Design and modeling of collaboration architecture for security

Threats against computer networks evolve very fast and require more and more complex measures. We argue that teams respectively groups with a common purpose for intrusion detection and prevention improve the measures against rapid propagating attacks similar to the concept of teams solving complex tasks known from field of work sociology. Collaboration in this sense is not easy task especially for heterarchical environments. We propose CIMD (collaborative intrusion and malware detection) as a security overlay framework to enable cooperative intrusion detection approaches. Objectives and associated interests are used to create detection groups for exchange of security-related data. In this work, we contribute a tree-oriented data model for device representation in the scope of security. We introduce an algorithm for the formation of detection groups, show realization strategies for the system and conduct vulnerability analysis. We evaluate the benefit of CIMD by simulation and probabilistic analysis.

‘Hot chicks’, ‘better parties’ or academic stuff : perceptions of a regional university campus using Repertory Grid Analysis and Importance-performance Analysis

In the increasingly competitive Australian tertiary education market, a consumer orientation is essential. This is particularly so for small regional campuses competing with larger universities in the state capitals. Campus management need to carefully monitor both the perceptions of prospective students within the catchment area, and the (dis)satisfaction levels of current students. This study reports the results of an exploratory investigation into the perceptions held of a regional campus, using two techniques that have arguably been underutilised in the education marketing literature. Repertory Grid Analysis, a technique developed almost fifty years ago, was used to identify attributes deemed salient to year 12 high school students at the time they were applying for university places. Importance-performance analysis (IPA), developed three decades ago, was then used to identify attributes that were determinant for a new cohort of first year undergraduate students. The paper concludes that group applications of Repertory Grid offer education market researchers a useful means for identifying attributes used by high school students to differentiate universities, and that IPA is a useful technique for guiding promotional decision making. In this case, the two techniques provided a quick, economical and effective snapshot of market perceptions, which can be used as a foundation for the development of an ongoing market research programme.

From simulation to emulation : an integrated approach for network security evaluation

We present a virtual test bed for network security evaluation in mid-scale telecommunication networks. Migration from simulation scenarios towards the test bed is supported and enables researchers to evaluate experiments in a more realistic environment. We provide a comprehensive interface to manage, run and evaluate experiments. On basis of a concrete example we show how the proposed test bed can be utilized.

A simulation framework for smart meter security evaluation

The evolution of classic power grids to smart grids creates chances for most participants in the energy sector. Customers can save money by reducing energy consumption, energy providers can better predict energy demand and environment benefits since lower energy consumption implies lower energy production including a decrease of emissions from plants. But information and communication systems supporting smart grids can also be subject to classical or new network attacks. Attacks can result in serious damage such as harming privacy of customers, creating economical loss and even disturb the power supply/demand balance of large regions and countries. In this paper, we give an overview about the German smart measuring architecture, protocols and security. Afterwards, we present a simulation framework which enables researchers to analyze security aspects of smart measuring scenarios.

An extensible simulation framework for critical infrastructure security

We introduce the Network Security Simulator (NeSSi2), an open source discrete event-based network simulator. It incorporates a variety of features relevant to network security distinguishing it from general-purpose network simulators. Compared to the predecessor NeSSi, it was extended with a three-tier plugin architecture and a generic network model to shift its focus towards simulation framework for critical infrastructures. We demonstrate the gained adaptability by different use cases

Kerberos based security system for session initiation protocol

Session Initiation Protocol (SIP) is developed to provide advanced voice services over IP networks. SIP unites telephony and data world, permitting telephone calls to be transmitted over Intranets and Internet. Increase in network performance and new mechanisms for guaranteed quality of service encourage this consolidation to provide toll cost savings. Security comes up as one of the most important issues when voice communication and critical voice applications are considered. Not only the security methods provided by traditional telephony systems, but also additional methods are required to overcome security risks introduced by the public IP networks. SIP considers security problems of such a consolidation and provides a security framework. There are several security methods defined within SIP specifications and extensions. But, suggested methods can not solve all the security problems of SIP systems with various system requirements. In this thesis, a Kerberos based solution is proposed for SIP security problems, including SIP authentication and privacy. The proposed solution tries to establish flexible and scalable SIP system that will provide desired level of security for voice communications and critical telephony applications.

Militarism and International Relations : Political economy, security, theory, edited by Anna Stavrianakis and Jan Selby, Abingdon, Routledge, 2012, 212 pp., £80.00 (hardback), ISBN 978-0-415-61491-7

An engaging narrative is maintained throughout this edited collection of articles that address the issue of militarism in international relations. The book seamlessly integrates historical and contemporary perspectives on militarism with theory and relevant international case studies, resulting in a very informative read. The work is comprised of three parts. Part 1 deals with the theorisation of militarism and includes chapters by Anna Stavrianakis and Jan Selby, Martin Shaw, Simon Dalby, and Nicola Short. It covers a range of topics relating to historical and contemporary theories of militarism, geopolitical threat construction, political economy, and the US military’s ‘cultural turn’.

Usability and security of gaze-based graphical grid passwords

We present and analyze several gaze-based graphical password schemes based on recall and cued-recall of grid points; eye-trackers are used to record user's gazes, which can prevent shoulder-surfing and may be suitable for users with disabilities. Our 22-subject study observes that success rate and entry time for the grid-based schemes we consider are comparable to other gaze-based graphical password schemes. We propose the first password security metrics suitable for analysis of graphical grid passwords and provide an in-depth security analysis of user-generated passwords from our study, observing that, on several metrics, user-generated graphical grid passwords are substantially weaker than uniformly random passwords, despite our attempts at designing schemes to improve quality of user-generated passwords.

Position, privacy and personnel : concerns for the (digital) future

Firms are moving away from decentralized regional offices. Last year the author spoke with a valuer working on the Sunshine Coast for a Brisbane firm. In years past this valuer would have left home in the morning to go to the office, as well as travelling during the day to client sites. Now they get up, have breakfast, change out of their pyjamas (if they have meetings!) and walk into their employer set-up home office to ‘punch-in’. Apart from travel for essential meetings at head office, or for the purpose of on-site inspections, they can attend work, engage with colleagues and clients and never leave home. While this practice may be a cost saving to the firm and a commuter-friendly way of working, it raises a range of issues to be managed.

A proposed Australian industrial control system security curriculum

The security of industrial control systems in critical infrastructure is a concern for the Australian government and other nations. There is a need to provide local Australian training and education for both control system engineers and information technology professionals. This paper proposes a postgraduate curriculum of four courses to provide knowledge and skills to protect critical infrastructure industrial control systems. Our curriculum is unique in that it provides security awareness but also the advanced skills required for security specialists in this area. We are aware that in the Australian context there is a cultural gap between the thinking of control system engineers who are responsible for maintaining and designing critical infrastructure and information technology professionals who are responsible for protecting these systems from cyber attacks. Our curriculum aims to bridge this gap by providing theoretical and practical exercises that will raise the awareness and preparedness of both groups of professionals.

Visualising security incidents through event aggregation

Extracting and aggregating the relevant event records relating to an identified security incident from the multitude of heterogeneous logs in an enterprise network is a difficult challenge. Presenting the information in a meaningful way is an additional challenge. This paper looks at solutions to this problem by first identifying three main transforms; log collection, correlation, and visual transformation. Having identified that the CEE project will address the first transform, this paper focuses on the second, while the third is left for future work. To aggregate by correlating event records we demonstrate the use of two correlation methods, simple and composite. These make use of a defined mapping schema and confidence values to dynamically query the normalised dataset and to constrain result events to within a time window. Doing so improves the quality of results, required for the iterative re-querying process being undertaken. Final results of the process are output as nodes and edges suitable for presentation as a network graph.

Regional characteristics, opportunity perception and entrepreneurial activities

This paper seeks to better understand the link between regional characteristics and individual entrepreneurship. We combine individual-level GEM data for Western Germany with regional-level data, using multi-level analysis to test our hypotheses. We find no direct link between regional knowledge creation, the economic context and an entrepreneurial culture on the one side and individual business start-up intentions and start-up activity on the other side. However our findings point to the importance of an indirect effect of regional characteristics as knowledge creation, the economic context and an entrepreneurial culture have an effect on the individual perception of founding opportunities which in turn predicted start-up intentions and activity.

The Australian Business Assessment of Computer User Security (ABACUS): A national survey.

The Australian Business Assessment of Computer User Security (ABACUS) survey is a nationwide assessment of the prevalence and nature of computer security incidents experienced by Australian businesses. This report presents the findings of the survey which may be used by businesses in Australia to assess the effectiveness of their information technology security measures.

Increasing Food Production Sustainably in a Changing Climate : Understanding the Pressures and Potential

Australian agriculture is faced with the dilemma of increasing food production for a growing domestic and world population while decreasing environmental impacts and supporting the social and economic future of regional communities. The challenge for farmers is compounded by declining rates of productivity growth which have been linked to changes in climate and decreasing investment in agricultural research. The answer must lie in understanding the ecological functionality of landscapes and matching management of agricultural systems and use of natural resources to landscape capacity in a changing climate. A simplified mixed grain and livestock farm case study is used to illustrate the challenges of assessing the potential for shifts in land allocation between commodities to achieve sustainable intensification of nutrition production. This study highlights the risks associated with overly-simplistic solutions and the need for increased investment in research to inform the development of practical strategies for increasing food production in Australian agro-ecosystems while managing the impacts of climate change and addressing climate change mitigation policies.