Tool-supported dataflow analysis of a security-critical embedded device

Defence organisations perform information security evaluations to confirm that electronic communications devices are safe to use in security-critical situations. Such evaluations include tracing all possible dataflow paths through the device, but this process is tedious and error-prone, so automated reachability analysis tools are needed to make security evaluations faster and more accurate. Previous research has produced a tool, SIFA, for dataflow analysis of basic digital circuitry, but it cannot analyse dataflow through microprocessors embedded within the circuit since this depends on the software they run. We have developed a static analysis tool that produces SIFA compatible dataflow graphs from embedded microcontroller programs written in C. In this paper we present a case study which shows how this new capability supports combined hardware and software dataflow analyses of a security critical communications device.

Data flow analysis of embedded program expressions

Data flow analysis techniques can be used to help assess threats to data confidentiality and integrity in security critical program code. However, a fundamental weakness of static analysis techniques is that they overestimate the ways in which data may propagate at run time. Discounting large numbers of these false-positive data flow paths wastes an information security evaluator's time and effort. Here we show how to automatically eliminate some false-positive data flow paths by precisely modelling how classified data is blocked by certain expressions in embedded C code. We present a library of detailed data flow models of individual expression elements and an algorithm for introducing these components into conventional data flow graphs. The resulting models can be used to accurately trace byte-level or even bit-level data flow through expressions that are normally treated as atomic. This allows us to identify expressions that safely downgrade their classified inputs and thereby eliminate false-positive data flow paths from the security evaluation process. To validate the approach we have implemented and tested it in an existing data flow analysis toolkit.

A taint marking approach to confidentiality violation detection

This article presents a novel approach to confidentiality violation detection based on taint marking. Information flows are dynamically tracked between applications and objects of the operating system such as files, processes and sockets. A confidentiality policy is defined by labelling sensitive information and defining which information may leave the local system through network exchanges. Furthermore, per application profiles can be defined to restrict the sets of information each application may access and/or send through the network. In previous works, we focused on the use of mandatory access control mechanisms for information flow tracking. In this current work, we have extended the previous information flow model to track network exchanges, and we are able to define a policy attached to network sockets. We show an example application of this extension in the context of a compromised web browser: our implementation detects a confidentiality violation when the browser attempts to leak private information to a remote host over the network.

State convergence in the initialisation of the Sfinks stream cipher

Sfinks is a shift register based stream cipher designed for hardware implementation. The initialisation state update function is different from the state update function used for keystream generation. We demonstrate state convergence during the initialisation process, even though the individual components used in the initialisation are one-to-one. However, the combination of these components is not one-to-one.

Evaluation of an inactivated Ross River virus vaccine in active and passive mouse immunization models and establishment of a correlate of protection

Ross River Virus has caused reported outbreaks of epidemic polyarthritis, a chronic debilitating disease associated with significant long-term morbidity in Australia and the Pacific region since the 1920s. To address this public health concern, a formalin- and UV-inactivated whole virus vaccine grown in animal protein-free cell culture was developed and tested in preclinical studies to evaluate immunogenicity and efficacy in animal models. After active immunizations, the vaccine dose-dependently induced antibodies and protected adult mice from viremia and interferon α/β receptor knock-out (IFN-α/βR(-/-)) mice from death and disease. In passive transfer studies, administration of human vaccinee sera followed by RRV challenge protected adult mice from viremia and young mice from development of arthritic signs similar to human RRV-induced disease. Based on the good correlation between antibody titers in human sera and protection of animals, a correlate of protection was defined. This is of particular importance for the evaluation of the vaccine because of the comparatively low annual incidence of RRV disease, which renders a classical efficacy trial impractical. Antibody-dependent enhancement of infection, did not occur in mice even at low to undetectable concentrations of vaccine-induced antibodies. Also, RRV vaccine-induced antibodies were partially cross-protective against infection with a related alphavirus, Chikungunya virus, and did not enhance infection. Based on these findings, the inactivated RRV vaccine is expected to be efficacious and protect humans from RRV disease

Analysis of Object-Specific Authorization Protocol (OSAP) using coloured Petri nets

The use of Trusted Platform Module (TPM) is be- coming increasingly popular in many security sys- tems. To access objects protected by TPM (such as cryptographic keys), several cryptographic proto- cols, such as the Object Specific Authorization Pro- tocol (OSAP), can be used. Given the sensitivity and the importance of those objects protected by TPM, the security of this protocol is vital. Formal meth- ods allow a precise and complete analysis of crypto- graphic protocols such that their security properties can be asserted with high assurance. Unfortunately, formal verification of these protocols are limited, de- spite the abundance of formal tools that one can use. In this paper, we demonstrate the use of Coloured Petri Nets (CPN) - a type of formal technique, to formally model the OSAP. Using this model, we then verify the authentication property of this protocol us- ing the state space analysis technique. The results of analysis demonstrates that as reported by Chen and Ryan the authentication property of OSAP can be violated.

Social innovation and social enterprise : evidence from Australia

‘Social innovation’ is a construct increasingly used to explain the practices, processes and actors through which sustained positive transformation occurs in the network society (Mulgan, G., Tucker, S., Ali, R., Sander, B. (2007). Social innovation: What it is, why it matters and how can it be accelerated. Oxford:Skoll Centre for Social Entrepreneurship; Phills, J. A., Deiglmeier, K., & Miller, D. T. Stanford Social Innovation Review, 6(4):34–43, 2008.). Social innovation has been defined as a “novel solution to a social problem that is more effective, efficient, sustainable, or just than existing solutions, and for which the value created accrues primarily to society as a whole rather than private individuals.” (Phills,J. A., Deiglmeier, K., & Miller, D. T. Stanford Social Innovation Review, 6 (4):34–43, 2008: 34.) Emergent ideas of social innovation challenge some traditional understandings of the nature and role of the Third Sector, as well as shining a light on those enterprises within the social economy that configure resources in novel ways. In this context, social enterprises – which provide a social or community benefit and trade to fulfil their mission – have attracted considerable policy attention as one source of social innovation within a wider field of action (see Leadbeater, C. (2007). ‘Social enterprise and social innovation: Strategies for the next 10 years’, Cabinet office,Office of the third sector http://www.charlesleadbeater.net/cms xstandard/social_enterprise_innovation.pdf. Last accessed 19/5/2011.). And yet, while social enterprise seems to have gained some symbolic traction in society, there is to date relatively limited evidence of its real world impacts.(Dart, R. Not for Profit Management and Leadership, 14(4):411–424, 2004.) In other words, we do not know much about the social innovation capabilities and effects of social enterprise. In this chapter, we consider the social innovation practices of social enterprise, drawing on Mulgan, G., Tucker, S., Ali, R., Sander, B. (2007). Social innovation: What it is, why it matters and how can it be accelerated. Oxford: Skoll Centre for Social Entrepreneurship: 5) three dimensions of social innovation: new combinations or hybrids of existing elements; cutting across organisational, sectoral and disciplinary boundaries; and leaving behind compelling new relationships. Based on a detailed survey of 365 Australian social enterprises, we examine their self-reported business and mission-related innovations, the ways in which they configure and access resources and the practices through which they diffuse innovation in support of their mission. We then consider how these findings inform our understanding of the social innovation capabilities and effects of social enterprise,and their implications for public policy development.

Towards a secure human-and-computer mutual authentication protocol

We blend research from human-computer interface (HCI) design with computational based crypto- graphic provable security. We explore the notion of practice-oriented provable security (POPS), moving the focus to a higher level of abstraction (POPS+) for use in providing provable security for security ceremonies involving humans. In doing so we high- light some challenges and paradigm shifts required to achieve meaningful provable security for a protocol which includes a human. We move the focus of security ceremonies from being protocols in their context of use, to the protocols being cryptographic building blocks in a higher level protocol (the security cere- mony), which POPS can be applied to. In order to illustrate the need for our approach, we analyse both a protocol proven secure in theory, and a similar proto- col implemented by a �nancial institution, from both HCI and cryptographic perspectives.

Improving the efficiency of RFID authentication with pre-computation

Security of RFID authentication protocols has received considerable interest recently. However, an important aspect of such protocols that has not received as much attention is the efficiency of their communication. In this paper we investigate the efficiency benefits of pre-computation for time-constrained applications in small to medium RFID networks. We also outline a protocol utilizing this mechanism in order to demonstrate the benefits and drawbacks of using thisapproach. The proposed protocol shows promising results as it is able to offer the security of untraceableprotocols whilst only requiring the time comparable to that of more efficient but traceable protocols.

Parallel ABM for electricity distribution grids : a case study

This paper introduces a parallel implementation of an agent-based model applied to electricity distribution grids. A fine-grained shared memory parallel implementation is presented, detailing the way the agents are grouped and executed on a multi-threaded machine, as well as the way the model is built (in a composable manner) which is an aid to the parallelisation. Current results show a medium level speedup of 2.6, but improvements are expected by incor-porating newer distributed or parallel ABM schedulers into this implementa-tion. While domain-specific, this parallel algorithm can be applied to similarly structured ABMs (directed acyclic graphs).

Controls on mid-Holocene fringing reef growth and termination in a high latitude, estuarine setting, Wellington Point, Southeast Queensland

Several fringing coral reefs in Moreton Bay, Southeast Queensland, some 300 km south of the Great Barrier Reef (GBR), are set in a relatively high latitude, estuarine environment that is considered marginal for coral growth. Previous work indicated that these marginal reefs, as with many fringing reefs of the inner GBR, ceased accreting in the mid-Holocene. This research presents for the first time data from the subsurface profile of the mid-Holocene fossil reef at Wellington Point comprising U/Th dates of in situ and framework corals, and trace element analysis from the age constrained carbonate fragments. Based on trace element proxies the palaeo-water quality during reef accretion was reconstructed. Results demonstrate that the reef initiated more than 7,000 yr BP during the post glacial transgression, and the initiation progressed to the west as sea level rose. In situ micro-atolls indicate that sea level was at least 1 m above present mean sea level by 6,680 years ago. The reef remained in "catch-up" mode, with a seaward sloping upper surface, until it stopped aggrading abruptly at ca 6,000 yr BP; no lateral progradation occurred. Changes in sediment composition encountered in the cores suggest that after the laterite substrate was covered by the reef, most of the sediment was produced by the carbonate factory with minimal terrigenous influence. Rare earth element, Y and Ba proxies indicate that water quality during reef accretion was similar to oceanic waters, considered suitable for coral growth. A slight decline in water quality on the basis of increased Ba in the later stages of growth may be related to increased riverine input and partial closing up of the bay due to either tidal delta progradation, climatic change and/or slight sea level fall. The age data suggest that termination of reef growth coincided with a slight lowering of sea level, activation of ENSO and consequent increase in seasonality, lowering of temperatures and the constrictions to oceanic flushing. At the cessation of reef accretion the environmental conditions in the western Moreton Bay were changing from open marine to estuarine. The living coral community appears to be similar to the fossil community, but without the branching Acropora spp. that were more common in the fossil reef. In this marginal setting coral growth periods do not always correspond to periods of reef accretion due to insufficient coral abundance. Due to several environmental constraints modern coral growth is insufficient for reef growth. Based on these findings Moreton Bay may be unsuitable as a long term coral refuge for most species currently living in the GBR.

Reputation and Legitimacy : accreditation and rankings to assess organizations

A key perspective on reputation is that of assessment. Much of the communication literature focuses on the influence organizations have on impression formation. This chapter however suggests that in order to understand reputation assessment, it is also important to understand the related concept of legitimacy. It addresses two approaches to understanding reputation namely accreditation and ranking. Accreditation alludes to concepts of legitimacy in which firms may acquire credibility by meeting formalized standards of certification. Ranking deals with categorizing and rating organizational reputations so that they may be assessed relative to one another. The chapter explores the various ways in which the mechanisms of accreditation and ranking operate and the role of social actors in developing and applying them. Ranking systems that provide the mechanism for comparing organizations and assessing their relative value are also explored.

Security analysis of linearly filtered NLFSRs

Non-linear feedback shift register (NLFSR) ciphers are cryptographic tools of choice of the industry especially for mobile communication. Their attractive feature is a high efficiency when implemented in hardware or software. However, the main problem of NLFSR ciphers is that their security is still not well investigated. The paper makes a progress in the study of the security of NLFSR ciphers. In particular, we show a distinguishing attack on linearly filtered NLFSR (or LF-NLFSR) ciphers. We extend the attack to a linear combination of LF-NLFSRs. We investigate the security of a modified version of the Grain stream cipher and show its vulnerability to both key recovery and distinguishing attacks.

Modeling perceived influences on journalism : evidence from a cross-national survey of journalists

Surveying 1,700 journalists from seventeen countries, this study investigates perceived influences on news work. Analysis reveals a dimensional structure of six distinct domains—political, economic, organizational, professional, and procedural influences, as well as reference groups. Across countries, these six dimensions build up a hierarchical structure where organizational, professional, and procedural influences are perceived as more powerful limits to journalists' work than political and economic influences.

Mapping journalism cultures across nations : a comparative study of 18 countries

This article reports key findings from a comparative survey of the role perceptions, epistemological orientations and ethical views of 1800 journalists from 18 countries. The results show that detachment, non-involvement, providing political information and monitoring the government are considered essential journalistic functions around the globe. Impartiality, the reliability and factualness of information, as well as adherence to universal ethical principles are also valued worldwide, though their perceived importance varies across countries. Various aspects of interventionism, objectivism and the importance of separating facts from opinion, on the other hand, seem to play out differently around the globe. Western journalists are generally less supportive of any active promotion of particular values, ideas and social change, and they adhere more to universal principles in their ethical decisions. Journalists from non-western contexts, on the other hand, tend to be more interventionist in their role perceptions and more flexible in their ethical views.