Performance analysis of unified enterprise application security framework

Unified Enterprise application security is a new emerging approach for providing protection against application level attacks. Conventional application security approach that consists of embedding security into each critical application leads towards scattered security mechanism that is not only difficult to manage but also creates security loopholes. According to the CSIIFBI computer crime survey report, almost 80% of the security breaches come from authorized users. In this paper, we have worked on the concept of unified security model, which manages all security aspect from a single security window. The basic idea is to keep business functionality separate from security components of the application. Our main focus was on the designing of frame work for unified layer which supports single point of policy control, centralize logging mechanism, granular, context aware access control, and independent from any underlying authentication technology and authorization policy.

Experimental studies on the shear behaviour and strength of LiteSteel Beams

This paper presents the details of an experimental study on the shear behaviour and strength of a recently developed, cold-formed steel hollow flange channel beam known as LiteSteel Beam (LSB). The new LSB sections with rectangular hollow flanges are produced using a patented manufacturing process involving simultaneous cold-forming and dual electric resistance welding. They are commonly used as flexural members in buildings. However, no research has been undertaken on the shear behaviour of LSBs. Therefore a detailed experimental study involving 36 shear tests was undertaken to investigate the shear behaviour of 10 different LSB sections. Simply supported test specimens of LSBs with aspect ratios of 1.0 and 1.5 were loaded at midspan until failure using both single and back to back LSB arrangements. Test specimens were chosen such that all three types of shear failure (shear yielding, inelastic and elastic shear buckling) occurred in the tests. Comparison of experimental results with corresponding predictions from the current Australian and North American cold-formed steel design rules showed that the current design rules are very conservative for the shear design of LSBs. Significant improvements to web shear buckling occurred due to the presence of rectangular hollow flanges while considerable post-buckling strength was also observed. Appropriate improvements have been proposed for the shear strength of LSBs based on the design equations in the North American Specification. This paper presents the details of this experimental study and the results. When reduced height web side plates or only one web side plate was used, the shear capacity of LSB was reduced. Details of these tests and the results are also presented in this paper. Keywords: LiteSteel beam, Shear strength, Shear tests, Cold-formed steel structures, Direct strength method, Slender web, Hollow flanges.

Effect of physical activity and other stressors on appetite: Overcoming underconsumption of military operational rations revisited.

Recognizing the importance of good nutrition for physical and mental status, the Department of Defense asked the Institute of Medicine to guide the design of the nutritional composition of a ration for soldiers on short-term, high-stress missions. Nutrient Composition of Rations for Short-Term, High-Intensity Combat Operations considers military performance, health concerns, food intake, energy expenditure, physical exercise, and food technology issues. The success of military operations depends to a large extent on the physical and mental status of the individuals involved.

Social studies disciplinary knowledge: Tensions between state curriculum and national assessment requirements

In this chapter, we are particularly concerned with making visible the general principles underlying the transmission of Social Studies curriculum knowledge, and considering it in light of a high-stakes mandated national assessment task. Specifically, we draw on Bernstein���s theoretical concept of pedagogic models as a tool for analysing orientations to teaching and learning. We introduce a case in point from the Australian context: one state Social Studies curriculum vis-a-vis one part of the Year Three national assessment measure for reading. We use our findings to consider the implications for the disciplinary knowledge of Social Studies in the communities in which we are undertaking our respective Australian Research Council Linkage project work (Glasswell et al.; Woods et al.). We propose that Social Studies disciplinary knowledge is being constituted, in part, through power struggles between different agencies responsible for the production and relay of official forms of state curriculum and national literacy assessment. This is particularly the case when assessment instruments are used to compare and contrast school results in highly visible web based league tables (see, for example, http://myschoolaustralia.ning.com/).

The Hindraf saga : media and citizenship in Malaysia

In the early part of 2008, a major political upset was pulled off in the Southeast Asian nation of Malaysia when the ruling coalition, Barisan Nasional (National Front), lost its long-held parliamentary majority after the general elections. Given the astonishingly high profile of political bloggers and relatively well established alternative online new sites within the nation, it was not surprising that many new media proponents saw the result as a major triumph of the medium. Through a brief account of the Hindraf (Hindu Rights Action Force) saga and the socio-political dissent nursed, in part, through new media in contemporary Malaysia, this paper seeks to lend context to the events that precede and surround the election as an example of the relationship between media and citizenship in praxis. In so doing it argues that the political turnaround, if indeed it proves to be, cannot be considered the consequence of new media alone. Rather, that to comprehensively assess the implications of new media for citizenship is to take into account the specific histories, conditions and actions (or lack of) of the various social actors involved.

Legislative and security requirements of audit material for evidentiary purpose

This research used the Queensland Police Service, Australia, as a major case study. Information on principles, techniques and processes used, and the reason for the recording, storing and release of audit information for evidentiary purposes is reported. It is shown that Law Enforcement Agencies have a two-fold interest in, and legal obligation pertaining to, audit trails. The first interest relates to the situation where audit trails are actually used by criminals in the commission of crime and the second to where audit trails are generated by the information systems used by the police themselves in support of the recording and investigation of crime. Eleven court cases involving Queensland Police Service audit trails used in evidence in Queensland courts were selected for further analysis. It is shown that, of the cases studied, none of the evidence presented was rejected or seriously challenged from a technical perspective. These results were further analysed and related to normal requirements for trusted maintenance of audit trail information in sensitive environments with discussion on the ability and/or willingness of courts to fully challenge, assess or value audit evidence presented. Managerial and technical frameworks for firstly what is considered as an environment where a computer system may be considered to be operating ���properly��� and, secondly, what aspects of education, training, qualifications, expertise and the like may be considered as appropriate for persons responsible within that environment, are both proposed. Analysis was undertaken to determine if audit and control of information in a high security environment, such as law enforcement, could be judged as having improved, or not, in the transition from manual to electronic processes. Information collection, control of processing and audit in manual processes used by the Queensland Police Service, Australia, in the period 1940 to 1980 was assessed against current electronic systems essentially introduced to policing in the decades of the 1980s and 1990s. Results show that electronic systems do provide for faster communications with centrally controlled and updated information readily available for use by large numbers of users who are connected across significant geographical locations. However, it is clearly evident that the price paid for this is a lack of ability and/or reluctance to provide improved audit and control processes. To compare the information systems audit and control arrangements of the Queensland Police Service with other government departments or agencies, an Australia wide survey was conducted. Results of the survey were contrasted with the particular results of a survey, conducted by the Australian Commonwealth Privacy Commission four years previous, to this survey which showed that security in relation to the recording of activity against access to information held on Australian government computer systems has been poor and a cause for concern. However, within this four year period there is evidence to suggest that government organisations are increasingly more inclined to generate audit trails. An attack on the overall security of audit trails in computer operating systems was initiated to further investigate findings reported in relation to the government systems survey. The survey showed that information systems audit trails in Microsoft Corporation's ���Windows��� operating system environments are relied on quite heavily. An audit of the security for audit trails generated, stored and managed in the Microsoft ���Windows 2000��� operating system environment was undertaken and compared and contrasted with similar such audit trail schemes in the ���UNIX��� and ���Linux��� operating systems. Strength of passwords and exploitation of any security problems in access control were targeted using software tools that are freely available in the public domain. Results showed that such security for the ���Windows 2000��� system is seriously flawed and the integrity of audit trails stored within these environments cannot be relied upon. An attempt to produce a framework and set of guidelines for use by expert witnesses in the information technology (IT) profession is proposed. This is achieved by examining the current rules and guidelines related to the provision of expert evidence in a court environment, by analysing the rationale for the separation of distinct disciplines and corresponding bodies of knowledge used by the Medical Profession and Forensic Science and then by analysing the bodies of knowledge within the discipline of IT itself. It is demonstrated that the accepted processes and procedures relevant to expert witnessing in a court environment are transferable to the IT sector. However, unlike some discipline areas, this analysis has clearly identified two distinct aspects of the matter which appear particularly relevant to IT. These two areas are; expertise gained through the application of IT to information needs in a particular public or private enterprise; and expertise gained through accepted and verifiable education, training and experience in fundamental IT products and system.