382 resultados para secure interoperation
Resumo:
Existing algebraic analyses of the ZUC cipher indicate that the cipher should be secure against algebraic attacks. In this paper, we present an alternative algebraic analysis method for the ZUC stream cipher, where a combiner is used to represent the nonlinear function and to derive equations representing the cipher. Using this approach, the initial states of ZUC can be recovered from 2^97 observed words of keystream, with a complexity of 2^282 operations. This method is more successful when applied to a modified version of ZUC, where the number of output words per clock is increased. If the cipher outputs 120 bits of keystream per clock, the attack can succeed with 219 observed keystream bits and 2^47 operations. Therefore, the security of ZUC against algebraic attack could be significantly reduced if its throughput was to be increased for efficiency.
Resumo:
Current research in secure messaging for Vehicular Ad hoc Networks (VANETs) appears to focus on employing a digital certificate-based Public Key Cryptosystem (PKC) to support security. The security overhead of such a scheme, however, creates a transmission delay and introduces a time-consuming verification process to VANET communications. This paper proposes a non-certificate-based public key management for VANETs. A comprehensive evaluation of performance and scalability of the proposed public key management regime is presented, which is compared to a certificate-based PKC by employing a number of quantified analyses and simulations. Not only does this paper demonstrate that the proposal can maintain security, but it also asserts that it can improve overall performance and scalability at a lower cost, compared to the certificate-based PKC. It is believed that the proposed scheme will add a new dimension to the key management and verification services for VANETs.
Resumo:
This article investigates the complex phenomenon of major gift giving to charitable institutions. Drawing on empirical evidence from interviews with 16 Australian major donors (who gave a single gift of at least AU$10,000 in 2008 or 2009), we seek to better understand donor expectations and (dis)satisfaction. Given growing need for social services, and the competition among nonprofit organisations (NPOs) to secure sustainable funding, this research is particularly timely. Currently, little is known about major donors’ expectations, wants and needs. Equity theory, with the concept of reciprocity at its core, was found to provide a useful framework for understanding these phenomena. A model of equitable major gift relationships was developed from the data, which portrays balanced relationships and identifies potential areas of dissatisfaction for major donors. We conclude by offering suggestions for NPOs seeking to understand the complexities of major gift relationships, with practical implications for meeting donors’ needs.
Resumo:
Book summary: In a constantly evolving context of performance management, accountability and risk assessment, police organisations and frontline police officers are required to pay careful attention to what has come to be known as ‘at risk people’, ‘vulnerable populations’ or ‘vulnerable people’. Vulnerable people have become a key focus of policy. Concurrently, there have been stronger demands on police, and a steep increase in police powers in relation to their interaction with vulnerable people. The premise of this protectionist and interventionist agenda is threefold: to protect the rights of vulnerable individuals proactively cater for their vulnerability within the justice system; and to secure police operations and protocols within strict guidelines. This collection unpacks ‘vulnerable people policing’ in theory and practice and guides the reader through the policing process as it is experienced by police officers, victims, offenders, witnesses and justice stakeholders. Each chapter features a single step of the policing process: from police recruit education through to custody, and the final transfer of vulnerable people to courts and sentencing. This edited collection provides analytical, theoretical and empirical insights on vulnerable people policing, and reflects on critical issues in a domain that is increasingly subject to speedy conversion from policy to practice, and heightened media and political scrutiny. It breaks down policing practices, operations and procedures that have vulnerable populations as a focus, bringing together original and innovative academic research and literature, practitioner experience and discussion of policy implications (from local and international perspectives). The particular nature of this collection highlights the multi-disciplinary nature of police work, sheds light on how specific, mandatory policies guide police officers steps in their interaction with vulnerable populations, and discusses the practicalities of police decision making at key points in this process.
Resumo:
The article explains and compares sustainability programs available for use by residential and commercial premises; as well as the respective legal tenure frameworks of commercial and residential tenancies. It identifies that while the desire of commercial tenants drive the participation by landlords in these programs, residential tenants appear to be ignorant of sustainable measures. The article contends that the reason for this difference is rooted in the legal and social status of residential tenants. It explores the impact that secure tenure may have in promoting residential sustainability programs and concludes by observing that the lack of involvement of residential tenants in programs stems from the absence of tenure security, which prevents any long term cooperation between the parties.
Resumo:
Having IT-related capabilities is not enough to secure value from the IT resources and survive in today’s competitive environment. IT resources evolve dynamically and organisations must sustain their existing capabilities to continue to leverage value from their IT resources. Organisations’ IT-related management capabilities are an important source of their competitive advantage. We suggest that organisations can sustain these capabilities through appropriate considerations of resources at the technology-use level. This study suggests that an appropriate organisational design relating to decision rights and work environment, and a congruent reward system can create a dynamic IT-usage environment. This environment will be a vital source of knowledge that could help organisations to sustain their IT-related management capabilities. Analysis of data collected from a field survey demonstrates that this dynamic IT-usage environment, a result of the synergy between complementary factors, helps organisations to sustain their IT-related management capabilities. This study adds an important dimension to understanding why some organisations continue to perform better with their IT resources than others. For practice, this study suggests that organisations need to consider a comprehensive approach to what constitutes their valuable resources.
Resumo:
Existing secure software development principles tend to focus on coding vulnerabilities, such as buffer or integer overflows, that apply to individual program statements, or issues associated with the run-time environment, such as component isolation. Here we instead consider software security from the perspective of potential information flow through a program’s object-oriented module structure. In particular, we define a set of quantifiable "security metrics" which allow programmers to quickly and easily assess the overall security of a given source code program or object-oriented design. Although measuring quality attributes of object-oriented programs for properties such as maintainability and performance has been well-covered in the literature, metrics which measure the quality of information security have received little attention. Moreover, existing securityrelevant metrics assess a system either at a very high level, i.e., the whole system, or at a fine level of granularity, i.e., with respect to individual statements. These approaches make it hard and expensive to recognise a secure system from an early stage of development. Instead, our security metrics are based on well-established compositional properties of object-oriented programs (i.e., data encapsulation, cohesion, coupling, composition, extensibility, inheritance and design size), combined with data flow analysis principles that trace potential information flow between high- and low-security system variables. We first define a set of metrics to assess the security quality of a given object-oriented system based on its design artifacts, allowing defects to be detected at an early stage of development. We then extend these metrics to produce a second set applicable to object-oriented program source code. The resulting metrics make it easy to compare the relative security of functionallyequivalent system designs or source code programs so that, for instance, the security of two different revisions of the same system can be compared directly. This capability is further used to study the impact of specific refactoring rules on system security more generally, at both the design and code levels. By measuring the relative security of various programs refactored using different rules, we thus provide guidelines for the safe application of refactoring steps to security-critical programs. Finally, to make it easy and efficient to measure a system design or program’s security, we have also developed a stand-alone software tool which automatically analyses and measures the security of UML designs and Java program code. The tool’s capabilities are demonstrated by applying it to a number of security-critical system designs and Java programs. Notably, the validity of the metrics is demonstrated empirically through measurements that confirm our expectation that program security typically improves as bugs are fixed, but worsens as new functionality is added.
Resumo:
Having IT-related capabilities is not enough to secure value from IT resources and survive in today’s competitive environment. IT resources evolve dynamically and firms must sustain their existing capabilities to continue to leverage value from their IT resources. Firm’s human resources are an important IT-related capability, and an important source of their competitive advantage. Using a field survey, this study demonstrates that a dynamic end-user environment, a result of a coordinated change in complementary factors can help sustain firms’ IT-related management capabilities. These factors include an appropriate organizational design to decision rights and work environment and a congruent reward system. This study adds an important dimension in understanding why some firms continue to perform better with their IT resources than others. For practice, this study suggests that a comprehensive approach to what constitutes valuable organizational resources is necessary.
Resumo:
Research has established that firms' IT-related capabilities at a point in time explain IT-related performance differences across firms. IT resources, however, are dynamic, and evolve at an exponential rate. This means we need to understand how to sustain firms' existing capabilities to leverage opportunities offered by new IT resources. Wet suggests a higher-level resource that can sustain firms' existing IT-related capabilities. Second, we report on the development of a valid and reliable measurement instrument for measuring this higher-level resource in four stages, which includes expert feedback and a field test. The validated instrument would be useful in extending the IT business value studies to investigate how firms can sustain their IT-related capabilities. This effort will provide a deeper understanding of how firms can secure sustainable IT-related business value from their acquired IT resources.
Resumo:
Work integrated learning (WIL) or professional practice units are recognised as providing learning experiences that help students make successful transitions to professional practice. These units require students to engage in learning in the workplace; to reflect on this learning; and to integrate it with learning at university. However, an analysis of a recent cohort of property economics students at a large urban university provides evidence that there is great variation in work based learning experiences undertaken and that this impacts on students’capacity to respond to assessment tasks which involve critiquing these experiences in the form of reflective reports. This paper highlights the need to recognise the diversity of work based experiences; the impact this has on learning outcomes; and to find more effective and equitable ways of measuring these outcomes. The paper briefly discusses assessing learning outcomes in WIL and then describes the model of WIL in the Faculty of Built Environment and Engineering at the Queensland University of Technology (QUT). The paper elaborates on the diversity of students’ experiences and backgrounds including variations in the length of work experience, placement opportunities and conditions of employment.For example, the analysis shows that students with limited work experience often have difficulty critiquing this work experience and producing high level reflective reports. On the other hand students with extensive, discipline relevant work experience can be frustrated by assessment requirements that do not take their experience into account. Added to this the Global Financial Crisis (GFC) has restricted both part time and full time placement opportunities for some students. These factors affect students’ capacity to a) secure a relevant work experience, b) reflect critically on the work experiences and c) appreciate the impact the overall experience can have on their learning outcomes and future professional opportunities. Our investigation highlights some of the challenges faced in implementing effective and equitable approaches across diverse student cohorts. We suggest that increased flexibility in assessment requirements and increased feedback from industry may help address these challenges.
Resumo:
In the medical and healthcare arena, patients‟ data is not just their own personal history but also a valuable large dataset for finding solutions for diseases. While electronic medical records are becoming popular and are used in healthcare work places like hospitals, as well as insurance companies, and by major stakeholders such as physicians and their patients, the accessibility of such information should be dealt with in a way that preserves privacy and security. Thus, finding the best way to keep the data secure has become an important issue in the area of database security. Sensitive medical data should be encrypted in databases. There are many encryption/ decryption techniques and algorithms with regard to preserving privacy and security. Currently their performance is an important factor while the medical data is being managed in databases. Another important factor is that the stakeholders should decide more cost-effective ways to reduce the total cost of ownership. As an alternative, DAS (Data as Service) is a popular outsourcing model to satisfy the cost-effectiveness but it takes a consideration that the encryption/ decryption modules needs to be handled by trustworthy stakeholders. This research project is focusing on the query response times in a DAS model (AES-DAS) and analyses the comparison between the outsourcing model and the in-house model which incorporates Microsoft built-in encryption scheme in a SQL Server. This research project includes building a prototype of medical database schemas. There are 2 types of simulations to carry out the project. The first stage includes 6 databases in order to carry out simulations to measure the performance between plain-text, Microsoft built-in encryption and AES-DAS (Data as Service). Particularly, the AES-DAS incorporates implementations of symmetric key encryption such as AES (Advanced Encryption Standard) and a Bucket indexing processor using Bloom filter. The results are categorised such as character type, numeric type, range queries, range queries using Bucket Index and aggregate queries. The second stage takes the scalability test from 5K to 2560K records. The main result of these simulations is that particularly as an outsourcing model, AES-DAS using the Bucket index shows around 3.32 times faster than a normal AES-DAS under the 70 partitions and 10K record-sized databases. Retrieving Numeric typed data takes shorter time than Character typed data in AES-DAS. The aggregation query response time in AES-DAS is not as consistent as that in MS built-in encryption scheme. The scalability test shows that the DBMS reaches in a certain threshold; the query response time becomes rapidly slower. However, there is more to investigate in order to bring about other outcomes and to construct a secured EMR (Electronic Medical Record) more efficiently from these simulations.
Resumo:
A deeper understanding on two aspects of use of IT resources in organisations is important to ensure sustainable investment in these IT resources. The first is how to leverage the IT resources to attain its maximum value. We discussed this aspect of use of IT resources in part 1 of this series. This discussion suggested a complementary approach as a first stage of IT business value creation, and dynamic capabilities approach to secure sustainable IT-related business value from the IT resources. The second important aspect of IT business value is where to evaluate IT-related business value in the organisations value chains. This understanding is important for organisations to ensure appropriate accountability of the investment and management of IT resources. We address this issue in this second part of the two part series.
Resumo:
The globalized nature of modern society has generated a number of pressures that impact internationally on countries’ policies and practices of science education. Among these pressures are key issues of health and environment confronting global science, global economic control through multinational capitalism, comparative and competitive international testing of student science achievement, and the desire for more humane and secure international society. These are not all one-way pressures and there is evidence of both more conformity in the intentions and practices of science education and of a greater appreciation of how cultural differences, and the needs of students as future citizens can be met. Hence while a case for economic and competitive subservience of science education can be made, the evidence for such narrowing is countered by new initiatives that seek to broaden its vision and practices. The research community of science education has certainly widened internationally and this generates many healthy exchanges, although cultural styles of education other than Western ones are still insufficiently recognized. The dominance of English language within these research exchanges is, however, causing as many problems as it solves. Science education, like education as a whole, is a strongly cultural phenomenon, and this provides a healthy and robust buffer to the more negative effects of globalization
Resumo:
Information communication and technology (ICT) systems are almost ubiquitous in the modern world. It is hard to identify any industry, or for that matter any part of society, that is not in some way dependent on these systems and their continued secure operation. Therefore the security of information infrastructures, both on an organisational and societal level, is of critical importance. Information security risk assessment is an essential part of ensuring that these systems are appropriately protected and positioned to deal with a rapidly changing threat environment. The complexity of these systems and their inter-dependencies however, introduces a similar complexity to the information security risk assessment task. This complexity suggests that information security risk assessment cannot, optimally, be undertaken manually. Information security risk assessment for individual components of the information infrastructure can be aided by the use of a software tool, a type of simulation, which concentrates on modelling failure rather than normal operational simulation. Avoiding the modelling of the operational system will once again reduce the level of complexity of the assessment task. The use of such a tool provides the opportunity to reuse information in many different ways by developing a repository of relevant information to aid in both risk assessment and management and governance and compliance activities. Widespread use of such a tool allows the opportunity for the risk models developed for individual information infrastructure components to be connected in order to develop a model of information security exposures across the entire information infrastructure. In this thesis conceptual and practical aspects of risk and its underlying epistemology are analysed to produce a model suitable for application to information security risk assessment. Based on this work prototype software has been developed to explore these concepts for information security risk assessment. Initial work has been carried out to investigate the use of this software for information security compliance and governance activities. Finally, an initial concept for extending the use of this approach across an information infrastructure is presented.
Resumo:
With the continued development of renewable energy generation technologies and increasing pressure to combat the global effects of greenhouse warming, plug-in hybrid electric vehicles (PHEVs) have received worldwide attention, finding applications in North America and Europe. When a large number of PHEVs are introduced into a power system, there will be extensive impacts on power system planning and operation, as well as on electricity market development. It is therefore necessary to properly control PHEV charging and discharging behaviors. Given this background, a new unit commitment model and its solution method that takes into account the optimal PHEV charging and discharging controls is presented in this paper. A 10-unit and 24-hour unit commitment (UC) problem is employed to demonstrate the feasibility and efficiency of the developed method, and the impacts of the wide applications of PHEVs on the operating costs and the emission of the power system are studied. Case studies are also carried out to investigate the impacts of different PHEV penetration levels and different PHEV charging modes on the results of the UC problem. A 100-unit system is employed for further analysis on the impacts of PHEVs on the UC problem in a larger system application. Simulation results demonstrate that the employment of optimized PHEV charging and discharging modes is very helpful for smoothing the load curve profile and enhancing the ability of the power system to accommodate more PHEVs. Furthermore, an optimal Vehicle to Grid (V2G) discharging control provides economic and efficient backups and spinning reserves for the secure and economic operation of the power system
