Knowledge Protection in Firms : Theory and Evidence from HP Labs

Publisher PDF

Integrity-Based Kernel Malware Detection

Kernel-level malware is one of the most dangerous threats to the security of users on the Internet, so there is an urgent need for its detection. The most popular detection approach is misuse-based detection. However, it cannot catch up with today's advanced malware that increasingly apply polymorphism and obfuscation. In this thesis, we present our integrity-based detection for kernel-level malware, which does not rely on the specific features of malware. We have developed an integrity analysis system that can derive and monitor integrity properties for commodity operating systems kernels. In our system, we focus on two classes of integrity properties: data invariants and integrity of Kernel Queue (KQ) requests. We adopt static analysis for data invariant detection and overcome several technical challenges: field-sensitivity, array-sensitivity, and pointer analysis. We identify data invariants that are critical to system runtime integrity from Linux kernel 2.4.32 and Windows Research Kernel (WRK) with very low false positive rate and very low false negative rate. We then develop an Invariant Monitor to guard these data invariants against real-world malware. In our experiment, we are able to use Invariant Monitor to detect ten real-world Linux rootkits and nine real-world Windows malware and one synthetic Windows malware. We leverage static and dynamic analysis of kernel and device drivers to learn the legitimate KQ requests. Based on the learned KQ requests, we build KQguard to protect KQs. At runtime, KQguard rejects all the unknown KQ requests that cannot be validated. We apply KQguard on WRK and Linux kernel, and extensive experimental evaluation shows that KQguard is efficient (up to 5.6% overhead) and effective (capable of achieving zero false positives against representative benign workloads after appropriate training and very low false negatives against 125 real-world malware and nine synthetic attacks). In our system, Invariant Monitor and KQguard cooperate together to protect data invariants and KQs in the target kernel. By monitoring these integrity properties, we can detect malware by its violation of these integrity properties during execution.

Terrorismo, Yihadismo y Crimen Organizado en la Estrategia Global de Seguridad de la Unión Europea

El terrorismo es considerado en la Estrategia Global para la Política Exterior y de Seguridad de la UE como una de las principales amenazas a la seguridad de la Unión Europea. La lucha contra el terrorismo ha dado sus frutos en los últimos quince años, pero este artículo analiza la nueva Estrategia y se pregunta si será suficiente para responder con eficacia a esta amenaza y si se están empleando todos los medios necesarios para atajarla.

El Cambio Climático en la Estrategia Global de Seguridad de la Unión Europea

El cambio climático es uno de los mayores desafíos de la actualidad. La UE ha abordado el tema de forma claramente insuficiente desde el punto de vista teórico, con unos planteamientos demasiado inmovilistas y hasta conformistas con su propia acción. Pero, al mismo tiempo, ha sido uno de los primeros y principales actores internacionales en actuar y posicionarse claramente en la lucha contra el cambio climático. La Estrategia Global de Seguridad de la UE no aborda adecuadamente ni el cambio climático como prioridad fundamental ni algunas de sus implicaciones en las políticas de los Estados Miembros de la UE.

La Seguridad Energética y la Estrategia Global de Seguridad de la Unión Europea

El presente artículo plantea una definición ampliada del concepto de seguridad energética, yendo más allá del concepto clásico establecido por la Agencia Internacional de la Energía, incorporando cuestiones relativas a la eficiencia energética, la aceptabilidad del modelo energético y los retos que impone el cambio climático, pero sin perder de perspectiva las exigencias y las dinámicas competitivas económicas globales. Sobre la base de este concepto ampliado, se examina la evolución de la seguridad energética en el marco de la Unión Europea, con una atención particular a cómo se concibe la seguridad energética en la Estrategia Global de Seguridad de 2016.

El Norte de Africa y el Sahel y la Estrategia Global de Seguridad de la Unión Europea

El objetivo del artículo es exponer una adecuada y necesaria redefinición de la política de la UE hacia el Norte de África y el Sahel, tanto en términos geográficos como en términos estratégicos de acuerdo con lo expuesto en la nueva Estrategia Global Europea. En este sentido, se revisarán los postulados y la evolución de la antigua Estrategia Europea de Seguridad (EES) y su consiguiente Política de Vecindad (ENP), en comparación con la recién lanzada Estrategia. La nueva Estrategia es concebida como una guía para el desarrollo de la política exterior y de seguridad que la UE ha de llevar a cabo, inter alia, en su periferia. Lamentablemente su concepción de esta zona regional resulta anclada en el pasado.

Relanzando la Respuesta Rápida Militar: Los Battlegroups

La utilidad de los Battlegroups, casi una década después de declarar capacidad operativa plena, ha estado y continuará estando en duda debido a la inacción europea. Para que la UE se convierta en el actor internacional que durante tantos años ha proclamado, necesitará consolidar su capacidad de respuesta rápida militar para hacer frente a crisis multidimensionales y llevar a cabo todo el espectro de Misiones Petersberg. El artículo hace un repaso a la concepción y el desarrollo de los Battlegroups y propone un conjunto de reformas para que puedan llegar a ser un instrumento efectivo de respuesta rápida militar.

La Unión Europea y la OTAN en el marco de la nueva Estrategia Global de Seguridad de la Unión Europea

El artículo analiza la relación entre la Unión Europea y la OTAN en cuestiones de defensa, según se ha reflejado en las estrategias de seguridad de la Unión Europea, con particular atención a la Estrategia Global de la Unión Europea presentada en 2016. Se estudia la Estrategia de Seguridad Europea de 2003, el Informe de Implementación de 2008, y las nuevas aproximaciones al contexto internacional y a la seguridad europea que se reflejan en la Estrategia Global. Se analiza también el papel de la OTAN, así como la evolución de la política de seguridad de los Estados Unidos hacia Europa durante la Administración Obama. Finalmente se discute el posible futuro de la Política Común de Seguridad y Defensa de la UE (PCSD) después del Bréxit, así como las consecuencias para su relación con la OTAN.

Consumer Behaviour towards Organic Ready-to-Eat Meals: A Case of Quality Innovation

This paper reviews literature on alternative convenience food choices and analyses the findings from consumer behaviour and manufacturing/retailing perspective. As consumers’ demand for easy prepared and healthier food products has gradually increased, so has the related research activity. This address provides a synopsis of 60 relevant peer-review publications based on an online research carried out using related to organic ready-to-eat meals search terms. An overview of topic’s most important outcomes is presented, compared and evaluated. Results reveal positive attitudes, increased interest and willingness to purchase such products. Research gaps are identified in the field of personal and social norms as well as in the regulation and seeking information process. Policy making implications and recommendations are also discussed in conjunction with future research opportunities

Aspectos do gerenciamento de riscos de tecnologia da informação nas empresas: um estudo de caso múltiplos

The information technology - IT- benefits have been more perceived during the last decades. Both IT and business managers are dealing with subjects like governance, IT-Business alignment, information security and others on their top priorities. Talking about governance, specifically, managers are facing it with a technical approach, that gives emphasis on protection against invasions, antivirus systems, access controls and others technical issues. The IT risk management, commonly, is faced under this approach, that means, has its importance reduced and delegated to IT Departments. On the last two decades, a new IT risk management perspective raised, bringing an holistic view of IT risk to the organization. According to this new perspective, the strategies formulation process should take into account the IT risks. With the growing of IT dependence on most of organizations, the necessity of a better comprehension about the subject becomes more clear. This work shows a study in three public organizations of the Pernambuco State that investigates how those organizations manage their IT risks. Structured interviews were made with IT managers, and later, analyzed and compared with conceptual categories found in the literature. The results shows that the IT risks culture and IT governance are weakly understood and implemented on those organizations, where there are not such an IT risk methodology formally defined, neither executed. In addition, most of practices suggested in the literature were found, even without an alignment with an IT risks management process

Fatores que influenciam a aceitação de práticas avançadas de gestão de segurança da informação: um estudo com gestores públicos estaduais no Brasil

This study examines the factors that influence public managers in the adoption of advanced practices related to Information Security Management. This research used, as the basis of assertions, Security Standard ISO 27001:2005 and theoretical model based on TAM (Technology Acceptance Model) from Venkatesh and Davis (2000). The method adopted was field research of national scope with participation of eighty public administrators from states of Brazil, all of them managers and planners of state governments. The approach was quantitative and research methods were descriptive statistics, factor analysis and multiple linear regression for data analysis. The survey results showed correlation between the constructs of the TAM model (ease of use, perceptions of value, attitude and intention to use) and agreement with the assertions made in accordance with ISO 27001, showing that these factors influence the managers in adoption of such practices. On the other independent variables of the model (organizational profile, demographic profile and managers behavior) no significant correlation was identified with the assertions of the same standard, witch means the need for expansion researches using such constructs. It is hoped that this study may contribute positively to the progress on discussions about Information Security Management, Adoption of Safety Standards and Technology Acceptance Model

Attack simulation based software protection assessment method

Software protection is an essential aspect of information security to withstand malicious activities on software, and preserving software assets. However, software developers still lacks a methodology for the assessment of the deployed protections. To solve these issues, we present a novel attack simulation based software protection assessment method to assess and compare various protection solutions. Our solution relies on Petri Nets to specify and visualize attack models, and we developed a Monte Carlo based approach to simulate attacking processes and to deal with uncertainty. Then, based on this simulation and estimation, a novel protection comparison model is proposed to compare different protection solutions. Lastly, our attack simulation based software protection assessment method is presented. We illustrate our method by means of a software protection assessment process to demonstrate that our approach can provide a suitable software protection assessment for developers and software companies.

Varmuuskopiointi ja tietoturva mikroyrityksessä

Varmuuskopiointi ja tietoturva suomalaisessa mikroyrityksessä ovat asioita, joihin ei usein kiinnitetä riittävää huomiota puuttuvan osaamisen, kiireen tai liian vähäisten resurssien takia. Tietoturva on valittu erääksi työn tutkimusaiheeksi, koska se on ajankohtainen ja paljon puhuttu aihe. Toiseksi tutkimusaiheeksi on valittu varmuuskopiointi, sillä se liittyy hyvin vahvasti tietoturvaan ja se on pakollinen toimenpide yrityksen liiketoiminnan jatkuvuuden takaamiseksi. Tässä työssä tutkitaan mikroyrityksen tietoturvaa ja pohditaan, miten sitä voidaan parantaa yksinkertaisilla menetelmillä. Tämän lisäksi tarkastellaan mikroyrityksen varmuuskopiointia ja siihen liittyviä asioita ja ongelmia. Työn tavoitteena on tietoturvan ja varmuuskopioinnin tutkiminen yleisellä tasolla sekä useamman varmuuskopiointiratkaisuvaihtoehdon luominen kirjallisuuden ja teorian pohjalta. Työssä tarkastellaan yrityksen tietoturvaa ja varmuuskopiointia käyttäen hyväksi kuvitteellista malliyritystä tutkimusympäristönä, koska tällä tavalla tutkimusympäristö voidaan määritellä ja rajata tarkasti. Koska kyseiset aihealueet ovat varsin laajoja, on työn aihetta rajattu lähinnä varmuuskopiointiin, mahdollisiin tietoturvauhkiin ja tietoturvan tutkimiseen yleisellä tasolla. Tutkimuksen pohjalta on kehitetty kaksi mahdollista paikallisen varmuuskopioinnin ratkaisuvaihtoehtoa ja yksi etävarmuuskopiointiratkaisuvaihtoehto. Paikallisen varmuuskopioinnin ratkaisuvaihtoehdot ovat varmuuskopiointi ulkoiselle kovalevylle ja varmuuskopiointi NAS (Network Attached Storage) -verkkolevypalvelimelle. Etävarmuuskopiointiratkaisuvaihtoehto on varmuuskopiointi etäpalvelimelle, kuten pilvipalveluun. Vaikka NAS-verkkolevypalvelin on paikallisen varmuuskopioinnin ratkaisu, voidaan sitä myös käyttää etävarmuuskopiointiin riippuen laitteen sijainnista. Työssä vertaillaan ja arvioidaan lyhyesti ratkaisuvaihtoehtoja tutkimuksen pohjalta luoduilla arviointikriteereillä. Samalla esitellään pisteytysmalli ratkaisujen arvioinnin ja sopivan ratkaisuvaihtoehdon valitsemisen helpottamiseksi. Jokaisessa ratkaisuvaihtoehdossa on omat hyvät ja huonot puolensa, joten oikean ratkaisuvaihtoehdon valitseminen ei ole aina helppoa. Ratkaisuvaihtoehtojen sopivuus tietylle yritykselle riippuu aina yrityksen omista tarpeista ja vaatimuksista. Koska eri yrityksillä on usein erilaiset vaatimukset ja tarpeet varmuuskopioinnille, voi yritykselle parhaiten sopivan varmuuskopiointiratkaisun löytäminen olla vaikeaa ja aikaa vievää. Tässä työssä esitetyt ratkaisuvaihtoehdot toimivat ohjeena ja perustana mikroyrityksen varmuuskopioinnin suunnittelussa, valinnassa, päätöksen teossa ja järjestelmän rakentamisessa.

Systemizers are better code-breakers: self-reported systemizing predicts code-breaking performance in expert hackers and naïve participants

Studies on hacking have typically focused on motivational aspects and general personality traits of the individuals who engage in hacking; little systematic research has been conducted on predispositions that may be associated not only with the choice to pursue a hacking career but also with performance in either naïve or expert populations. Here, we test the hypotheses that two traits that are typically enhanced in autism spectrum disorders—attention to detail and systemizing—may be positively related to both the choice of pursuing a career in information security and skilled performance in a prototypical hacking task (i.e., crypto-analysis or code-breaking). A group of naïve participants and of ethical hackers completed the Autism Spectrum Quotient, including an attention to detail scale, and the Systemizing Quotient (Baron-Cohen et al., 2001, 2003). They were also tested with behavioral tasks involving code-breaking and a control task involving security X-ray image interpretation. Hackers reported significantly higher systemizing and attention to detail than non-hackers. We found a positive relation between self-reported systemizing (but not attention to detail) and code-breaking skills in both hackers and non-hackers, whereas attention to detail (but not systemizing) was related with performance in the X-ray screening task in both groups, as previously reported with naïve participants (Rusconi et al., 2015). We discuss the theoretical and translational implications of our findings.

Analysis of physical pore space characteristics of two pyrolytic biochars and potential as microhabitat

Studies on hacking have typically focused on motivational aspects and general personality traits of the individuals who engage in hacking; little systematic research has been conducted on predispositions that may be associated not only with the choice to pursue a hacking career but also with performance in either naïve or expert populations. Here, we test the hypotheses that two traits that are typically enhanced in autism spectrum disorders—attention to detail and systemizing—may be positively related to both the choice of pursuing a career in information security and skilled performance in a prototypical hacking task (i.e., crypto-analysis or code-breaking). A group of naïve participants and of ethical hackers completed the Autism Spectrum Quotient, including an attention to detail scale, and the Systemizing Quotient (Baron-Cohen et al., 2001, 2003). They were also tested with behavioral tasks involving code-breaking and a control task involving security X-ray image interpretation. Hackers reported significantly higher systemizing and attention to detail than non-hackers. We found a positive relation between self-reported systemizing (but not attention to detail) and code-breaking skills in both hackers and non-hackers, whereas attention to detail (but not systemizing) was related with performance in the X-ray screening task in both groups, as previously reported with naïve participants (Rusconi et al., 2015). We discuss the theoretical and translational implications of our findings.