A multilevel trust management framework for service oriented environment

In service-oriented computing applications, trust management systems are emerging as a promising technology to improve the e-commerce consumers and provider's relationship. Both consumers and providers need to evaluate the trust levels of potential partners before engaging in interactions. The accuracy of trust evaluation greatly affects the success rate of the interaction. This paper addresses the threats and challenges that can compromise the reliability of the current trust management system. This paper studies and examines the importance of the trust factors of the trust management framework, specifically in dealing with malicious feedback ratings from e-commerce users. To improve the reliability of the trust management systems, an approach that addresses feedback-related vulnerabilities is paramount. A multilevel trust management system computes trust by combining different types of information. Using this combination, we introduce a multilevel framework for a new interactive trust management to improve the correctness in estimate of trust information.

Propagation model of smartphone worms based on semi-Markov process and social relationship graph

Smartphone applications are getting more and more popular and pervasive in our daily life, and are also attractive to malware writers due to their limited computing source and vulnerabilities. At the same time, we possess limited understanding of our opponents in cyberspace. In this paper, we investigate the propagation model of SMS/MMS-based worms through integrating semi-Markov process and social relationship graph. In our modeling, we use semi-Markov process to characterize state transition among mobile nodes, and hire social network theory, a missing element in many previous works, to enhance the proposed mobile malware propagation model. In order to evaluate the proposed models, we have developed a specific software, and collected a large scale real-world data for this purpose. The extensive experiments indicate that the proposed models and algorithms are effective and practical. © 2014 Elsevier Ltd. All rights reserved.

Computer hacking and cyber terrorism: The real threats in the new millennium?

As the new millennium approaches, we are living in a society that is increasingly dependent upon information technology. However, whilst technology can deliver a number of benefits, it also introduces new vulnerabilities that can be exploited by persons with the necessary technical skills. Hackers represent a well-known threat in this respect and are responsible for a significant degree of disruption and damage to information systems. However, they are not the only criminal element that has to be taken into consideration. Evidence suggests that technology is increasingly seen as potential tool for terrorist organizations. This is leading to the emergence of a new threat in the form of 'cyber terrorists', who attack technological infrastructures such as the Internet in order to help further their cause. The paper discusses the problems posed by these groups and considers the nature of the responses necessary to preserve the future security of our society.

Interrogating conceptions of “vulnerable youth” in theory, policy and practice

Young people who are considered ‘vulnerable’ or ‘at risk’ are a particular target of various policies, schemes and interventions. But what does vulnerability mean? Interrogating Conceptions of “Vulnerable Youth” explores this question in relation to various policy fields that are relevant to young people, as well for how this plays out in practice and how it is experienced by young people themselves. What makes this book unique is that most authors had the opportunity to jointly explore these issues during a two-day workshop, and their chapters are informed by their cross-agency and cross-discipline discussions, making for a nuanced and thoughtful set of contributions. This collection is highly recommended for researchers and research students in the social sciences, as well as professional staff working in youth policy and youth services, in government departments and in NGOs. “Those who are most vulnerable should receive our greatest moral attention. However, the translation of generalised moral principles into effective policy and programs has never been easy. Political interests have invariably intervened, leading to complex debates about how vulnerability should be defined, classified, measured and represented. In recent years, these debates have become further complicated, as nation-states around the world have preached austerity. This timely book suggests that the responsibility for protecting the vulnerable cannot be left to individuals, but demands collective action, through institutions such as education, health and welfare. It examines some of the ways in which public policies and programs represent those who are vulnerable, involving a range of assumptions about the social, economic and political conditions that produce their vulnerabilities.” From the Foreword by Professor Fazal Rizvi

Steno cipher to provide data confidentiality and tampered data recovery for RFID tag

Radio Frequency Identification (RFID) is an emerging wireless object identification technology with many potential applications such as supply chain management, personnel tracking and healthcare. However, security vulnerabilities of the RFID system have been a serious concern for its wide adoption in many applications. Although much work has been done to provide privacy and anonymity, little focus has been given to ensure RFID data confidentiality, integrity and to address the tampered data recovery problem. To this end, we propose a lightweight stenographic-based approach to ensure RFID data confidentiality and integrity as well as the recovery of tampered RFID data. © 2013 Springer-Verlag Berlin Heidelberg.

Mitigating malicious feedback attacks in trust management systems

In electronic commerce (e-commerce) environment, trust management has been identified as vital component for establishing and maintaining successful relational exchanges between the trading partners. As trust management systems depend on the feedbacks provided by the trading partners, they are fallible to strategic manipulation of the rating attacks. Therefore, in order to improve the reliability of the trust management systems, an approach that addresses feedback-related vulnerabilities is paramount. This paper proposes an approach for identifying and actioning of falsified feedbacks to make trust management systems robust against rating manipulation attacks. The viability of the proposed approach is studied experimentally and the results of various simulation experiments show that the proposed approach can be highly effective in identifying falsified feedbacks.

Adaptive security for software systems

With continuously changing operational and business needs, system security is one of the key system capabilities that need to be updated as well. Most security engineering efforts focus on engineering security requirements of software systems at design time and existing adaptive security engineering efforts require complex design-time preparation. In this chapter we discuss the needs for adaptive software security, and key efforts in this area. We then introduce a new runtime adaptive security engineering approach, which enables adapting software security capabilities at runtime based on new security objectives, risks/threats, requirements as well as newly reported vulnerabilities. We categorize the source of adaptation in terms of manual adaptation (managed by end users), and automated adaption (automatically triggered by the platform). The new platform makes use of new ideas we built for vulnerability analysis, security engineering using aspect-oriented programming, and model-driven engineering techniques.

Privacy preserving social network data publication

The introduction of online social networks (OSN) has transformed the way people connect and interact with each other as well as share information. OSN have led to a tremendous explosion of network-centric data that could be harvested for better understanding of interesting phenomena such as sociological and behavioural aspects of individuals or groups. As a result, online social network service operators are compelled to publish the social network data for use by third party consumers such as researchers and advertisers. As social network data publication is vulnerable to a wide variety of reidentification and disclosure attacks, developing privacy preserving mechanisms are an active research area. This paper presents a comprehensive survey of the recent developments in social networks data publishing privacy risks, attacks, and privacy-preserving techniques. We survey and present various types of privacy attacks and information exploited by adversaries to perpetrate privacy attacks on anonymized social network data. We present an in-depth survey of the state-of-the-art privacy preserving techniques for social network data publishing, metrics for quantifying the anonymity level provided, and information loss as well as challenges and new research directions. The survey helps readers understand the threats, various privacy preserving mechanisms, and their vulnerabilities to privacy breach attacks in social network data publishing as well as observe common themes and future directions.

Developing an approach to assess the influence of integrating disaster risk reduction practices into infrastructure reconstruction on socio-economic development

Purpose: Disasters provide physical, social, economic, political and environmental development windows of opportunity particularly through housing and infrastructure reconstruction. The reconstruction process should not be neglected due to the opportunistic nature of facilitating innovation in development. In this respect, post-disaster "infrastructure" reconstruction plays a critical role in development discourse and is often essential to sustain recovery after major disasters. However, reconstruction following a natural disaster is a complicated problem involving social, economic, cultural, environmental, psychological, and technological aspects. There are significant development benefits of well-developed "Disaster Risk Reduction (DRR) Strategies" and, for many reasons, the concept of DRR can be more easily promoted following a disaster. In this respect, a research study was conducted to investigate the effects of integrating DRR strategies into infrastructure reconstruction on enhancing the socio-economic development process from a qualitative stance. The purpose of this paper is to document part of this research study; it proposes an approach that can be used to assess the influence of the application of the DRR concept into infrastructure reconstruction on socio-economic development. Design/methodology/approach: The research methodology included a critical literature review. Findings: This paper suggests that the best way to assess the influence of integrating DRR strategies practices into infrastructure reconstruction on socio-economic development is to assess the level of impact that DRR strategies has on overcoming various factors that form vulnerabilities. Having assessed this, the next step is to assess the influence of overcoming the factors that form vulnerabilities on achieving performance targets of socio-economic development. Originality/value: This paper primarily presents a framework for the concept of socio-economic development and a modelled classification of DRR practices.

On the race of worms and patches: modeling the spread of information in wireless sensor networks

Sensor networks are a branch of distributed ad hoc networks with a broad range of applications in surveillance and environment monitoring. In these networks, message exchanges are carried out in a multi-hop manner. Due to resource constraints, security professionals often use lightweight protocols, which do not provide adequate security. Even in the absence of constraints, designing a foolproof set of protocols and codes is almost impossible. This leaves the door open to the worms that take advantage of the vulnerabilities to propagate via exploiting the multi-hop message exchange mechanism. This issue has drawn the attention of security researchers recently. In this paper, we investigate the propagation pattern of information in wireless sensor networks based on an extended theory of epidemiology. We develop a geographical susceptible-infective model for this purpose and analytically derive the dynamics of information propagation. Compared with the previous models, ours is more realistic and is distinguished by two key factors that had been neglected before: 1) the proposed model does not purely rely on epidemic theory but rather binds it with geometrical and spatial constraints of real-world sensor networks and 2) it extends to also model the spread dynamics of conflicting information (e.g., a worm and its patch). We do extensive simulations to show the accuracy of our model and compare it with the previous ones. The findings show the common intuition that the infection source is the best location to start patching from, which is not necessarily right. We show that this depends on many factors, including the time it takes for the patch to be developed, worm/patch characteristics as well as the shape of the network.

Impact of integrating disaster risk reduction philosophies into infrastructure reconstruction projects in Sri Lanka

Major impacts on infrastructures due to natural and man-made hazards could result in secondary and additional impacts, compounding the problem for those communities already affected by the hazard. Integration of disaster risk reduction (DRR) philosophies into infrastructure projects has been an important solution to mitigate and prevent such disaster risks, as well as for a speedy recovery after disasters. Vulnerability reduction is defined by the research community as an enabler which facilitates the process of DRR. However, there is a research need to identify the most beneficial DRR strategies that would result in vulnerability reduction in an effective way. As part of this main aim, this paper seeks to explore the nature of various vulnerabilities within infrastructure reconstruction projects and their respective communities and to evaluate the DRR practises within these projects. Finally the paper attempts to map the effects of integration of DRR into infrastructure reconstruction on vulnerability reduction of infrastructure reconstruction projects and the communities which benefited from such projects. This study adopts the case study approach and the paper is entirely based on data collated from semi-structured interviews and a questionnaire survey conducted within one case study (a water supply and sanitation reconstruction project) in Sri Lanka and expert interviews conducted in Sri Lanka and the United Kingdom. Results reveal that emergency preparedness strategies are the most important group of DRR strategies, while physical/technical strategies are also very important. However, none of the emergency preparedness strategies are satisfactorily implemented, while most of the physical/technical strategies are adequately implemented.