Overcoming reputation and proof-of-work systems in botnets

Reputation and proof-of-work systems have been outlined as methods bot masters will soon use to defend their peer-to-peer botnets. These techniques are designed to prevent sybil attacks, such as those that led to the downfall of the Storm botnet. To evaluate the effectiveness of these techniques, a botnet that employed these techniques was simulated, and the amount of resources required to stage a successful sybil attack against it measured. While the proof-of-work system was found to increase the resources required for a successful sybil attack, the reputation system was found to lower the amount of resources required to disable the botnet.

An initial technology roadmap for home automation : home and personal life management

Home Automation (HA) has emerged as a prominent ¯eld for researchers and in- vestors confronting the challenge of penetrating the average home user market with products and services emerging from technology based vision. In spite of many technology contri- butions, there is a latent demand for a®ordable and pragmatic assistive technologies for pro-active handling of complex lifestyle related problems faced by home users. This study has pioneered to develop an Initial Technology Roadmap for HA (ITRHA) that formulates a need based vision of 10-15 years, identifying market, product and technology investment opportunities, focusing on those aspects of HA contributing to e±cient management of home and personal life. The concept of Family Life Cycle is developed to understand the temporal needs of family. In order to formally describe a coherent set of family processes, their relationships, and interaction with external elements, a reference model named Fam- ily System is established that identi¯es External Entities, 7 major Family Processes, and 7 subsystems-Finance, Meals, Health, Education, Career, Housing, and Socialisation. Anal- ysis of these subsystems reveals Soft, Hard and Hybrid processes. Rectifying the lack of formal methods for eliciting future user requirements and reassessing evolving market needs, this study has developed a novel method called Requirement Elicitation of Future Users by Systems Scenario (REFUSS), integrating process modelling, and scenario technique within the framework of roadmapping. The REFUSS is used to systematically derive process au- tomation needs relating the process knowledge to future user characteristics identi¯ed from scenarios created to visualise di®erent futures with richly detailed information on lifestyle trends thus enabling learning about the future requirements. Revealing an addressable market size estimate of billions of dollars per annum this research has developed innovative ideas on software based products including Document Management Systems facilitating automated collection, easy retrieval of all documents, In- formation Management System automating information services and Ubiquitous Intelligent System empowering the highly mobile home users with ambient intelligence. Other product ideas include robotic devices of versatile Kitchen Hand and Cleaner Arm that can be time saving. Materialisation of these products require technology investment initiating further research in areas of data extraction, and information integration as well as manipulation and perception, sensor actuator system, tactile sensing, odour detection, and robotic controller. This study recommends new policies on electronic data delivery from service providers as well as new standards on XML based document structure and format.

Validating denial of service vulnerabilities in web services

The loosely-coupled and dynamic nature of web services architectures has many benefits, but also leads to an increased vulnerability to denial of service attacks. While many papers have surveyed and described these vulnerabilities, they are often theoretical and lack experimental data to validate them, and assume an obsolete state of web services technologies. This paper describes experiments involving several denial of service vulnerabilities in well-known web services platforms, including Java Metro, Apache Axis, and Microsoft .NET. The results both confirm and deny the presence of some of the most well-known vulnerabilities in web services technologies. Specifically, major web services platforms appear to cope well with attacks that target memory exhaustion. However, attacks targeting CPU-time exhaustion are still effective, regardless of the victim’s platform.

Mental health outcomes for unemployed individuals who attend occupational skills / personal development training programs

Four studies report on outcomes for long-term unemployed individuals who attend occupational skills/personal development training courses in Australia. Levels of distress, depression, guilt, anger, helplessness, positive and negative affect, life satisfaction and self esteem were used as measures of well-being. Employment value, employment expectations and employment commitment were used as measures of work attitude. Social support, financial strain, and use of community resources were used as measures of life situation. Other variables investigated were causal attribution, unemployment blame, levels of coping, self efficacy, the personality variable of neuroticism, the psycho-social climate of the training course, and changes to occupational status. Training courses were (a) government funded occupational skills-based programs which included some components of personal development training, and (b) a specially developed course which focused exclusively on improving well-being, and which utilised the cognitive-behavioural therapy (CBT) approach. Data for all studies were collected longitudinally by having subjects complete questionnaires pre-course, post-course, and (for 3 of the 4 studies) at 3 months follow-up, in order to investigate long-term effects. One of the studies utilised the case-study methodology and was designed to be illustrative and assist in interpreting the quantitative data from the other 3 evaluations. The outcomes for participants were contrasted with control subjects who met the same sel~tion criteria for training. Results confirmed earlier findings that the experiences of unemployment were negative. Immediate effects of the courses were to improve well-being. Improvements were greater for those who attended courses with higher levels of personal development input, and the best results were obtained from the specially developed CBT program. Participants who had lower levels of well-being at the beginning of the courses did better as a result of training than those who were already functioning at higher levels. Course participants gained only marginal advantages over control subjects in relation to improving their occupational status. Many of the short term well-being gains made as a result of attending the courses were still evident at 3 months follow-up. Best results were achieved for the specially designed CBT program. Results were discussed in the context of prevailing theories of Ynemployment (Fryer, 1986,1988; Jahoda, 1981, 1982; Warr, 1987a, 1987b).

An examination of communication across cultures in news media and at informal/personal levels : with concentration on relations among two South East Asian countries and Australia and those two countries and Germany

In the age of globalisation dominated by mass communication, the flow of information contributes to a big extent to the worldviews of its "global citizens". From this point of view the mass media can be seen as one of the most salient sources of cross-cultural communication. This study investigates mass communication across cultures, focusing on South East Asia (Malaysia and Singapore), Australia and Germany. The centre of attention is the Western media coverage of South East Asia and vice versa. In this context a content analysis of newspapers of the three regions has been conducted. In addition, working practices and conditions of Western foreign correspondents in South East Asia have been examined. Apart from the investigation of inter-cultural media coverage, another focus of attention will be the examination of two levels of communication: The business level, concentrating on issues like e.g. the Asian business etiquette; and the private level, looking into the transition to a different culture from the perspective of Australian and German expatriates. Apart from investigating mass communication across cultures and to provide a written analysis of the findings, a series of radio documentaries in English and in German has been produced. They cover the following issues: Foreign correspondents in South East Asia, the expatriate-lifestyle of Australians and Germans in South East Asia, business etiquette in Asia, student exchange Germany-Asia, image and prejudices East-West and Tourism.

Legislative and security requirements of audit material for evidentiary purpose

This research used the Queensland Police Service, Australia, as a major case study. Information on principles, techniques and processes used, and the reason for the recording, storing and release of audit information for evidentiary purposes is reported. It is shown that Law Enforcement Agencies have a two-fold interest in, and legal obligation pertaining to, audit trails. The first interest relates to the situation where audit trails are actually used by criminals in the commission of crime and the second to where audit trails are generated by the information systems used by the police themselves in support of the recording and investigation of crime. Eleven court cases involving Queensland Police Service audit trails used in evidence in Queensland courts were selected for further analysis. It is shown that, of the cases studied, none of the evidence presented was rejected or seriously challenged from a technical perspective. These results were further analysed and related to normal requirements for trusted maintenance of audit trail information in sensitive environments with discussion on the ability and/or willingness of courts to fully challenge, assess or value audit evidence presented. Managerial and technical frameworks for firstly what is considered as an environment where a computer system may be considered to be operating “properly” and, secondly, what aspects of education, training, qualifications, expertise and the like may be considered as appropriate for persons responsible within that environment, are both proposed. Analysis was undertaken to determine if audit and control of information in a high security environment, such as law enforcement, could be judged as having improved, or not, in the transition from manual to electronic processes. Information collection, control of processing and audit in manual processes used by the Queensland Police Service, Australia, in the period 1940 to 1980 was assessed against current electronic systems essentially introduced to policing in the decades of the 1980s and 1990s. Results show that electronic systems do provide for faster communications with centrally controlled and updated information readily available for use by large numbers of users who are connected across significant geographical locations. However, it is clearly evident that the price paid for this is a lack of ability and/or reluctance to provide improved audit and control processes. To compare the information systems audit and control arrangements of the Queensland Police Service with other government departments or agencies, an Australia wide survey was conducted. Results of the survey were contrasted with the particular results of a survey, conducted by the Australian Commonwealth Privacy Commission four years previous, to this survey which showed that security in relation to the recording of activity against access to information held on Australian government computer systems has been poor and a cause for concern. However, within this four year period there is evidence to suggest that government organisations are increasingly more inclined to generate audit trails. An attack on the overall security of audit trails in computer operating systems was initiated to further investigate findings reported in relation to the government systems survey. The survey showed that information systems audit trails in Microsoft Corporation's “Windows” operating system environments are relied on quite heavily. An audit of the security for audit trails generated, stored and managed in the Microsoft “Windows 2000” operating system environment was undertaken and compared and contrasted with similar such audit trail schemes in the “UNIX” and “Linux” operating systems. Strength of passwords and exploitation of any security problems in access control were targeted using software tools that are freely available in the public domain. Results showed that such security for the “Windows 2000” system is seriously flawed and the integrity of audit trails stored within these environments cannot be relied upon. An attempt to produce a framework and set of guidelines for use by expert witnesses in the information technology (IT) profession is proposed. This is achieved by examining the current rules and guidelines related to the provision of expert evidence in a court environment, by analysing the rationale for the separation of distinct disciplines and corresponding bodies of knowledge used by the Medical Profession and Forensic Science and then by analysing the bodies of knowledge within the discipline of IT itself. It is demonstrated that the accepted processes and procedures relevant to expert witnessing in a court environment are transferable to the IT sector. However, unlike some discipline areas, this analysis has clearly identified two distinct aspects of the matter which appear particularly relevant to IT. These two areas are; expertise gained through the application of IT to information needs in a particular public or private enterprise; and expertise gained through accepted and verifiable education, training and experience in fundamental IT products and system.