Adaptive security for software systems

With continuously changing operational and business needs, system security is one of the key system capabilities that need to be updated as well. Most security engineering efforts focus on engineering security requirements of software systems at design time and existing adaptive security engineering efforts require complex design-time preparation. In this chapter we discuss the needs for adaptive software security, and key efforts in this area. We then introduce a new runtime adaptive security engineering approach, which enables adapting software security capabilities at runtime based on new security objectives, risks/threats, requirements as well as newly reported vulnerabilities. We categorize the source of adaptation in terms of manual adaptation (managed by end users), and automated adaption (automatically triggered by the platform). The new platform makes use of new ideas we built for vulnerability analysis, security engineering using aspect-oriented programming, and model-driven engineering techniques.

Committing to quality learning through adaptive online assessment

With advances in computer-based technologies and the emergence of e-learning, there are unprecedented opportunities to reconsider assessment of learning (and, axiomatically, of teaching) and how this can be undertaken. One approach is adaptive assessment. Although it has existed in the tertiary environment since the time of the oral examination, advanced technologies allow much fuller exploitation of the possibilities inherent in a dynamic system of testing that responds to the user. Having described the characteristics of adaptive assessment, this paper considers how it can achieve significant pedagogical aims within the sector. The paper differentiates between adaptive assessment to assist learning and adaptive assessment to assess achievement. How adaptive assessment can be put in place and salient issues, such as security and system integrity, when such assessment is used for credit, are then discussed. The paper concludes that the capability exists but it has yet to be exploited within higher education as a viable approach to assessment and as a contributor to quality learning.

A conceptual approach to information warfare : security risk analysis

With information warfare (IW) becoming a reality, the need for a new security methodology to deal with the new and unique attack threats and vulnerabilities associated with the new information technology security paradigm. With the shift from computer security to information warfare, logical transformation models (LTMS) were looked at as a solution to quantifying information system requirements. The paper will introduce the concepts involved with fourth generational models and it's application to IW. The basic advantages and disadvantages will also be discussed and presented.

A security evaluation criteria for baseline security standards

Recent advances in technology and new software applications are steadily transforming human civilization into what is called the Information Society. This is manifested by the new terminology appearing in our daily activities. E-Business, E-Government, E-Learning, E-Contracting, and E-Voting are just a few of the ever-growing list of new terms that are shaping the Information Society. Nonetheless, as "Information" gains more prominence in our society, the task of securing it against all forms of threats becomes a vital and crucial undertaking. Addressing the various security issues confronting our new Information Society, this volume is divided into 13 parts covering the following topics: Information Security Management; Standards of Information Security; Threats and Attacks to Information; Education and Curriculum for Information Security; Social and Ethical Aspects of Information Security; Information Security Services; Multilateral Security; Applications of Information Security; Infrastructure for Information Security Advanced Topics in Security; Legislation for Information Security; Modeling and Analysis for Information Security; Tools for Information Security. Security in the Information Society: Visions and Perspectives comprises the proceedings of the 17th International Conference on Information Security (SEC2002), which was sponsored by the International Federation for Information Processing (IFIP), and jointly organized by IFIP Technical Committee 11 and the Department of Electronics and Electrical Communications of Cairo University. The conference was held in May 2002 in Cairo, Egypt. This volume is essential reading for scholars, researchers, and practitioners interested inkeeping pace with the ever-growing field of Information Security.

E-business security strategies for SMEs

The major barriers to the Implementation of electronic commerce by businesses globally arc well understood. These comprise security and pnvacy issues, the lack of established regulations governing commercial behaviour and liability, and the lack of universally accepted standards. In this article. we focus on the security concerns of Australian SMEs. Medium, and especially small, enterprises are hindered in the implementation of communications security technology by a lack of expertize and a poor understandmg of the services and resources available to them. As a response to this situation, we examme the facilities avallable to Australian SMEs which help them to make reasonable e- secunty decisions as part of an overall e-busmess strategy. We demonstrate that there are sufficient resources at appropnate levels of availability to enable small and medium Australian enterprises to implement communicatlons security effectively.

Adaptive communal detection in search of adversarial identity crime

This paper is on adaptive real-time searching of credit application data streams for identity crime with many search parameters. Specifically, we concentrated on handling our domain-specific adversarial activity problem with the adaptive Communal Analysis Suspicion Scoring (CASS) algorithm. CASS's main novel theoretical contribution is in the formulation of State-of- Alert (SoA) which sets the condition of reduced, same, or heightened watchfulness; and Parameter-of-Change (PoC) which improves detection ability with pre-defined parameter values for each SoA. With pre-configured SoA policy and PoC strategy, CASS determines when, what, and how much to adapt its search parameters to ongoing adversarial activity. The above approach is validated with three sets of experiments, where each experiment is conducted on several million real credit applications and measured with three appropriate performance metrics. Significant improvements are achieved over previous work, with the discovery of some practical insights of adaptivity into our domain.

Self-adaptive clock synchronisation based on clock precision difference

This paper presents an innovative strategy to synchronize all virtual clocks in asynchronous Internet environments. Our model is based on the architecture of one reference clock and many slave clocks communicating with each other over the Internet. The paper makes three major contributions to this research area. Firstly, one-way information transmission is applied to reduce traffic overhead on the Internet for the purpose of clock synchronization. Secondly, the slave nodes use local virtual time and the arrival timestamp, from the reference node, to create linear mathematical trend models and to retrieve the clock precision differences between reference clock and slave clocks. Finally, a fault-tolerant and self-adaptive model executed by each slave node based on the above linear trend model is created in order to ensure that the virtual clock is running normally, even when the link between the reference node and this slave node has crashed. We also present detailed simulations of this strategy and mathematical analysis on real Internet environments.

Supply chain security: the need for continuous assessment

Ease of Internet accessibility has offered business the opportunity to incorporate this electronic infrastructure technology into establishing electronic-based supply chains. With the improved efficiency that this brings to the management and functionality of the supply chain, there are also security considerations that should be taken into account for protecting the integrity of the electronic supply chain, not only within each business node, but also across the entire supply chain. Such security vulnerabilities can be negated with the implementation of security measures and policies, however these need to be consistent throughout the supply chain and regularly assessed against security benchmarks in order to ensure they meet dequate security standards.

Security as an element in environmental assessment and decision making

he prominence of global warming as an environmental issue has illustrated the close relationship between natural resources, ecosystems and global security. Whilst environmental decision making often uses techniques such as economic valuation and risk management, the security component is often not considered, at least not from a security analyst’s perspective. Yet environmental security considerations can be global, regional and/or national in impact. Environmental change and policy can effect human health and well being as well as initiating conflict; it can affect the existence of life itself. These aspects are firmly in the domain of the security discipline although the protection of the global ecosystem has not traditionally been considered by those who create security policy. The idea of environmental/ecological security ranges from the eco-centric approach which examines the impact of human activities that impact on the security of the natural systems to the more traditional anthropocentric perspectives that look at varied issues such as conflict caused by natural resource competition and environmental degradation, and the greening of military operations. This paper will assert that the inclusion of the security factor in policy creation and environmental assessments is essential to give richer solutions to these complex socio-economic and ecological situations. Systems theory over the last few decades has emphasised the inclusion of as many perspectives on messy problems as possible to provide truly systemic outcomes. It is posited that the addition of such concepts as threat analyses will produce more effective and sustainable outcomes.

ID scanners in the night time economy

ID scanners are quickly emerging as a new technological fix to long-standing problems of security and safety within licensed venues. Yet at this point in time detailed research of this rapidly expanding security technology is remarkably limited. To address this analytical deficit we are currently examining the uptake of ID scanners in licensed venues operating in the night-time economy. We have found significant interest in the implementation of ID scanners in other Australian cities. However, the introduction of ID scanners in late-night licensed venues has occurred with little public awareness, no policy consideration and questionable claims concerning their effectiveness in enhancing safety and reducing crime. This article explores the factors shaping the introduction of ID scanners and the underlying beliefs concerning their utility as a crime prevention technology. The article then considers some broader implications to be explored in future analyses.

Editorial : advances in network and system security

Current parallel and distributed networks/systems are facing serious threats from network terrorism and crime, which cause huge financial loss and potential life hazard. As attacking tools are becoming more widely available, more easy-to-use, more sophisticated, and more powerful, more efforts have been made in building more effective, more intelligent, and more adaptive defense systems which are of distributed and networked nature. This special issue focuses on issues related to Network and System Security, such as authentication, access control, availability, integrity, privacy, confidentiality, dependability and sustainability of computer networks and systems.

ID scanning, the media and the politics of urban surveillance in an Australian regional city

Computerised ID scanning technologies have permeated many urban night-time economies in Australia, the United States, Canada and the United Kingdom. This paper documents how one media organisation’s overt and tacit approval of ID scanners helped to normalise this form of surveillance as a precondition of entry into most licensed venues in the Australian city of Geelong. After outlining how processes of governance “from above” and “from below” interweave to generate distinct political and media demands for strategies to prevent localised crime problems, a chronological reconstruction of media reports over a three-and-a half year period demonstrates how ID scanning became the centrepiece of a holistic reform strategy to combat alcohol-related violence in this nightclub precinct. Several discursive techniques helped to normalise this “technological fix”, while suppressing critical discussion of viable concerns over information privacy, data security and system networking. These
included pairing reports of an initial “signal crime” with examples of “virtual victimhood” to stress the urgency of a radical surveillance-based response, which was supported by anecdotal statements from key “primary definers” highlighting the success of this initiative in targeting a wider population of antisocial “others”. The implications of these reporting practices are discussed in light of the media’s central role in reforming the Geelong night-time economy and broader trends in using novel surveillance technologies to combat urban crime problems at the expense of alternative measures that protect individual liberty.

ID scanners in the night-time economy: Social sorting or social order?

Digital technologies are often considered effective methods of deterring or preventing crime. New forms of surveillance have particular appeal when attempting to reduce violence in the night-time economy, given ongoing concerns over perceived increases in the frequency and severity of reported assaults. This study examines the rationales for adopting compulsory patron ID scanning as a key method of reducing violence in and around licensed venues in the Victorian regional city of Geelong. Using a mixed methods approach, this paper challenges the popular perception that ID scanning has helped to reduce violence Geelong’s night-time economy. Further, the research identifies several limits in the administration of this technology that potentially undermine patron safety in the night-time economy. The authors conclude by proposing a series of reforms to address current regulatory gaps associated with ID scanning and related surveillance and identity authentication technologies to prevent crime.

ID scanners and uberveillance in the night-time economy: crime prevention or invasion of privacy?

ID scanners are promoted as an effective solution to the problems of anti-social behavior and violence in many urban nighttime economies. However, the acceptance of this and other forms of computerized surveillance to prevent crime and anti-social behavior is based on several unproven assumptions. After outlining what ID scanners are and how they are becoming a normalized precondition of entry into one Australian nighttime economy, this chapter demonstrates how technology is commonly viewed as the key to preventing crime despite recognition of various problems associated with its adoption. The implications of technological determinism amongst policy makers, police, and crime prevention theories are then critically assessed in light of several issues that key informants talking about the value of ID scanners fail to mention when applauding their success. Notably, the broad, ill-defined, and confused notion of “privacy” is analyzed as a questionable legal remedy for the growing problems of überveillance.