Teams rather than individuals : collaborative intrusion detection

We propose CIMD (Collaborative Intrusion and Malware Detection), a scheme for the realization of collaborative intrusion detection approaches. We argue that teams, respectively detection groups with a common purpose for intrusion detection and response, improve the measures against malware. CIMD provides a collaboration model, a decentralized group formation and an anonymous communication scheme. Participating agents can convey intrusion detection related objectives and associated interests for collaboration partners. These interests are based on intrusion objectives and associated interests for collaboration partners. These interests are based on intrusion detection related ontology, incorporating network and hardware configurations and detection capabilities. Anonymous Communication provided by CIMD allows communication beyond suspicion, i.e. the adversary can not perform better than guessing an IDS to be the source of a message at random. The evaluation takes place with the help of NeSSi² (www.nessi2.de), the Network Security Simulator, a dedicated environment for analysis of attacks and countermeasures in mid-scale and large-scale networks. A CIMD prototype is being built based on the JIAC agent framework(www.jiac.de).

An extensible simulation framework for critical infrastructure security

We introduce the Network Security Simulator (NeSSi2), an open source discrete event-based network simulator. It incorporates a variety of features relevant to network security distinguishing it from general-purpose network simulators. Compared to the predecessor NeSSi, it was extended with a three-tier plugin architecture and a generic network model to shift its focus towards simulation framework for critical infrastructures. We demonstrate the gained adaptability by different use cases

Kerberos based security system for session initiation protocol

Session Initiation Protocol (SIP) is developed to provide advanced voice services over IP networks. SIP unites telephony and data world, permitting telephone calls to be transmitted over Intranets and Internet. Increase in network performance and new mechanisms for guaranteed quality of service encourage this consolidation to provide toll cost savings. Security comes up as one of the most important issues when voice communication and critical voice applications are considered. Not only the security methods provided by traditional telephony systems, but also additional methods are required to overcome security risks introduced by the public IP networks. SIP considers security problems of such a consolidation and provides a security framework. There are several security methods defined within SIP specifications and extensions. But, suggested methods can not solve all the security problems of SIP systems with various system requirements. In this thesis, a Kerberos based solution is proposed for SIP security problems, including SIP authentication and privacy. The proposed solution tries to establish flexible and scalable SIP system that will provide desired level of security for voice communications and critical telephony applications.

Militarism and International Relations : Political economy, security, theory, edited by Anna Stavrianakis and Jan Selby, Abingdon, Routledge, 2012, 212 pp., £80.00 (hardback), ISBN 978-0-415-61491-7

An engaging narrative is maintained throughout this edited collection of articles that address the issue of militarism in international relations. The book seamlessly integrates historical and contemporary perspectives on militarism with theory and relevant international case studies, resulting in a very informative read. The work is comprised of three parts. Part 1 deals with the theorisation of militarism and includes chapters by Anna Stavrianakis and Jan Selby, Martin Shaw, Simon Dalby, and Nicola Short. It covers a range of topics relating to historical and contemporary theories of militarism, geopolitical threat construction, political economy, and the US military’s ‘cultural turn’.

Usability and security of gaze-based graphical grid passwords

We present and analyze several gaze-based graphical password schemes based on recall and cued-recall of grid points; eye-trackers are used to record user's gazes, which can prevent shoulder-surfing and may be suitable for users with disabilities. Our 22-subject study observes that success rate and entry time for the grid-based schemes we consider are comparable to other gaze-based graphical password schemes. We propose the first password security metrics suitable for analysis of graphical grid passwords and provide an in-depth security analysis of user-generated passwords from our study, observing that, on several metrics, user-generated graphical grid passwords are substantially weaker than uniformly random passwords, despite our attempts at designing schemes to improve quality of user-generated passwords.

Designing an information accountability framework for eHealth

Information privacy is a crucial aspect of eHealth. Appropriate privacy management measures are therefore essential for its success. However, traditional measures for privacy preservation such as rigid access controls (i.e., preventive measures) are not suitable to eHealth because of the specialised and information - intensive nature of healthcare itself, and the nature of the information. Healthcare professionals (HCP) require easy, unrestricted access to as much information as possible towards making well - informed decisions. On the other end of the scale however, consumers (i.e., patients) demand control over their health information and raise concerns for privacy arising from internal activities (i.e., information use by HCPs). A proper balance of these competing concerns is vital for the implementation of successful eHealth systems. Towards reaching this balance, we propose an information accountability framework (IAF) for eHealth systems.

An evaluation of corpus-driven measures of medical concept similarity for information retrieval

Measures of semantic similarity between medical concepts are central to a number of techniques in medical informatics, including query expansion in medical information retrieval. Previous work has mainly considered thesaurus-based path measures of semantic similarity and has not compared different corpus-driven approaches in depth. We evaluate the effectiveness of eight common corpus-driven measures in capturing semantic relatedness and compare these against human judged concept pairs assessed by medical professionals. Our results show that certain corpus-driven measures correlate strongly (approx 0.8) with human judgements. An important finding is that performance was significantly affected by the choice of corpus used in priming the measure, i.e., used as evidence from which corpus-driven similarities are drawn. This paper provides guidelines for the implementation of semantic similarity measures for medical informatics and concludes with implications for medical information retrieval.

A proposed Australian industrial control system security curriculum

The security of industrial control systems in critical infrastructure is a concern for the Australian government and other nations. There is a need to provide local Australian training and education for both control system engineers and information technology professionals. This paper proposes a postgraduate curriculum of four courses to provide knowledge and skills to protect critical infrastructure industrial control systems. Our curriculum is unique in that it provides security awareness but also the advanced skills required for security specialists in this area. We are aware that in the Australian context there is a cultural gap between the thinking of control system engineers who are responsible for maintaining and designing critical infrastructure and information technology professionals who are responsible for protecting these systems from cyber attacks. Our curriculum aims to bridge this gap by providing theoretical and practical exercises that will raise the awareness and preparedness of both groups of professionals.

Visualising security incidents through event aggregation

Extracting and aggregating the relevant event records relating to an identified security incident from the multitude of heterogeneous logs in an enterprise network is a difficult challenge. Presenting the information in a meaningful way is an additional challenge. This paper looks at solutions to this problem by first identifying three main transforms; log collection, correlation, and visual transformation. Having identified that the CEE project will address the first transform, this paper focuses on the second, while the third is left for future work. To aggregate by correlating event records we demonstrate the use of two correlation methods, simple and composite. These make use of a defined mapping schema and confidence values to dynamically query the normalised dataset and to constrain result events to within a time window. Doing so improves the quality of results, required for the iterative re-querying process being undertaken. Final results of the process are output as nodes and edges suitable for presentation as a network graph.

The role of human factors when evaluating information accountability for eHealth systems

The availability of health information is rapidly increasing; its expansion and proliferation is inevitable. At the same time, breeding of health information silos is an unstoppable and relentless exercise. Information security and privacy concerns are therefore major barriers in the eHealth socio-eco system. We proposed Information Accountability as a measurable human factor that should eliminate and mitigate security concerns. Information accountability measures would be practicable and feasible if legislative requirements are also embedded. In this context, information accountability constitutes a key component for the development of effective information technology requirements for health information system. Our conceptual approach to measuring human factors related to information accountability in eHealth is presented in this paper with some limitations.

Computer-based assessments of expected satiety predict behavioural measures of portion-size selection and food intake

Previously, expected satiety (ES) has been measured using software and two-dimensional pictures presented on a computer screen. In this context, ES is an excellent predictor of self-selected portions, when quantified using similar images and similar software. In the present study we sought to establish the veracity of ES as a predictor of behaviours associated with real foods. Participants (N = 30) used computer software to assess their ES and ideal portion of three familiar foods. A real bowl of one food (pasta and sauce) was then presented and participants self-selected an ideal portion size. They then consumed the portion ad libitum. Additional measures of appetite, expected and actual liking, novelty, and reward, were also taken. Importantly, our screen-based measures of expected satiety and ideal portion size were both significantly related to intake (p < .05). By contrast, measures of liking were relatively poor predictors (p > .05). In addition, consistent with previous studies, the majority (90%) of participants engaged in plate cleaning. Of these, 29.6% consumed more when prompted by the experimenter. Together, these findings further validate the use of screen-based measures to explore determinants of portion-size selection and energy intake in humans.

IMO mandatory energy efficiency measures for international shipping : the first mandatory global greenhouse gas reduction instrument for an international industry

Bunker fuels used in the aviation and maritime sectors are responsible for nearly 10% of global greenhouse gas emissions.1 According to a scientific survey: ‘[s]hipping is estimated to have emitted 1,046 million tonnes of CO2 in 2007, which corresponds to 3.3% of the global emissions during 2007. International shipping is estimated to have emitted 870 million tonnes, or about 2.7% of the global emissions of CO2 in 2007’. The study also predicted that ‘by 2050, in the absence of policies, ship emissions may grow by 150% to 250% (compared to the emissions in 2007) as a result of the growth in shipping.’

Load bearing improves the limits of agreement for repeated in vivo measures of the speed of sound in human Achilles tendon

Axial acoustic wave propagation has been widely used in evaluating the mechanical properties of human bone in vivo. However, application of this technique to monitor soft tissues, such as tendon, has received comparatively little scientific attention. Laboratory-based research has established that axial acoustic wave transmission is not only related to the physical properties of equine tendon but is also proportional to tensile load to which it is exposed (Miles et al., 1996; Pourcelot et al., 2005). The reproducibility of the technique for in vivo measurements in human tendon, however, has not been established. The aim of this study was to evaluate the limits of agreement for repeated measures of the speed of sound (SoS) in human Achilles tendon in vivo. Methods: A custom built ultrasound device, consisting of an A-mode 1MHz emitter and two regularly spaced receivers, was used to measure the SoS in the mid-portion of the Achilles tendon in ten healthy males and ten females (mean age: 33.8 years, range 23-56 yrs; height: 1.73±0.08 m; weight: 68.4±15.3 kg). The emitter and receivers were held at fixed positions by a polyethylene frame and maintained in close contact with the skin overlying the tendon by means of elasticated straps. Repeated SoS measurements were taken with the subject prone (non-weightbearing and relaxed Achilles tendon) and during quiet bipedal and unipedal stance. In each instance, the device was detached and repositioned prior to measurement. Results: Limits of agreement for repeated SoS measures during non-weightbearing and bipedal and unipedal stance were ±53, ±28 and ±21 m/s, respectively. The average SoS in the non-weightbearing Achilles tendon was 1804±198 m/s. There was a significant increase in the average SoS during bilateral (2122±135 m/s) (P < 0.05) and unilateral (2221±79 m/s) stance (P < 0.05). Conclusions: Repeated SoS measures in human Achilles tendon were more reliable during stance than under non-weightbearing conditions. These findings are consistent with previous research in equine tendon in which lower variability in SoS was observed with increasing tensile load (Crevier-Denoix et al, 2009). Since the limits of agreement for Achilles tendon SoS are nearly 5% of the changes previously observed during walking and therapeutic heel raise exercises, acoustic wave transmission provides a promising new non-invasive method for determining tendon properties during sports and rehabilitation related activities.

Background to the development of a curriculum for the history of “cyber” and “communications” security

For any discipline to be regarded as a professional undertaking by which its members may be treated as true “professionals” in a specific area, practitioners must clearly understand that discipline’s history as well as the place and significance of that history in current practice as well as its relevance to available technologies and artefacts at the time. This is common for many professional disciplines such as medicine, pharmacy, engineering, law and so on but not yet, this paper submits, in information technology. Based on twenty five elapsed years of experience in developing and delivering Cybersecurity courses at undergraduate and postgraduate levels, this paper proposes a rationale and set of differing perspectives for the planning and development of curricula relevant to the delivery of appropriate courses in the history of cybersecurity or information assurance to information and communications technology (ICT) students and thus to potential information technology professionals.