions and countries. In this paper, we give an overview about the German smart measuring architecture, protocols and security. Afterwards, we present a simulation framework which enables researchers to analyze security aspects of smart measuring scenarios.

An extensible simulation framework for critical infrastructure security

We introduce the Network Security Simulator (NeSSi2), an open source discrete event-based network simulator. It incorporates a variety of features relevant to network security distinguishing it from general-purpose network simulators. Compared to the predecessor NeSSi, it was extended with a three-tier plugin architecture and a generic network model to shift its focus towards simulation framework for critical infrastructures. We demonstrate the gained adaptability by different use cases