An extensible simulation framework for critical infrastructure security

We introduce the Network Security Simulator (NeSSi2), an open source discrete event-based network simulator. It incorporates a variety of features relevant to network security distinguishing it from general-purpose network simulators. Compared to the predecessor NeSSi, it was extended with a three-tier plugin architecture and a generic network model to shift its focus towards simulation framework for critical infrastructures. We demonstrate the gained adaptability by different use cases

Kerberos based security system for session initiation protocol

Session Initiation Protocol (SIP) is developed to provide advanced voice services over IP networks. SIP unites telephony and data world, permitting telephone calls to be transmitted over Intranets and Internet. Increase in network performance and new mechanisms for guaranteed quality of service encourage this consolidation to provide toll cost savings. Security comes up as one of the most important issues when voice communication and critical voice applications are considered. Not only the security methods provided by traditional telephony systems, but also additional methods are required to overcome security risks introduced by the public IP networks. SIP considers security problems of such a consolidation and provides a security framework. There are several security methods defined within SIP specifications and extensions. But, suggested methods can not solve all the security problems of SIP systems with various system requirements. In this thesis, a Kerberos based solution is proposed for SIP security problems, including SIP authentication and privacy. The proposed solution tries to establish flexible and scalable SIP system that will provide desired level of security for voice communications and critical telephony applications.

Militarism and International Relations : Political economy, security, theory, edited by Anna Stavrianakis and Jan Selby, Abingdon, Routledge, 2012, 212 pp., £80.00 (hardback), ISBN 978-0-415-61491-7

An engaging narrative is maintained throughout this edited collection of articles that address the issue of militarism in international relations. The book seamlessly integrates historical and contemporary perspectives on militarism with theory and relevant international case studies, resulting in a very informative read. The work is comprised of three parts. Part 1 deals with the theorisation of militarism and includes chapters by Anna Stavrianakis and Jan Selby, Martin Shaw, Simon Dalby, and Nicola Short. It covers a range of topics relating to historical and contemporary theories of militarism, geopolitical threat construction, political economy, and the US military’s ‘cultural turn’.

Usability and security of gaze-based graphical grid passwords

We present and analyze several gaze-based graphical password schemes based on recall and cued-recall of grid points; eye-trackers are used to record user's gazes, which can prevent shoulder-surfing and may be suitable for users with disabilities. Our 22-subject study observes that success rate and entry time for the grid-based schemes we consider are comparable to other gaze-based graphical password schemes. We propose the first password security metrics suitable for analysis of graphical grid passwords and provide an in-depth security analysis of user-generated passwords from our study, observing that, on several metrics, user-generated graphical grid passwords are substantially weaker than uniformly random passwords, despite our attempts at designing schemes to improve quality of user-generated passwords.

A proposed Australian industrial control system security curriculum

The security of industrial control systems in critical infrastructure is a concern for the Australian government and other nations. There is a need to provide local Australian training and education for both control system engineers and information technology professionals. This paper proposes a postgraduate curriculum of four courses to provide knowledge and skills to protect critical infrastructure industrial control systems. Our curriculum is unique in that it provides security awareness but also the advanced skills required for security specialists in this area. We are aware that in the Australian context there is a cultural gap between the thinking of control system engineers who are responsible for maintaining and designing critical infrastructure and information technology professionals who are responsible for protecting these systems from cyber attacks. Our curriculum aims to bridge this gap by providing theoretical and practical exercises that will raise the awareness and preparedness of both groups of professionals.

Visualising security incidents through event aggregation

Extracting and aggregating the relevant event records relating to an identified security incident from the multitude of heterogeneous logs in an enterprise network is a difficult challenge. Presenting the information in a meaningful way is an additional challenge. This paper looks at solutions to this problem by first identifying three main transforms; log collection, correlation, and visual transformation. Having identified that the CEE project will address the first transform, this paper focuses on the second, while the third is left for future work. To aggregate by correlating event records we demonstrate the use of two correlation methods, simple and composite. These make use of a defined mapping schema and confidence values to dynamically query the normalised dataset and to constrain result events to within a time window. Doing so improves the quality of results, required for the iterative re-querying process being undertaken. Final results of the process are output as nodes and edges suitable for presentation as a network graph.

The Australian Business Assessment of Computer User Security (ABACUS): A national survey.

The Australian Business Assessment of Computer User Security (ABACUS) survey is a nationwide assessment of the prevalence and nature of computer security incidents experienced by Australian businesses. This report presents the findings of the survey which may be used by businesses in Australia to assess the effectiveness of their information technology security measures.

Background to the development of a curriculum for the history of “cyber” and “communications” security

For any discipline to be regarded as a professional undertaking by which its members may be treated as true “professionals” in a specific area, practitioners must clearly understand that discipline’s history as well as the place and significance of that history in current practice as well as its relevance to available technologies and artefacts at the time. This is common for many professional disciplines such as medicine, pharmacy, engineering, law and so on but not yet, this paper submits, in information technology. Based on twenty five elapsed years of experience in developing and delivering Cybersecurity courses at undergraduate and postgraduate levels, this paper proposes a rationale and set of differing perspectives for the planning and development of curricula relevant to the delivery of appropriate courses in the history of cybersecurity or information assurance to information and communications technology (ICT) students and thus to potential information technology professionals.

The Stitchery collective : more than pretty clothes for pretty people

As a cultural field, the world of fashion is usually associated with ‘exclusive’ qualities such as celebrity, glamour and the value of being young beautiful and size 10. By and large fashion design courses adhere to this model of fashion production and consumption training their graduates to compete successfully in an industry that seems far removed from the notions inclusivity and connection of community engagement. However, alternative models can and do exist. This presentation tells the story of ‘the stitchery collective’ a group of graduates from QUTs Creative Industries Fashion program who are developing an innovative model of fashion practice focussed around the ideas and values both of community engagement and community cultural development. Their work to date has included projects that target specific community groups – such as “Fashioning Social Inclusion” (2010-2011) that works with Brisbane women who belong to migrant and refugee communities, as well as more recently “WARM” a workshop delivered to children at the 3rd International Kids’ Carnival hosted by La Biennale in Venice (February 2012). A common thread across these programs is a desire to investigate the premise that clothing and dress can potentially act as a lingua franca that enables connection and communication; and that in fact aspects of ‘fashion’ culture can be mobilised in a community focussed context to enhance cultural exchange. The issue of how ‘learning’ happens in these contexts provides rich scope for analysis and discussion – given the innovative and engaged nature of the work our discussion will particularly highlight the ‘leaning through doing’ that occurs as well as the ‘collective’ nature of the design processes we develop and promote. The story will include the voices and perspectives of several of the stitchery collective’s members as well as community partners.

The Stitchery collective : fashion in an expanded field

This practice-based presentation explores the role of fashion as an agent for social inclusion and ethical design practice in communities. The Stitchery Collective is an artist-run initiative based in Brisbane, Australia. Operating at the intersection of craft and design, the fashion-based initiative challenges the assumption that fashion is designed, produced and consumed exclusively in the commercial sector. As a not-for-profit cooperative, the stitchery collective is the first and only fashion organisation in Australia to attract funding under the national and state artist-run-initiative scheme. The collective approach extends to the stitchery design practice, facilitated by individual practitioners working within the organisation who devise programs in the context of collaborative and socially engaged design. Working under the banner of a question, Can fashion be more than pretty clothes for pretty people? the stitchery works to extend the cultural field of fashion practice in the 21st century. The premise of dress as a ‘significant creative or cultural expression’ has informed the expanded definition of fashion practice, as adopted by the stitchery. This alternative classification has fostered partnerships with numerous community groups, including those marginalised in the contemporary fashion context such as recent migrants and refugees. Community engagement programs span design, sewing and up-cycling workshops, sustainability lectures, clothing swaps and public education seminars, supported by partnerships with various cultural, government and educational institutions. In 2011, the stitchery travelled to the Venice Biennale’s 3rd International Children’s Carnival, hosting a workshop series and installation to promote design for sustainability. The proven potential for design to connect community members has motivated the stitchery to question the opportunity for fashion practice to, perhaps uncharacteristically, operate under the banner of ‘design for social good’. Acknowledging craft and design as relational fields, this presentation expands fashion as a tool for social innovation and sustainable practice. The stitchery dislocates the consumer status of fashion with small-scale, localised projects; moving beyond fashion as a dictum of social class to an alternative model that is accessible, conscious, flexible, connected and sustainable. As an undefined post-industrial future approaches, the non-commercial status of the stitchery practice might work to present an image of the active post-consumer. How can the stitchery propose a resilient model of design for the future?