An extensible simulation framework for critical infrastructure security

We introduce the Network Security Simulator (NeSSi2), an open source discrete event-based network simulator. It incorporates a variety of features relevant to network security distinguishing it from general-purpose network simulators. Compared to the predecessor NeSSi, it was extended with a three-tier plugin architecture and a generic network model to shift its focus towards simulation framework for critical infrastructures. We demonstrate the gained adaptability by different use cases

Kerberos based security system for session initiation protocol

Session Initiation Protocol (SIP) is developed to provide advanced voice services over IP networks. SIP unites telephony and data world, permitting telephone calls to be transmitted over Intranets and Internet. Increase in network performance and new mechanisms for guaranteed quality of service encourage this consolidation to provide toll cost savings. Security comes up as one of the most important issues when voice communication and critical voice applications are considered. Not only the security methods provided by traditional telephony systems, but also additional methods are required to overcome security risks introduced by the public IP networks. SIP considers security problems of such a consolidation and provides a security framework. There are several security methods defined within SIP specifications and extensions. But, suggested methods can not solve all the security problems of SIP systems with various system requirements. In this thesis, a Kerberos based solution is proposed for SIP security problems, including SIP authentication and privacy. The proposed solution tries to establish flexible and scalable SIP system that will provide desired level of security for voice communications and critical telephony applications.

Militarism and International Relations : Political economy, security, theory, edited by Anna Stavrianakis and Jan Selby, Abingdon, Routledge, 2012, 212 pp., £80.00 (hardback), ISBN 978-0-415-61491-7

An engaging narrative is maintained throughout this edited collection of articles that address the issue of militarism in international relations. The book seamlessly integrates historical and contemporary perspectives on militarism with theory and relevant international case studies, resulting in a very informative read. The work is comprised of three parts. Part 1 deals with the theorisation of militarism and includes chapters by Anna Stavrianakis and Jan Selby, Martin Shaw, Simon Dalby, and Nicola Short. It covers a range of topics relating to historical and contemporary theories of militarism, geopolitical threat construction, political economy, and the US military’s ‘cultural turn’.

Usability and security of gaze-based graphical grid passwords

We present and analyze several gaze-based graphical password schemes based on recall and cued-recall of grid points; eye-trackers are used to record user's gazes, which can prevent shoulder-surfing and may be suitable for users with disabilities. Our 22-subject study observes that success rate and entry time for the grid-based schemes we consider are comparable to other gaze-based graphical password schemes. We propose the first password security metrics suitable for analysis of graphical grid passwords and provide an in-depth security analysis of user-generated passwords from our study, observing that, on several metrics, user-generated graphical grid passwords are substantially weaker than uniformly random passwords, despite our attempts at designing schemes to improve quality of user-generated passwords.

A proposed Australian industrial control system security curriculum

The security of industrial control systems in critical infrastructure is a concern for the Australian government and other nations. There is a need to provide local Australian training and education for both control system engineers and information technology professionals. This paper proposes a postgraduate curriculum of four courses to provide knowledge and skills to protect critical infrastructure industrial control systems. Our curriculum is unique in that it provides security awareness but also the advanced skills required for security specialists in this area. We are aware that in the Australian context there is a cultural gap between the thinking of control system engineers who are responsible for maintaining and designing critical infrastructure and information technology professionals who are responsible for protecting these systems from cyber attacks. Our curriculum aims to bridge this gap by providing theoretical and practical exercises that will raise the awareness and preparedness of both groups of professionals.

Visualising security incidents through event aggregation

Extracting and aggregating the relevant event records relating to an identified security incident from the multitude of heterogeneous logs in an enterprise network is a difficult challenge. Presenting the information in a meaningful way is an additional challenge. This paper looks at solutions to this problem by first identifying three main transforms; log collection, correlation, and visual transformation. Having identified that the CEE project will address the first transform, this paper focuses on the second, while the third is left for future work. To aggregate by correlating event records we demonstrate the use of two correlation methods, simple and composite. These make use of a defined mapping schema and confidence values to dynamically query the normalised dataset and to constrain result events to within a time window. Doing so improves the quality of results, required for the iterative re-querying process being undertaken. Final results of the process are output as nodes and edges suitable for presentation as a network graph.

An evaluation of the Australian Capital Territory Sexual Assault Reform Program (SARP): Final Report

In 2005 the Australian Capital Territory (ACT) Office of the Director of Public Prosecutions (DPP) and the Australian Federal Police (AFP) produced a report, Responding to sexual assault: The challenge of change (DPP & AFP 2005), which made 105 recommendations for reforming the way sexual offence cases are handled by the ACT’s criminal justice system. The Sexual Assault Reform Program (SARP) is one key initiative developed in response to these recommendations. Managed by the ACT Justice and Community Safety Directorate (JACS), SARP’s main objective is to improve aspects of the criminal justice system relating to: processes and support for victims of sexual offences as they progress through the system; attrition in sexual offence matters in the criminal justice system; and coordination and collaboration among the agencies involved. In November 2007 the ACT Attorney-General announced $4 million of funding for several SARP reforms. This funding provided for additional victim support staff; a dedicated additional police officer, prosecutor and legal policy officer; and an upgrade of equipment for the Supreme Court and Magistrates Court, including improvements in technology to assist witnesses in giving evidence, and the establishment of an off-site facility to allow witnesses to give evidence from a location outside of the court. In addition, the reform agenda included a number of legislative amendments that changed how evidence can be given by victims of sexual and family violence offences, children and other vulnerable witnesses. The primary objectives of these legislative changes are to provide an unintimidating, safe environment for vulnerable witnesses (including sexual offence complainants) to give evidence and to obtain prompt statements from witnesses to improve the quality of evidence captured (DPP 2009: 13). The current evaluation The funding for SARP reforms also provided for a preliminary evaluation of the reforms; this report outlines findings from the evaluation. The evaluation sought to address whether the program has met its key objectives: better support for victims, lower attrition rates and improved coordination and collaboration among agencies involved in administering SARP. The evaluation was conducted in two stages and involved a mixed-methods approach. During stage 1 key indicators for the evaluation were developed with stakeholders. During stage 2 quantitative data were collected by stakeholders and provided to the AIC for analysis. Qualitative interviews were also conducted with service delivery providers, and with a small number (n=5) of victim/survivors of sexual offences whose cases had recently been resolved in the ACT criminal justice system. The current evaluation is preliminary in nature. As the SARP reforms will take time to become entrenched within the ACT’s criminal justice system, some of the impacts of the reforms may not yet be evident. Nonetheless, this evaluation provides an insight into how well the SARP reforms have been implemented to date, as well as key areas that could be addressed in the future. Key findings from the preliminary evaluation are outlined briefly below.

The Australian Business Assessment of Computer User Security (ABACUS): A national survey.

The Australian Business Assessment of Computer User Security (ABACUS) survey is a nationwide assessment of the prevalence and nature of computer security incidents experienced by Australian businesses. This report presents the findings of the survey which may be used by businesses in Australia to assess the effectiveness of their information technology security measures.

A comparative study of governmental one-stop portals for public service delivery

The continuing need for governments to radically improve the delivery of public services has led to a new, holistic government reform strategy labeled “Transformational Government” that strongly emphasizes customer-centricity. Attention has turned to online portals as a cost effective front-end to deliver services and engage customers as well as to the corresponding organizational approaches for the back-end to decouple the service interface from the departmental structures. The research presented in this paper makes three contributions: Firstly, a systematic literature review of approaches to the evaluation of online portal models in the public sector is presented. Secondly, the findings of a usability study comparing the online presences of the Queensland Government, the UK Government and the South Australian Government are reported and the relative strengths and weaknesses of the different approaches are discussed. And thirdly, the limitations of the usability study in the context of a broader “Transformational Government” approach are identified and service bundling is suggested as an innovative solution to further improve online service delivery.

Revitalising the Australian Shipping Industry through Tax Reform: Alchemy or Piracy?

The Australian Federal Government has recently passed reforms to the shipping industry. These reforms are aimed at removing barriers to investment in Australian shipping, fostering global competitiveness and securing a stable maritime skills base. The shipping reform package adopts a two pronged approach designed to achieve its stated goals by providing both a ‘stick’ and ‘carrot’ to industry participants. First, the ‘stick’ is delivered via the provision of tighter regulation of coastal trading operations through a new licencing system, along with the introduction of a civil penalty regime and an increase in existing penalties. Second, the ‘carrot’ is delivered via taxation incentives available to vessels registered in Australia where the registrant meets certain specified criteria. These incentives, introduced through amendments to the Income Tax Assessment Act 1997 and the Income Tax Assessment Act 1936 and contained in the Tax Laws Amendment (Shipping Reform) Act 2012, provide five key tax incentives to the shipping industry. From 1 July 2012, amendments give effect to an income tax exemption for qualifying ship operators, accelerated depreciation of vessels, roll-over relief from income tax on the sale of a vessel, an employer refundable tax offset, and an exemption from royalty withholding tax for payments made for the lease of certain shipping vessels.

Trends in the Australian gender wage differential over the 1980s : some evidence on the effectiveness of legislative reform

The article examines the legislative reforms incorporating the Sex Discrimination Act and the Affirmative Action Act introduced during the 1980s. We utilise the Australian Bureau of Statistics Income Distribution Surveys 1981–82 and 1989–90 to reflect pre- and post-legislative reform. The article adopts the Brown, Moon and Zoloth (1980) methodology which treats both the wage and occupational status of the individual as endogenously determined. In the current context this is a particularly flexible framework allowing one to capture both the direct and indirect effects of the legislative reforms. The indirect effect refers to the narrowing of the gender wage gap associated with legislative manipulation of the male-female occupational distributions. The results contrast the slow convergence in the gender wage gap during the 1980s with the much faster pace of the 1970s. The article concludes that despite the focus of the 1980s legislation on employment equity, changes in the male-female occupational distribution over the period are small and the associated impact on gender wage convergence is also small.

A new first-order decision-making model for the procurement of public sector infrastructure: Procedures and Testing

Given global demand for new infrastructure, governments face substantial challenges in funding new infrastructure and delivering Value for Money (VfM). As part of the background to this challenge, a critique is given of current practice in the selection of the approach to procure major public sector infrastructure in Australia and which is akin to the Multi-Attribute Utility Approach (MAUA). To contribute towards addressing the key weaknesses of MAUA, a new first-order procurement decision-making model is presented. The model addresses the make-or-buy decision (risk allocation); the bundling decision (property rights incentives), as well as the exchange relationship decision (relational to arms-length exchange) in its novel approach to articulating a procurement strategy designed to yield superior VfM across the whole life of the asset. The aim of this paper is report on the development of this decisionmaking model in terms of the procedural tasks to be followed and the method being used to test the model. The planned approach to testing the model uses a sample of 87 Australian major infrastructure projects in the sum of AUD32 billion and deploys a key proxy for VfM comprising expressions of interest, as an indicator of competition.

Background to the development of a curriculum for the history of “cyber” and “communications” security

For any discipline to be regarded as a professional undertaking by which its members may be treated as true “professionals” in a specific area, practitioners must clearly understand that discipline’s history as well as the place and significance of that history in current practice as well as its relevance to available technologies and artefacts at the time. This is common for many professional disciplines such as medicine, pharmacy, engineering, law and so on but not yet, this paper submits, in information technology. Based on twenty five elapsed years of experience in developing and delivering Cybersecurity courses at undergraduate and postgraduate levels, this paper proposes a rationale and set of differing perspectives for the planning and development of curricula relevant to the delivery of appropriate courses in the history of cybersecurity or information assurance to information and communications technology (ICT) students and thus to potential information technology professionals.