17 resultados para security threat
em Deakin Research Online - Australia
Resumo:
Understanding and managing information infrastructure (II) security risks is a priority to most organizations dealing with information technology and information warfare (IW) scenarios today (Libicki, 2000). Traditional security risk analysis (SRA) was well suited to these tasks within the paradigm of computer security, where the focus was on securing tangible items such as computing and communications equipment (NCS,1996; Cramer, 1998). With the growth of information interchange and reliance on information infrastructure, the ability to understand where vulnerabilities lie within an organization, regardless of size, has become extremely difficult (NIPC, 1996). To place a value on the information that is owned and used by an organization is virtually an impossible task. The suitability of risk analysis to assist in managing IW and information infrastructure-related security risks is unqualified, however studies have been undertaken to build frameworks and methodologies for modeling information warfare attacks (Molander, Riddile, & Wilson, 1996; Johnson, 1997; Hutchinson & Warren, 2001) which will assist greatly in applying risk analysis concepts and methodologies to the burgeoning information technology security paradigm, information warfare.
Resumo:
Many organizations still rely on deterrence to control insider threats and on purely preventive strategies to control outsider threats. Such a simple approach to organizational information security is no longer viable given the increasing operational sophistication of current security threat agents and the complexity of information technology infrastructure. Effective implementation of security requires organizations to select a combination of strategies that work in tandem and best suits their security situation. This paper addresses the identification and classification of factors that influence implementation of security strategies in organizations. In this paper, we develop a preliminary architecture that aims to assist organizations in deciding how strategies can be designed to complement each other to improve the cost-effectiveness of security.
Resumo:
A number of privacy-enhancing technologies (PETs) have been proposed in the last three decades offering unconditional communication anonymity to their users. Unconditional anonymity can, however, be a security threat because it allows users to employ a PET in order to act maliciously while hiding their identity. In the last few years, several technologies which revoke the identity of users who use PETs have been proposed. These are known as anonymity revocation technologies (ARTs). However, the construction of ARTs has been developed in an ad hoc manner without a theoretical basis outlining the goals and underlying principles. In this chapter we present a set of fundamental principles and requirements for construction of an ART, identifying the necessary features. We then propose an abstract scheme for construction of an ART based on these features.
Resumo:
Distributed denial-of-service (DDoS) attacks typically exhaust bandwidth, processing capacity, or memory of a targeted machine, service or network. Despite enormous efforts in combating DDoS attacks in the past decade, DDoS attacks are still a serious threat to the security of cyberspace. In this talk I shall outline the recent efforts of my research group in detection of and defence against DDoS attacks. In particular, this talk will concentrate on the following three critical issues related to DDoS attacks: (1) Traceback of DDoS attacks; (2) Detection of low-rate DDoS attacks; and (3) Discriminating DDoS attacks from flash crowds.
Resumo:
Social network worms, such as email worms and facebook worms, pose a critical security threat to the Internet. Modeling their propagation dynamics is essential to predict their potential damages and develop countermeasures. Although several analytical models have been proposed for modeling propagation dynamics of social network worms, there are two critical problems unsolved: temporal dynamics and spatial dependence. First, previous models have not taken into account the different time periods of Internet users checking emails or social messages, namely, temporal dynamics. Second, the problem of spatial dependence results from the improper assumption that the states of neighboring nodes are independent. These two problems seriously affect the accuracy of the previous analytical models. To address these two problems, we propose a novel analytical model. This model implements a spatial-temporal synchronization process, which is able to capture the temporal dynamics. Additionally, we find the essence of spatial dependence is the spreading cycles. By eliminating the effect of these cycles, our model overcomes the computational challenge of spatial dependence and provides a stronger approximation to the propagation dynamics. To evaluate our susceptible-infectious-immunized (SII) model, we conduct both theoretical analysis and extensive simulations. Compared with previous epidemic models and the spatial-temporal model, the experimental results show our SII model achieves a greater accuracy. We also compare our model with the susceptible-infectious-susceptible and susceptible-infectious- recovered models. The results show that our model is more suitable for modeling the propagation of social network worms.
Resumo:
While SQL injection attacks have been plaguing web application systems for years, the possibility of them affecting RFID systems was only identified very recently. However, very little work exists to mitigate this serious security threat to RFID-enabled enterprise systems. In this paper, we propose a policy-based SQLIA detection and prevention method for RFID systems. The proposed technique creates data validation and sanitization policies during content analysis and enforces those policies during runtime monitoring. We tested all possible types of dynamic queries that may be generated in RFID systems with all possible types of attacks that can be mounted on those systems. We present an analysis and evaluation of the proposed approach to demonstrate the effectiveness of the proposed approach in mitigating SQLIA.
Resumo:
The continuing erosion of civil liberties in Western democracies, and in particular Australia, as a response to the threat of terrorist attack - the position taken that laws eroding civil liberties will ultimately fail in its attempt to combat terrorist activity while adding to human insecurity and violence - counter-terrorism measures resulting in the militarisation of law enforcement and provoking terrorism - linking counter-terrorism with globalisation.
Resumo:
The importance of effective multilateral security networks is widely recognised in Australia and internationally as being essential to facilitate the large-scale sharing of information required to respond to the threat of terrorism. Australian national security agencies are currently constructing networks in order to bring the diverse national and international security agencies together to achieve this. This paper examines this process of security network formation in the area of critical infrastructure protection, with particular emphasis on airport security. We address the key issues and factors shaping network formation and the dynamics involved in network practice. These include the need for the networks to extend membership beyond the strictly defined elements of national security; the integration of public and private ‘nodes’ in counter-terrorism ‘networks’; and the broader ‘responsibilisation’ of the private sector and the challenges with ‘enabling’ them in counter-terrorism networks. We argue that the need to integrate public and private agencies in counter-terrorism networks is necessary but faces considerable organisational, cultural, and legal barriers.
Resumo:
The variety of threats and vulnerabilities within the online business environment are dynamic and thus constantly changing in how they impinge upon online functionality, compromise organizational or customer information, contravene security implementations and thereby undermine online customer confidence. To nullify such threats, online security management must become proactive, by reviewing and continuously improving online security to strengthen the enterpriseis online security measures and policies, as modelled. The benchmarking process utilises a proposed benchmarking framework to guide both the development and application of security benchmarks created in the first instance, from recognized information technology (IT) and information security standards (ISS) and then their application to the online security measures and policies utilized within online business. Furthermore, the benchmarking framework incorporates a continuous improvement review process to address the relevance of benchmark development over time and the changes in threat focus.
Resumo:
Argues that the "China threat" argument in mainstream international relations literature in the United States is derived, primarily, from a discursive construction of otherness. Construction which is predicated on a particular narcissistic understanding of the U.S. self and on a positivist-based realism, concerned with absolute certainty and security; Concern which is central to the dominant U.S. self-imagery.
Resumo:
"Since the end of the Cold War, one of the most significant debates in international relations has been the question of whether the rise of China as a major economic, political and military power will be a force for stability or instability in the international system and the East Asian region. Forceful arguments have been put forward on both sides."
"This book examines perceptions of the 'China Threat', and governments' policies in response to the perceived threat in a wide range of countries, including the United States, Russia, Europe, Japan, South Asia, South-East Asia and the Middle East, as well as the perceptions of the Chinese themselves. For each country current security concerns and policies, especially the policy of engagement, are examined in detail, and future prospects for relations with China are assessed. As the Bush administration in Washington increasingly focuses on China as a 'strategic competitor' and Sino-US-relations become increasingly tense, the 'China Threat' issue has come to dominate the security agenda in the Asia-Pacific region, and now poses the biggest foreign policy challenge of the twenty-first century."
Resumo:
The Australian Unity Wellbeing Index monitors the subjective wellbeing of the Australian population. Our first survey was conducted in April 2001 and this report concerns the 15th survey, undertaken in May 2006. Our previous survey had been conducted seven months earlier in October 2005. This intervening period contained a number of significant events. The first Australian terrorist threat was marked by the arrest of people in Sydney and Melbourne alleged to be plotting an attack. In December rioting took place in Sydney between Muslim and non-Muslim youths, but whether this was due more to religious differences or a ‘turf-war’ is unclear. Then, in May 2005, the new Industrial Relations legislation came into force. Each survey involves a telephone interview with a new sample of 2,000 Australians, selected to represent the national population geographic distribution. These surveys comprise the Personal Wellbeing Index, which measures people’s satisfaction with their own lives, and the National Wellbeing Index, which measures how satisfied people are with life in Australia. Other items include a standard set of demographic questions and other survey-specific questions. The specific topic for Survey 15 is the extent to which people feel that their source of income is secure.
Resumo:
The vision of volunteer computing is to provide large scale computational infrastructure by using dynamic collections of donated desktop computers. There have been many works that highlighted the significant benefits of volunteer computing but little on the security and privacy threats associated with its exploitation. However, volunteer computing is vulnerable to a variety of attacks and presents numerous significant security threats to the stakeholders. This paper presents security and privacy threat taxonomy along with the security features developed to cope with such threats.
Resumo:
he prominence of global warming as an environmental issue has illustrated the close relationship between natural resources, ecosystems and global security. Whilst environmental decision making often uses techniques such as economic valuation and risk management, the security component is often not considered, at least not from a security analyst’s perspective. Yet environmental security considerations can be global, regional and/or national in impact. Environmental change and policy can effect human health and well being as well as initiating conflict; it can affect the existence of life itself. These aspects are firmly in the domain of the security discipline although the protection of the global ecosystem has not traditionally been considered by those who create security policy. The idea of environmental/ecological security ranges from the eco-centric approach which examines the impact of human activities that impact on the security of the natural systems to the more traditional anthropocentric perspectives that look at varied issues such as conflict caused by natural resource competition and environmental degradation, and the greening of military operations. This paper will assert that the inclusion of the security factor in policy creation and environmental assessments is essential to give richer solutions to these complex socio-economic and ecological situations. Systems theory over the last few decades has emphasised the inclusion of as many perspectives on messy problems as possible to provide truly systemic outcomes. It is posited that the addition of such concepts as threat analyses will produce more effective and sustainable outcomes.
