1st Kassel Student Workshop on Security in Distributed Systems

With this document, we provide a compilation of in-depth discussions on some of the most current security issues in distributed systems. The six contributions have been collected and presented at the 1st Kassel Student Workshop on Security in Distributed Systems (KaSWoSDS’08). We are pleased to present a collection of papers not only shedding light on the theoretical aspects of their topics, but also being accompanied with elaborate practical examples. In Chapter 1, Stephan Opfer discusses Viruses, one of the oldest threats to system security. For years there has been an arms race between virus producers and anti-virus software providers, with no end in sight. Stefan Triller demonstrates how malicious code can be injected in a target process using a buffer overflow in Chapter 2. Websites usually store their data and user information in data bases. Like buffer overflows, the possibilities of performing SQL injection attacks targeting such data bases are left open by unwary programmers. Stephan Scheuermann gives us a deeper insight into the mechanisms behind such attacks in Chapter 3. Cross-site scripting (XSS) is a method to insert malicious code into websites viewed by other users. Michael Blumenstein explains this issue in Chapter 4. Code can be injected in other websites via XSS attacks in order to spy out data of internet users, spoofing subsumes all methods that directly involve taking on a false identity. In Chapter 5, Till Amma shows us different ways how this can be done and how it is prevented. Last but not least, cryptographic methods are used to encode confidential data in a way that even if it got in the wrong hands, the culprits cannot decode it. Over the centuries, many different ciphers have been developed, applied, and finally broken. Ilhan Glogic sketches this history in Chapter 6.

Impact on Policy Responses to Food Price Crisis and Rural Food Security in Sri Lanka

In Sri Lanka policy responses have direct impacts on rural dwellers. Over 80% of Sri Lanka’s population live in rural areas and 90% of them represent low income dwellers. Their production system may be hampered by fragmented landholding, poor economics of scale, low investment levels resulting from poor financial services as well as inappropriate or limited technology. They are vulnerable to price hikes of basic foods and food security issues due to fragmented landholding and poor financial services. Policy measures to reduce the transmission of higher international prices in domestic markets exist to protect the food security of the vulnerable population. This paper will discuss the food policy and strategies implemented by the government and outside to the above facts this paper also describes the effectiveness of the policies forwarded by the government. The objective of this study is to analyse the impact of policy responses to the food price crisis and rural food security in Sri Lanka. Outside of the above facts this study also treats the impact of policies and decisions on the nutritional condition of rural dwellers. Furthermore this study is to analyse the fluctuation of buying power with the price hikes and the relation of above facts with issues like malnutrition. This paper discusses why policy makers should pay greater attention to rural dwellers and describes the multiple pathways through which food price increases have on rural people. It also provides evidence of the impact of this crisis in particular, through hidden hunger, and discusses how current policy responses should adjust and improve to protect the rural dwellers in the short and long term.

From Market- to Development Orientation - The Trade Aspect of Food Security and Agriculture

Trade rules are suggested to be one of the reasons for the hunger in the world and environmental damage. As current trade rules encourage market orientation and therefore specialization and industrialization of agriculture, which has as side effects rural hunger and environmental damage, there is room for improvement in the international trade regime. One main finding of Nexus Foundations' work in Geneva is a possible new orientation for agricultural and food markets – an orientation on development, rather than purely on markets. This development orientation consists of several elements from development of soil fertility to local markets and consumer relatedness. Since the Bali Ministerial in 2013, the WTO has set up a four year work programme on the issue of food security related to food reserves. This opens the chance to discuss broader food security issues in the realm of trade negotiations.

Soils and food security: challenges and opportunities

Soils most obviously contribute to food security in their essential role in crop and fodder production, so affecting the local availability of particular foods. They also have a direct influence on the ability to distribute food, the nutritional value of some foods and, in some societies, the access to certain foods through local processes of allocation and preferences. The inherent fertility of some soils is greater than that of others, so that crop yields vary greatly under semi-natural conditions. Husbandry practices, including the use of manures and fertilisers, have evolved to improve biological, chemical and physical components of soil fertility and thereby increase crop production. The challenge for the future is to sustain soil fertility in ways that increase the yield per unit area while simultaneously avoiding other detrimental environmental consequences. This will require increased effort to develop practices that use inputs such as nutrients, water and energy more efficiently. Opportunities to achieve this include adopting more effective ways to apply water and nutrients, adopting tillage practices that promote water infiltration and increase of organic matter, and breeding to improve the effectiveness of root systems in utilising soil-based resources.

Security management : modelling critical infrastructure

Secure management of Australia's commercial critical infrastructure presents ongoing challenges to owners and the government. Currently a high-level iriformation sharing collaboration between the government and business manages complex security issues, but critical irifrastructure protection also lacks a scalable model exhibiting the overall structure of critical infrastructure at various levels, sectors and sub-sectors. This research builds on the work of Marasea and Warren (2003) to establish a representative model of Australia's critical irifrastructure; discusses the boundaries between critical infrastructures, and considers the existence andpotential irifluence ofcritical irifrastructure relationships.

A security evaluation criteria for baseline security standards

Recent advances in technology and new software applications are steadily transforming human civilization into what is called the Information Society. This is manifested by the new terminology appearing in our daily activities. E-Business, E-Government, E-Learning, E-Contracting, and E-Voting are just a few of the ever-growing list of new terms that are shaping the Information Society. Nonetheless, as "Information" gains more prominence in our society, the task of securing it against all forms of threats becomes a vital and crucial undertaking. Addressing the various security issues confronting our new Information Society, this volume is divided into 13 parts covering the following topics: Information Security Management; Standards of Information Security; Threats and Attacks to Information; Education and Curriculum for Information Security; Social and Ethical Aspects of Information Security; Information Security Services; Multilateral Security; Applications of Information Security; Infrastructure for Information Security Advanced Topics in Security; Legislation for Information Security; Modeling and Analysis for Information Security; Tools for Information Security. Security in the Information Society: Visions and Perspectives comprises the proceedings of the 17th International Conference on Information Security (SEC2002), which was sponsored by the International Federation for Information Processing (IFIP), and jointly organized by IFIP Technical Committee 11 and the Department of Electronics and Electrical Communications of Cairo University. The conference was held in May 2002 in Cairo, Egypt. This volume is essential reading for scholars, researchers, and practitioners interested inkeeping pace with the ever-growing field of Information Security.

Security analysis and modelling framework for critical infrastructure systems

The provision and delivery of many of the services that modern society enjoys are the result of ubiquitous critical infrastructure systems that permeate across many sectors of the Australian community. Moreover, the integration of technological enhancements and networking interconnections between critical infrastructure systems has heightened system interdependence, availability and resilience, including the efficient delivery of services to consumers within Australia's industrialised society. This research delivers a system security analysis and system modelling framework tool based on an associated conceptual methodology as the basis for assessing security and conceptually modelling a critical infrastructure system incident. The intent to identify potential system security issues and gain operational insights that will contribute to improving system resilience, contingency planning development applicable to disaster recovery and ameliorating incident management responses for Australian critical infrastructure system incidents.

Security Issue challenging facebook

The advancement in Internet and bandwidth has resulted in a number of new applications to be developed; many of these newer applications are described as being Web 2. A web 2 application such as Facebook has allowed people around the world to interact together. One of the interesting aspects of Facebook is the use of third parties applications and the interactions that this allows.

Not surprisingly, the problems that exist in the real world such as theft, fraud, vandalism also exist in online environment, and Web 2 applications are not exception to these issues. This paper explores and categorises several security issues within the Facebook environment. It contributes to practice and research by emphasising the importance of security awareness for businesses and the general public in the use of Web 2 applications such as Facebook.

Development of a supply chain management security risk management method : a conceptual model

This paper continues the prior research undertaken by Warren and Leitch (2009), in which a series of initial research findings were presented. These findings identified that in Australia, Supply Chain Management (SCM) systems were the weak link of Australian critical infrastructure. This paper focuses upon the security and risk issues associated with SCM systems and puts forward a new SCM Security Risk Management method, continuing the research presented at the European Conference of Information Warfare in 2009.This paper proposes a new Security Risk Analysis model that deals with the complexity of protecting SCM critical infrastructure systems and also introduces a new approach that organisations can apply to protect their SCM systems. The paper describes the importance of SCM systems from a critical infrastructure protection perspective. The paper then discusses the importance of SCM systems in relation to supporting centres of populations and gives examples of the impact of failure. The paper proposes a new SCM security risk analysis method that deals with the security issues related to SCM security and the security issues associated with Information Security. The paper will also discuss a risk framework that can be used to protect against high and low level associated security risks using a new SCM security risk analysis method.

Above the trust and security in cloud computing : a notion towards innovation

While the nascent Cloud Computing paradigm supported by virtualization has the upward new notion of edges, it lacks proper security and trust mechanisms. Edges are like on demand scalability and infinite resource provisioning as per the `pay-as-you-go' manner in favour of a single information owner (abbreviated as INO from now onwards) to multiple corporate INOs. While outsourcing information to a cloud storage controlled by a cloud service provider (abbreviated as CSP from now onwards) relives an information owner of tackling instantaneous oversight and management needs, a significant issue of retaining the control of that information to the information owner still needs to be solved. This paper perspicaciously delves into the facts of the Cloud Computing security issues and aims to explore and establish a secure channel for the INO to communicate with the CSP while maintaining trust and confidentiality. The objective of the paper is served by analyzing different protocols and proposing the one in commensurate with the requirement of the security property like information or data confidentiality along the line of security in Cloud Computing Environment (CCE). To the best of our knowledge, we are the first to derive a secure protocol by successively eliminating the dangling pitfalls that remain dormant and thereby hamper confidentiality and integrity of information that is worth exchanging between the INO and the CSP. Besides, conceptually, our derived protocol is compared with the SSL from the perspectives of work flow related activities along the line of secure trusted path for information confidentiality.

Security of RFID systems - a hybrid approach

The use of RFID (Radio Frequency Identification) technology can be employed for tracking and detecting each container, pallet, case, and product uniquely in the supply chain. It connects the supply chain stakeholders (i.e.; suppliers, manufacturers, wholesalers/distributors, retailers and customers) and allows them to exchange data and product information. Despite these potential benefits, security issues are the key factor in the deployment of a RFID-enabled system in the global supply chain. This paper proposes a hybrid approach to secure RFID transmission in Supply Chain Management (SCM) systems using modified Wired Equivalent Encryption (WEP) and Rivest, Shamir and Adleman (RSA) cryptosystem. The proposed system also addresses the common loop hole of WEP key algorithm and makes it more secure compare to the existing modified WEP key process.

A security framework for networked RFID

In the last decade RFID technology has become a major contender for managing large scale logistics operations and generating and distributing the massive amount of data involved in such operations. One of the main obstacles to the widespread deployment and adoption of RFID systems is the security issues inherent in them. This is compounded by a noticeable lack of literature on how to identify the vulnerabilities of a RFID system and then effectively identify and develop counter measures to combat the threats posed by those vulnerabilities. In this chapter, the authors develop a conceptual framework for analysing the threats, attacks, and security requirements pertaining to networked RFID systems. The vulnerabilities of, and the threats to, the system are identified using the threat model. The security framework itself consists of two main concepts: (1) the attack model, which identifies and classifies the possible attacks, and (2) the system model, which identifies the security requirements. The framework gives readers a method with which to analyse the threats any given system faces. Those threats can then be used to identify the attacks possible on that system and get a better understanding of those attacks. It also allows the reader to easily identify all the security requirements of that system and identify how those requirements can be met.

Critical infrastructure systems : security analysis and modelling approach

A system security analysis and system modelling framework tool is proposed adopting an associated conceptual methodology as the basis for assessing security and conceptually modelling a critical infrastructure system incident. The intent is to identify potential system security issues and gain operational insights that will contribute to improving system resilience, contingency planning, disaster recovery and ameliorating incident management responses for critical infrastructure system incidents. The aforementioned system security analysis and modelling framework is applied to an adverse critical infrastructure system incident case study. This paper reports on the practical application of the framework to a case study of an actual critical infrastructure system failure and the resultant incident implications for the system and the wider regional communities.

Microsoft and Amazon : a comparison of approaches to cloud security

Research has shown that data security has always been an important aspect of quality of service for data service providers; but cloud computing poses new and challenging security threats. The most common security concerns for users of cloud storage are data confidentiality, integrity and availability. Microsoft has considered these concerns and responded with the Azure virtual private storage based on Searchable Encryption. Amazon has also responded to these security issues with its Amazon Web Services. In this paper, we investigate and compare in depth the features of Microsoft Azure and Amazon Web Services deemed to provide security with a particular focus on confidentiality, integrity and availability of data.