263 resultados para Security council
Resumo:
Type unions, pointer variables and function pointers are a long standing source of subtle security bugs in C program code. Their use can lead to hard-to-diagnose crashes or exploitable vulnerabilities that allow an attacker to attain privileged access over classified data. This paper describes an automatable framework for detecting such weaknesses in C programs statically, where possible, and for generating assertions that will detect them dynamically, in other cases. Exclusively based on analysis of the source code, it identifies required assertions using a type inference system supported by a custom made symbol table. In our preliminary findings, our type system was able to infer the correct type of unions in different scopes, without manual code annotations or rewriting. Whenever an evaluation is not possible or is difficult to resolve, appropriate runtime assertions are formed and inserted into the source code. The approach is demonstrated via a prototype C analysis tool.
Resumo:
Before making a security or privacy decision, Internet users should evaluate several security indicators in their browser, such as the use of HTTPS (indicated via the lock icon), the domain name of the site, and information from extended validation certificates. However, studies have shown that human subjects infrequently employ these indicators, relying on other indicators that can be spoofed and convey no cryptographic assurances. We identify four simple security indicators that accurately represent security properties of the connection and then examine 125 popular websites to determine if the sites' designs result in correctly displayed security indicators during login. In the vast majority of cases, at least some security indicators are absent or suboptimal. This suggests users are becoming habituated to ignoring recommended security indicators.
Resumo:
Several studies have developed metrics for software quality attributes of object-oriented designs such as reusability and functionality. However, metrics which measure the quality attribute of information security have received little attention. Moreover, existing security metrics measure either the system from a high level (i.e. the whole system’s level) or from a low level (i.e. the program code’s level). These approaches make it hard and expensive to discover and fix vulnerabilities caused by software design errors. In this work, we focus on the design of an object-oriented application and define a number of information security metrics derivable from a program’s design artifacts. These metrics allow software designers to discover and fix security vulnerabilities at an early stage, and help compare the potential security of various alternative designs. In particular, we present security metrics based on composition, coupling, extensibility, inheritance, and the design size of a given object-oriented, multi-class program from the point of view of potential information flow.
Resumo:
Refactoring focuses on improving the reusability, maintainability and performance of programs. However, the impact of refactoring on the security of a given program has received little attention. In this work, we focus on the design of object-oriented applications and use metrics to assess the impact of a number of standard refactoring rules on their security by evaluating the metrics before and after refactoring. This assessment tells us which refactoring steps can increase the security level of a given program from the point of view of potential information flow, allowing application designers to improve their system’s security at an early stage.
Resumo:
Lack of a universally accepted and comprehensive taxonomy of cybercrime seriously impedes international efforts to accurately identify, report and monitor cybercrime trends. There is, not surprisingly, a corresponding disconnect internationally on the cybercrime legislation front, a much more serious problem and one which the International Telecommunication Union (ITU) says requires „the urgent attention of all nations‟. Yet, and despite the existence of the Council of Europe Convention on Cybercrime, a proposal for a global cybercrime treaty was rejected by the United Nations (UN) as recently as April 2010. This paper presents a refined and comprehensive taxonomy of cybercrime and demonstrates its utility for widespread use. It analyses how the USA, the UK, Australia and the UAE align with the CoE Convention and finds that more needs to be done to achieve conformance. We conclude with an analysis of the approaches used in Australia, in Queensland, and in the UAE, in Abu Dhabi, to fight cybercrime and identify a number of shared problems.
Resumo:
Proactive communication management instead of mortification in the glare of hostile media attention became the theme of a four-day training program for multi-cultural community leaders, the object of this research. The program in Brisbane from December 2009 through to February this year was conducted under auspices of a Community Media Link grant program shared by Griffith University and the Queensland Ethnic Communities Council, together with Journalism academics from the Queensland University of Technology. Twenty-eight participants from 23 organisations took part, with a team of nine facilitators from the host organisations, and guest presenters from the news media. This paper reviews the process, taking into account: its objectives, to empower participants by showing how Australian media operate and introducing participants to journalists; pedagogical thrust, where overview talks, with role play seminars with guest presenters from the media, were combined with practice in interviews and writing for media; and outcomes, assessed on the basis of participants’ responses. The research methodology is qualitative, in that the study is based on discussions to review the planning and experience of sessions, and anonymous, informal feed-back questionnaires distributed to the participants. Background literature on multiculturalism and community media was referred to in the study. The findings indicate positive outcomes for participants from this approach to protection of persons unversed in living in the Australian “mediatised” environment. Most affirmed that the “production side” perspective of the exercise had informed and motivated them effectively, such that henceforth they would venture far more into media management, in their community leadership roles.
Resumo:
Even though security protocols are designed to make computer communication secure, it is widely known that there is potential for security breakdowns at the human machine interface. This paper reports on a diary study conducted in order to investigate what people identify as security decisions that they make while using the web. The study aimed to uncover how security is perceived in the individual's context of use. From this data, themes were drawn, with a focus on addressing security goals such as confidentiality and authentication. This study is the first study investigating users' web usage focusing on their self-documented perceptions of security and the security choices they made in their own environment.
Resumo:
Operators of busy contemporary airports have to balance tensions between the timely flow of passengers, flight operations, the conduct of commercial business activities and the effective application of security processes. In addition to specific onsite issues airport operators liaise with a range of organisations which set and enforce aviation-related policies and regulations as well as border security agencies responsible for customs, quarantine and immigration, in addition to first response security services. The challenging demands of coordinating and planning in such complex socio-technical contexts place considerable pressure on airport management to facilitate coordination of what are often conflicting goals and expectations among groups that have standing in respect to safe and secure air travel. What are, as yet, significantly unexplored issues in large airports are options for the optimal coordination of efforts from the range of public and private sector participants active in airport security and crisis management. A further aspect of this issue is how airport management systems operate when there is a transition from business-as-usual into an emergency/crisis situation and then, on recovery, back to ‘normal’ functioning. Business Continuity Planning (BCP), incorporating sub-plans for emergency response, continuation of output and recovery of degraded operating capacity, would fit such a context. The implementation of BCP practices in such a significant high security setting offers considerable potential benefit yet entails considerable challenges. This paper presents early results of a 4 year nationally funded industry-based research project examining the merger of Business Continuity Planning and Transport Security Planning as a means of generating capability for improved security and reliability and, ultimately, enhanced resilience in major airports. The project is part of a larger research program on the Design of Secure Airports that includes most of the gazetted ‘first response’ international airports in Australia, key Aviation industry groups and all aviation-related border and security regulators as collaborative partners. The paper examines a number of initial themes in the research, including: ? Approaches to integrating Business Continuity & Aviation Security Planning within airport operations; ? Assessment of gaps in management protocols and operational capacities for identifying and responding to crises within and across critical aviation infrastructure; ? Identification of convergent and divergent approaches to crisis management used across Austral-Asia and their alignment to planned and possible infrastructure evolution.
Resumo:
This research project explores the nature of In-School Touring Productions that are presented in Queensland classrooms by Queensland Arts Council (QAC). The research emerged from my background as a drama teacher working on secondment at QAC in the Ontour inschools department. The research follows the development of a new production Power Trip: the Adventures of Watty and Volt. The research was guided by the key question: What are some of the production and pragmatic issues that relate to In-school Touring Productions and in what ways do QAC’s Ontour inschools productions offer learning experiences? This research involved the creation of three intersecting elements: (1) a 45 minute personal documentary film, 8 Times Around the Equator. The film follows my enthusiasms for this hybrid form of theatre which developed from my childhood, teaching practice and finally in my role at QAC; (2) a multimedia DVD, Queensland Arts Council 2008 inschools Season, which presents a series of short video clips promoting QAC’s Ontour inschools program; and finally (3) this exegetical paper, Queensland Arts Council Road Trip: an Examination of In-Schools Touring Productions (2005-2008). This exegesis supports the multimedia presentations and provides additional descriptions of QAC's Ontour inschools productions which are contextualised within the history of QAC and the field of Youth Theatre generally. During the project I observed 37 QAC productions and analysed them against set criteria and as a result four types of learning experiences were identified: • Category X: X-periencing the Art Form – providing students with exposure to traditional forms of main stage theatre; • Category L: Learning Through the Art Form – communicating information using an art form to educate. For example using comedy, clowning or slapstick to teach science; • Category U: Unpacking the Art Form – deconstructing art forms and providing students with increased awareness and appreciation; and • Category M: M-bodying the Art Form – workshops and artist residencies that allow students to create their own work. The creative works (documentary film and DVDs) combine to make up 65% of the project. This exegetical paper concludes the final 35% required for submission.
Resumo:
We present a hierarchical model for assessing an object-oriented program's security. Security is quantified using structural properties of the program code to identify the ways in which `classified' data values may be transferred between objects. The model begins with a set of low-level security metrics based on traditional design characteristics of object-oriented classes, such as data encapsulation, cohesion and coupling. These metrics are then used to characterise higher-level properties concerning the overall readability and writability of classified data throughout the program. In turn, these metrics are then mapped to well-known security design principles such as `assigning the least privilege' and `reducing the size of the attack surface'. Finally, the entire program's security is summarised as a single security index value. These metrics allow different versions of the same program, or different programs intended to perform the same task, to be compared for their relative security at a number of different abstraction levels. The model is validated via an experiment involving five open source Java programs, using a static analysis tool we have developed to automatically extract the security metrics from compiled Java bytecode.
Resumo:
Workplace serious injuries and deaths due to unsafe work practices are a substantial health and socioeconomic burden to the community, particularly in industries such as construction, agriculture and fishing, and transport and storage. Some 2000 individuals die each year from work-related causes and tens of thousands of individuals incur permanent disabling work-related injuries and the direct (e.g., medical & legal) and indirect (e.g., lost productivity) cost to the Australian economy has been estimated between $32 billion and $57 billion annually. A common cause of workplace injuries and deaths is occupational driving and work-related fatal road crashes comprise between 23 and 32% of work-related fatalities each year. A major safety concern across the various industry groups therefore involve deaths and injuries associated with work-related driving. However, while organisations emphasise safety practices in most spheres of the workplace they often neglect work-related driving and lack appropriate policies to enhance safe driving practices.
Resumo:
This thesis argues that in order to establish a sound information security culture it is necessary to look at organisation's information security systems in a socio- technical context. The motivation for this research stems from the continuing concern of ineffective information security in organisations, leading to potentially significant monetary losses. It is important to address both technical and non- technical aspects when dealing with information security management. Culture has been identified as an underlying determinant of individuals' behaviour and this extends to information security culture, particularly in developing countries. This research investigates information security culture in the Saudi Arabia context. The theoretical foundation for the study is based on organisational and national culture theories. A conceptual framework for this study was constructed based on Peterson and Smith's (1997) model of national culture. This framework guides the study of national, organisational and technological values and their relationships to the development of information security culture. Further, the study seeks to better understand how these values might affect the development and deployment of an organisation's information security culture. Drawing on evidence from three exploratory case studies, an emergent conceptual framework was developed from the traditional human behaviour and the social environment perspectives used in social work, This framework contributes to in- formation security management by identifying behaviours related to four modes of information security practice. These modes provide a sound basis that can be used to evaluate individual organisational members' behaviour and the adequacy of ex- isting security measures. The results confirm the plausibility of the four modes of practice. Furthermore, a final framework was developed by integrating the four modes framework into the research framework. The outcomes of the three case stud- ies demonstrate that some of the national, organisational and technological values have clear impacts on the development and deployment of organisations' informa- tion security culture. This research, by providing an understanding the in uence of national, organi- sational and technological values on individuals' information security behaviour, contributes to building a theory of information security culture development within an organisational context. The research reports on the development of an inte- grated information security culture model that highlights recommendations for developing an information security culture. The research framework, introduced by this research, is put forward as a robust starting point for further related work in this area.
Resumo:
Choi et al. recently proposed an efficient RFID authentication protocol for a ubiquitous computing environment, OHLCAP(One-Way Hash based Low-Cost Authentication Protocol). However, this paper reveals that the protocol has several security weaknesses : 1) traceability based on the leakage of counter information, 2) vulnerability to an impersonation attack by maliciously updating a random number, and 3) traceability based on a physically-attacked tag. Finally, a security enhanced group-based authentication protocol is presented.
