Ethical issues for internet use policy : balancing employer and employee perspectives

An organisational internet use policy (IUP) is a recognised deterrent to manage insider internet misuse. However, IUPs have proven ineffective against this threat, perhaps because of their neglect of the ethical issues involved. An important part of setting an IUP involves the resolution of key ethical dilemmas when employer and employee perspectives conflict. This paper explores the ethical issues that must be addressed when developing an organisational IUP. It draws on a conceptual analysis and an interpretive study of five medium-size and large organisations in Australia and North America. The paper provides a set of key ethical issues for an IUP and compares and contrasts the employer and employee perspectives. It highlights the need to balance the employer and employee perspectives when setting an IUP. Other implications for theory and practice are discussed.

Virtual world security inspection : a software inspection process carried out on popular virtual world environments

 Virtual property theft is a serious problem that exists in virtual worlds. Legitimate users of these worlds invest considerable amounts of time, effort and real-world money into obtaining virtual property, but unfortunately, are becoming victims of theft in high numbers. It is reported that there are over 1 billion registered users of virtual worlds containing virtual property items worth an estimated US$50 billion dollars. The problem of virtual property theft is complex, involving many legal, social and technological issues. The software used to access virtual worlds is of great importance as they form the primary interface to these worlds and as such the primary interface to conduct virtual property theft. The security vulnerabilities of virtual world applications have not, to date, been examined. This study aims to use the process of software inspection to discover security vulnerabilities that may exist within virtual world software – vulnerabilities that enable virtual property theft to occur. Analyzing three well know virtual world applications World of Warcraft, Guild Wars and Entropia Universe, this research utilized security analysis tools and scenario testing with focus on authentication, trading, intruder detection and virtual property recovery. It was discovered that all three examples were susceptible to keylogging, mail and direct trade methods were the most likely method for transferring stolen items, intrusion detection is of critical concern to all VWEs tested, stolen items were unable to be recovered in all cases and lastly occurrences of theft were undetectable in all cases. The results gained in this study present the key problem areas which need to be addressed to improve security and reduce the occurrence of virtual property theft.

Virtual world security inspection

Virtual property theft is a serious problem that exists in virtual worlds. Legitimate users of these worlds invest considerable amounts of time, effort and real-world money into obtaining virtual property, but unfortunately, are becoming victims of theft in high numbers. It is reported that there are over 1 billion registered users of virtual worlds containing virtual property items worth an estimated US$50 billion dollars. The problem of virtual property theft is complex, involving many legal, social and technological issues. The software used to access virtual worlds is of great importance as they form the primary interface to these worlds and as such the primary interface to conduct virtual property theft. The security vulnerabilities of virtual world applications have not, to date, been examined. This study aims to use the process of software inspection to discover security vulnerabilities that may exist within virtual world software – vulnerabilities that enable virtual property theft to occur. Analyzing three well know virtual world applications World of Warcraft, Guild Wars and Entropia Universe, this research utilized security analysis tools and scenario testing with focus on authentication, trading, intruder detection and virtual property recovery. It was discovered that all three examples were susceptible to keylogging, mail and direct trade methods were the most likely method for transferring stolen items, intrusion detection is of critical concern to all VWEs tested, stolen items were unable to be recovered in all cases and lastly occurrences of theft were undetectable in all cases. The results gained in this study present the key problem areas which need to be addressed to improve security and reduce the occurrence of virtual property theft.

Attack vectors against social networking systems : the Facebook example

Social networking systems (SNS’s) such as Facebook are an ever evolving and developing means of social interaction, which is not only being used to disseminate information to family, friends and colleagues but as a way of meeting and interacting with "strangers" through the advent of a large number of social applications. The attractiveness of such software has meant a dramatic increase in the number of frequent users of SNS’s and the threats which were once common to the Internet have now been magnified, intensified and altered as the potential for criminal behaviour on SNS’s increases. Social networking sites including Facebook contain a vast amount of personal information, that if obtained could be used for other purposes or to carry out other crimes such as identity theft. This paper will focus on the security threats posed to social networking sites and gain an understanding of these risks by using a security approach known as “attack trees”. This will allow for a greater understanding of the complexity associated with protecting Social Networking systems with a particular focus on Facebook.

Smartphone malware based on synchronisation vulnerabilities

Smartphones are mobile phones that offer processing power and features like personal computers (PC) with the aim of improving user productivity as they allow users to access and manipulate data over networks and Internet, through various mobile applications. However, with such anywhere and anytime functionality, new security threats and risks of sensitive and personal data are envisaged to evolve. With the emergence of open mobile platforms that enable mobile users to install applications on their own, it opens up new avenues for propagating malware among various mobile users very quickly. In particular, they become crossover targets of PC malware through the synchronization function between smartphones and computers. Literature lacks detailed analysis of smartphones malware and synchronization vulnerabilities. This paper addresses these gaps in literature, by first identifying the similarities and differences between smartphone malware and PC malware, and then by investigating how hackers exploit synchronization vulnerabilities to launch their attacks.

Network and traffic engineering in emerging distributed computing applications

This book focuses on network management and traffic engineering for Internet and distributed computing technologies, as well as present emerging technology trends and advanced platform

Zero permission android applications - attacks and defenses

Google advertises the Android permission framework as one of the core security features present on its innovative and flexible mobile platform. The permissions are a means to control access to restricted AP/s and system resources. However, there are Android applications which do not request permissions at all.In this paper, we analyze the repercussions of installing an Android application that does not include any permission and the types of sensitive information that can be accessed by such an application. We found that even app/icaaons with no permissions are able to access sensitive information (such the device ID) and transmit it to third-parties.

More rapid and severe disease outbreaks for aquaculture at the tropics : implications for food security

1. Aquaculture is replacing capture fisheries in supplying the world with dietary protein. Although disease is a major threat to aquaculture production, the underlying global epidemiological patterns are unknown. 2. We analysed disease outbreak severity across different latitudes in a diverse range of aquaculture systems. 3. Disease at lower latitudes progresses more rapidly and results in higher cumulative mortality, in particular at early stages of development and in shellfish. 4. Tropical countries suffer proportionally greater losses in aquaculture during disease outbreaks and have less time to mitigate losses. 5. Synthesis and applications. Disease can present a major problem for food production and security in equatorial regions where fish and shellfish provide a major source of dietary protein. As the incidences of some infectious diseases may increase with climate change, adaptation strategies must consider global patterns in disease vulnerability of aquaculture and develop options to minimize impacts on food production.

Internet traffic classification by aggregating correlated naive bayes predictions

This paper presents a novel traffic classification scheme to improve classification performance when few training data arc available. In the proposed scheme, traffic flows are described using the discretized statistical features and flow correlation information is modeled by bag-of-flow (BoF). We solve the BoF-based traffic classification in a classifier combination framework and theoretically analyze the performance benefit. Furthermore, a new BoF-based traffic classification method is proposed to aggregate the naive Bayes (NB) predictions of the correlated flows. We also present an analysis on prediction error sensitivity of the aggregation strategies. Finally, a large number of experiments are carried out on two large-scale real-world traffic datasets to evaluate the proposed scheme. The experimental results show that the proposed scheme can achieve much better classification performance than existing state-of-the-art traffic classification methods.

Biosensors, types and applications

Biosensor has rapidly become essential analytical tools, since they offer higher performance in terms of sensitivity and selectively than any other currently available diagnostic device. The development of biosensor technology represents a crucial task for environmental pollution management, there is a considerable need to project and realize biosensors with the best features for commercialization, such as selectivity, sensitivity, stability, reproducibility and low cost. With appropriate progress testing and commercialization, biosensors will have an important impact on environmental monitoring, reducing costs and increasing the efficiency of certain applications. The same multiple approach might be used for development of biosensor platforms suitable for use in fields as diverse as environmental and agrifood to industry, research security and defence, medical and clinical. This review paper focussed on the various types of biosensors and applications in environmental monitoring.

Guest editors' introduction : Special issue on trust, security, and privacy in parallel and distributed systems

In modern computing paradigms, most computing systems, e.g., cluster computing, grid computing, cloud computing, the Internet, telecommunication networks, Cyber- Physical Systems (CPS), and Machine-to-Machine communication networks (M2M), are parallel and distributed systems. While providing improved expandability, manageability, efficiency, and reliability, parallel and distributed systems increase their security weaknesses to an unprecedented scale. As the system devices are widely connected, their vulnerabilities are shared by the entire system. Because tasks are allocated to, and information is exchanged among the system devices that may belong to different users, trust, security, and privacy issues have yet to be resolved. This special issue of the IEEE Transactions on Parallel and Distributed Systems (TPDS) highlights recent advances in trust, security, and privacy for emerging parallel and distributed systems. This special issue was initiated by Dr. Xu Li, Dr. Patrick McDaniel, Dr. Radha Poovendran, and Dr. Guojun Wang. Due to a large number of submissions, Dr. Zhenfu Cao, Dr. Keqiu Li, and Dr. Yang Xiang were later invited to the editorial team. Dr. Xu Li was responsible for coordinating the paper review process. In response to the call for papers, we received 150 effective submissions, out of which 24 are included in this special issue after rigorous review and careful revision, presenting an acceptance ratio of 16 percent. The accepted papers are divided into three groups, covering issues related to trust, security, and privacy, respectively.

Are individuals more accepting of the internet than mobile phone apps being used in clinical practice?

Background: New technology such as the internet and mobile phone applications (“apps”) are increasingly being used in clinical practice. However, little is known in regards to individual’s attitudes towards medical professionals using the internet and apps in the context of their own medical care. The aim of the present study was to examine and compare individual’s attitudes towards the use of medically related internet sites and apps in clinical practice. 

Healthcare professionals’ use of mobile phones and the internet in clinical practice

Background: Over the last few years mobile phone applications have been designed for healthcare professionals. However, little is known in regards to healthcare professionals’ use of and attitudes towards using smartphones (and applications) within clinical practice. Thus the aims of the present study were to enumerate the number of healthcare professionals that use mobile phones within clinical practice and their attitudes towards using them. Furthermore, given that the internet preceded smartphones, we also established healthcare professionals’ attitudes towards internet use in clinical practice as a comparison.

Method: Forty-three healthcare professionals from a range of disciplines and specialities who were predominantly working in Australia completed an anonymous online survey.