Analyzing security protocols using association rule mining

Current studies to analyzing security protocols using formal methods require users to predefine authentication goals. Besides, they are unable to discover potential correlations between secure messages. This research attempts to analyze security protocols using data mining. This is done by extending the idea of association rule mining and converting the verification of protocols into computing the frequency and confidence of inconsistent secure messages. It provides a novel and efficient way to analyze security protocols and find out potential correlations between secure messages. The conducted experiments demonstrate our approaches.

A comparative analysis of opinions of Americans, Australians and Malaysians on the use of biometric devices in workplaces for security and monitoring of worker productivity

Since the September 11, 2001 terrorist attacks in New York, the use of biometric devices such as fingerprint scans, retina and iris scans and facial recognition in everyday situations for national security and border control, have become commonplace. This has resulted in the biometric industry moving from being a niche technology to one that is ubiquitous. As a result. more and more employers are using biometrics to secure staff access to their facilities as well as for tracking staff work hours, maintaining 'discipline' and carry out surveillance against thefts. detecting work hour abuses and fraud. However, the data thus collected and the technologies themselves are feared of having the potential for and actually being misused - both in terms of the violating staff privacy and discrimination and oppression of targeted workers. This paper examines the issue of using biometric devices in organisational settings their advantages, disadvantages and actual and potential abuses from the point of view of critical theory. From the perspectives of Panoptic surveillance and hegemonic organisational control, the paper examines the issues related to privacy and identification, biometrics and privacy, biometrics and the 'body', and surveillance and modernity. The paper also examines the findings ofa survey carried out in Australia. Malaysia and the USA on respondents' opinions on the use of biometric devices in everyday life including at workplaces. The paper concludes that along with their applications in border control and national security, the use of biometric devices should be covered by relevant laws and regulations. guidelines and codes of practice. in order to balance the rights to privacy and civil liberties of workers with employers' need for improved productivity, reduced costs, safeguards related to occupational health and safety, equal opportunity, and workplace harassment of staff and other matters, that employers are legally responsible for.

A methodology of health information security evaluation

With the conversion of paper health records to electronic health records, the health care sector is increasingly relying on technology to maintain the integrity of and update patients’ data. This reliance on technology requires an acute level of protection from technological disasters and/or threats of human error or sabotage. Research has shown there are inadequacies in the installation and use of security controls for health information records and that current methods of security analysis lack the techniques to analyse the technical and social aspects of security. This paper reports on progress towards development of a health information security evaluation methodology based on Unified Modelling Language techniques, and discusses an imminent case study that will be used for validation of the methodology.

Deception: a tool and curse for security management

With the proliferation of electronic information systems over the last two decades, the integrity of the stored data and its uses have become an essential component of effective organisational functioning. This digitised format, used in input, output, processing, storage, and communication, has given those wishing to deceive new opportunities. This paper examines the nature of deception and its potential as a new security risk in the information age.

Mobile commerce (mCommerce) security. An appraisal of current issues and trends

Millions of data capable mobile devices are currently in use around the world enabled by the growing acceptance of Internet over wireless networks. However, security mechanisms still remain nascent. Security plays a crucial role in facilitating the level of trust users place on mobile devices and applications. To effectively diffuse the mobile devices in the marketplace, sufficient levels of trust has to be established in the underlying security of mobile devices and applications. This paper is an appraisal of recent issues and emerging trends regarding mobile security, within the context of conducting mobile commerce via mobile networks by individual consumers and businesses.

The multifaceted and ever-changing directions of information security - Australia get ready!

In recent years, we have witnessed many information security developmental trends. As a consequence, the dimensions of information security - once single disciplinary area - have become multifaceted and convoluted. This paper aims to (1) recapitulate these key developments: (2) argue that the emergence of many complex information security dimensions are the result of 'constant change agents' (CCAs); (3) discuss the implications on Australia's society, i. e. government, companies and individuals; and (4) propose key consideration areas and possible solutions thereof. We hope that the discussion presented here will position Australia to make better aligned information security and strategic plans, such as choosing appropriate investments and adopting effective solutions to strengthen and secure Australia's national information security posture.

Security in the online e-learning environment

This paper addresses the role of security in the collaborative e-learning environment, and in particular, the social aspects of security and the importance of identity. It represents a case study, completed in Nov 2004, which was conducted to test the sense of security that students experienced whilst using the wiki platform as a means of online collaboration in the tertiary education environment. Wikis, fully editable Web sites, are easily accessible, require no software and allow its contributors (in this case students) to feel a sense of responsibility and ownership. A comparison between two wiki studies will be made whereby one group employed user login and the other maintained anonymity throughout the course of the study. The results consider the democratic participation and evolution of the work requirements over time, which in fact ascertains the nonvalidity of administrative identification.

Electronic negotiation and security of information exchanged in e-commerce

In settings such as electronic markets where trading partners have conflicting interests and a desire to cooperate, mobile agent mediated negotiation have become very popular. However, agent-based negotiation in electronic commerce involves the exchange of critical and sensitive data that must be highly safeguarded. Therefore, in order to give benefits of quick and safe trading to the trading partners, an approach that secures the information exchanged between the mobile agents during e-Commerce negotiations is needed. To this end, we discuss an approach that we refer to as Multi-Agent Security NEgotiation Protocol (MASNEP). To show that MASNEP protocol is free of attacks and thus the information exchanged throughout electronic negotiation is truly secured, we provide a formal proof on the correctness of the MASNEP.

Mining inconsistent secure messages toward analyzing security protocols

Traditional approaches such as theorem proving and model checking have been successfully used to analyze security protocols. Ideally, they assume the data communication is reliable and require the user to predetermine authentication goals. However, missing and inconsistent data have been greatly ignored, and the increasingly complicated security protocol makes it difficult to predefine such goals. This paper presents a novel approach to analyze security protocols using association rule mining. It is able to not only validate the reliability of transactions but also discover potential correlations between secure messages. The algorithm and experiment demonstrate that our approaches are useful and promising.

Income security of international students in Australia

Growth in the number of international students studying in English language countries has slowed in recent years and this development has generated extended debate amongst university managers and policy makers. In these discussions much attention has focussed on whether the slow down is to be explained by currency realignments, visa requirements, the quality of education, or the increasing competitiveness of the international education market. But what has attracted little attention is the fact that when parents and students choose in which country they will purchase a foreign education their choice is commonly influenced by the level of security that is perceived to characterise the range of options. What security means can take many forms and in this paper we focus on income security. Drawing on interview data from 9 Australian universities, we clarify the sources of international student income, the extent to which these students experience income security/insecurity, how they cope with income difficulties and/or ensure finances do not become a serious problem, and whether the nature of the information provided by governments and universities helps explain the extent of income insecurity manifest amongst international students in Australia. We argue that a significant proportion of international students studying in Australia do experience income insecurity and suggest that for both moral and economic reasons the government and the university sector should pay increased attention to this aspect of student need.

Supply chain security: the need for continuous assessment

Ease of Internet accessibility has offered business the opportunity to incorporate this electronic infrastructure technology into establishing electronic-based supply chains. With the improved efficiency that this brings to the management and functionality of the supply chain, there are also security considerations that should be taken into account for protecting the integrity of the electronic supply chain, not only within each business node, but also across the entire supply chain. Such security vulnerabilities can be negated with the implementation of security measures and policies, however these need to be consistent throughout the supply chain and regularly assessed against security benchmarks in order to ensure they meet dequate security standards.

Hunting the unobservables for optimal social security a general equilibrium approach

We study the optimal size of a pay-as-you-go social security program for an economy composed of both permanent-income and hand-to-mouth consumers. While previous work on this topic is framed within a two-period partial equilibrium setup, we study this issue in a life-cycle general equilibrium model. Because this type of welfare analysis depends critically on unobservable preference parameters, we methodically consider all parameterizations of the unobservables that are both feasible and reasonable—all parameterizations that can mimic key features of macro data (feasible) while still being consistent with micro evidence and convention (reasonable). The baseline model predicts that the optimal tax rate is between 6 percent and 15 percent of wage income.

Rule-based dependency models for security protocol analysis

Security protocol analysis has been discussed for quite some time in the past few years. Although formal methods have been widely used to identify various vulnerabilities, mainly susceptibility to freshness attacks and impersonation, the arisen inconsistent data between principals and collusion attacks held by a group of dishonest principals have been largely ignored. Moreover, the previous methods focus on reasoning about certain security-related properties and detecting known attacks against secure message, whereas there have been insufficient efforts to handle the above hidden but powerful attacks. In this paper, we address these critical issues and prove the efficiency and intuitiveness of rule-based dependency models in defending a protocol against the attacks. This is able to provide a numerical estimation to measure he occurrence of these attacks. It will be useful in enhancing the current protocol analysis.

The relationship among malingering, psychopathy, and the MMPI-2 validity scales in maximum security forensic psychiatric inpatients

The records of 392 men hospitalized in a maximum security forensic psychiatric hospital were reviewed. Demographic information was collected as well as data from the men's performance on the Psychopathy Checklist-Revised (PCL-R) and Minnesota Multiphasic Personality Inventory-2 (MMPI-2). Prevalence rates for malingering were low across the sample. However, results of chi-square analysis revealed that those who scored high on the PCL-R received a diagnosis of malingering significantly more frequently than those who scored low on the PCL-R. Clinical applications and theoretical implications of the results are discussed.

A framework for assessing certification schemes for IT security professionals

This research develops a framework which allows the many IT security certifications to be compared by stakeholders, such as IT security professionals, employers, universities and governments. The framework employs a novel approach which allow users to tailor the comparison based on their own weightings, whilst taking advantage of standardised research.