946 resultados para user-driven security adaptation
Resumo:
In 2011 Queensland suffered both floods and cyclones, leaving residents without homes and their communities in ruins (2011). This paper presents how researchers from QUT, who are also members of the Oral History Association of Australia (OHAA) Queensland’s chapter, are using oral history, photographs, videography and digital storytelling to help heal and empower rural communities around the state and how evaluation has become a key element of our research. QUT researchers ran storytelling workshops in the capital city of Brisbane i early 2011, after the city suffered sever flooding. Cyclone Yasi then struck the town of Cardwell (in February 2011) destroying their historical museum and recording equipment. We delivered an 'emergency workshop', offering participants hands on use of the equipment, ethical and interviewing theory, so that the community could start to build a new collection. We included oral history workshops as well as sessions on how best to use a video camera, digital camera and creative writing sessions, so the community would also know how to make 'products' or exhibition pieces out of the interviews they were recording. We returned six months later to conduct follow-up workshops and the material produced by and with the community had been amazing. More funding has now been secured to replicate audio/visual/writing workshops in other remote rural Queensland communities including Townsville, Mackay and Cunnamulla and Toowoomba in 2012, highlighting the need for a multi media approach, to leverage the most out of OH interviews as a mechanism to restore and promote community resilience and pride.
Resumo:
On 3 February 2011, Cyclone Yasi struck the coast of North Queensland, causing widespread damage. The cyclone destroyed the small coastal town of Cardwell, about 165 kilometres north of Townsville, Queensland. This chapter serves as a case study of a collaborative outreach project mobilised in response to this disaster in North Queensland. A public history research team, consisting of practitioners from the Queensland University of Technology’s Creative Industries Faculty, with the support of the Oral History Association of Australia, Queensland branch, partnered with the Cardwell and District Historical Society to support the society to collect community narratives in the wake of Cyclone Yasi.
Resumo:
Cyclone Yasi struck the Cassowary Coast of Queensland in the early hours of Feb 3, 2011, destroying many homes sand property, including the destruction of the Cardwell and district historical society’s premises. With their own homes flattened, many were forced to live in mobile accommodation, with extended family, or leave altogether. The historical society members however were more devastated by their flattened foreshore museum and loss of their collection material. A call for assistance was made through the OHAA Qld branch, who along with QUT sponsored a trip to somehow plan how they could start to pick up the pieces to start again. This presentation highlights the need for communities to gather, preserve and present their own stories, in a way that is sustainable and meaningful to them, but that good advice and support along the way is important. Two 2 day workshops were held in March and then September, augmented by plenty of email correspondence and phone calls in between. Participants learnt that if they could conduct quality oral history interviews, they could later use these in many exhibitable ways including: documentary pieces; digital stories; photographic collections; creative short stories; audio segments –while also drawing closely together a suffering community. This story is not only about the people who were interviewed about the night Yasi struck, but the amazing women (all over 50) of the historical society who were willing to try and leap the digital divide that faces older Australians, especially those in rural Australia, so that their older local stories would not be lost and so that new stories could also be remembered.
Resumo:
In the modern connected world, pervasive computing has become reality. Thanks to the ubiquity of mobile computing devices and emerging cloud-based services, the users permanently stay connected to their data. This introduces a slew of new security challenges, including the problem of multi-device key management and single-sign-on architectures. One solution to this problem is the utilization of secure side-channels for authentication, including the visual channel as vicinity proof. However, existing approaches often assume confidentiality of the visual channel, or provide only insufficient means of mitigating a man-in-the-middle attack. In this work, we introduce QR-Auth, a two-step, 2D barcode based authentication scheme for mobile devices which aims specifically at key management and key sharing across devices in a pervasive environment. It requires minimal user interaction and therefore provides better usability than most existing schemes, without compromising its security. We show how our approach fits in existing authorization delegation and one-time-password generation schemes, and that it is resilient to man-in-the-middle attacks.
Resumo:
Internet services are important part of daily activities for most of us. These services come with sophisticated authentication requirements which may not be handled by average Internet users. The management of secure passwords for example creates an extra overhead which is often neglected due to usability reasons. Furthermore, password-based approaches are applicable only for initial logins and do not protect against unlocked workstation attacks. In this paper, we provide a non-intrusive identity verification scheme based on behavior biometrics where keystroke dynamics based-on free-text is used continuously for verifying the identity of a user in real-time. We improved existing keystroke dynamics based verification schemes in four aspects. First, we improve the scalability where we use a constant number of users instead of whole user space to verify the identity of target user. Second, we provide an adaptive user model which enables our solution to take the change of user behavior into consideration in verification decision. Next, we identify a new distance measure which enables us to verify identity of a user with shorter text. Fourth, we decrease the number of false results. Our solution is evaluated on a data set which we have collected from users while they were interacting with their mail-boxes during their daily activities.
Resumo:
In the last decade, smartphones have gained widespread usage. Since the advent of online application stores, hundreds of thousands of applications have become instantly available to millions of smart-phone users. Within the Android ecosystem, application security is governed by digital signatures and a list of coarse-grained permissions. However, this mechanism is not fine-grained enough to provide the user with a sufficient means of control of the applications' activities. Abuse of highly sensible private information such as phone numbers without users' notice is the result. We show that there is a high frequency of privacy leaks even among widely popular applications. Together with the fact that the majority of the users are not proficient in computer security, this presents a challenge to the engineers developing security solutions for the platform. Our contribution is twofold: first, we propose a service which is able to assess Android Market applications via static analysis and provide detailed, but readable reports to the user. Second, we describe a means to mitigate security and privacy threats by automated reverse-engineering and refactoring binary application packages according to the users' security preferences.
Resumo:
The evolution of classic power grids to smart grids creates chances for most participants in the energy sector. Customers can save money by reducing energy consumption, energy providers can better predict energy demand and environment benefits since lower energy consumption implies lower energy production including a decrease of emissions from plants. But information and communication systems supporting smart grids can also be subject to classical or new network attacks. Attacks can result in serious damage such as harming privacy of customers, creating economical loss and even disturb the power supply/demand balance of large regions and countries. In this paper, we give an overview about the German smart measuring architecture, protocols and security. Afterwards, we present a simulation framework which enables researchers to analyze security aspects of smart measuring scenarios.
Resumo:
Private data stored on smartphones is a precious target for malware attacks. A constantly changing environment, e.g. switching network connections, can cause unpredictable threats, and require an adaptive approach to access control. Context-based access control is using dynamic environmental information, including it into access decisions. We propose an "ecosystem-in-an-ecosystem" which acts as a secure container for trusted software aiming at enterprise scenarios where users are allowed to use private devices. We have implemented a proof-of-concept prototype for an access control framework that processes changes to low-level sensors and semantically enriches them, adapting access control policies to the current context. This allows the user or the administrator to maintain fine-grained control over resource usage by compliant applications. Hence, resources local to the trusted container remain under control of the enterprise policy. Our results show that context-based access control can be done on smartphones without major performance impact.
Resumo:
Could mobile telephony be harnessed for development in Papua New Guinea (PNG)? Could mobile phones be utilised to enhance the security and prosperity of rural communities? Could mobile phones be a useful tool in the achievement of the PNG 2050 Vision targets? This paper is based on literature review around use of mobile phones in development in Asia, Africa, and the Caribbean. It also draws on discussions with key players in PNG, such as NGOs, UN agencies, donor partners, telecommunication companies and the government of PNG. Anticipated benefits of mobile phone availability have not been fully realised in rural areas of PNG to date due to pricing, difficulties with recharging handset batteries in communities which do not have mains electricity supply, and also concerns about negative social changes related to mobile telephony, for example parental stress over youth forming unsuitable relationships. Nonetheless, there are manifest possible ways for mobile phone technology to change user communication patterns positively regarding economic output. In sectors as diverse as health, education and law and justice, discussions are currently underway to establish how mobile phones could be used to increase service delivery, particularly to rural and marginal communities.
Resumo:
The ultimate goal of an access control system is to allocate each user the precise level of access they need to complete their job - no more and no less. This proves to be challenging in an organisational setting. On one hand employees need enough access to the organisation’s resources in order to perform their jobs and on the other hand more access will bring about an increasing risk of misuse - either intentionally, where an employee uses the access for personal benefit, or unintentionally, through carelessness or being socially engineered to give access to an adversary. This thesis investigates issues of existing approaches to access control in allocating optimal level of access to users and proposes solutions in the form of new access control models. These issues are most evident when uncertainty surrounding users’ access needs, incentive to misuse and accountability are considered, hence the title of the thesis. We first analyse access control in environments where the administrator is unable to identify the users who may need access to resources. To resolve this uncertainty an administrative model with delegation support is proposed. Further, a detailed technical enforcement mechanism is introduced to ensure delegated resources cannot be misused. Then we explicitly consider that users are self-interested and capable of misusing resources if they choose to. We propose a novel game theoretic access control model to reason about and influence the factors that may affect users’ incentive to misuse. Next we study access control in environments where neither users’ access needs can be predicted nor they can be held accountable for misuse. It is shown that by allocating budget to users, a virtual currency through which they can pay for the resources they deem necessary, the need for a precise pre-allocation of permissions can be relaxed. The budget also imposes an upper-bound on users’ ability to misuse. A generalised budget allocation function is proposed and it is shown that given the context information the optimal level of budget for users can always be numerically determined. Finally, Role Based Access Control (RBAC) model is analysed under the explicit assumption of administrators’ uncertainty about self-interested users’ access needs and their incentives to misuse. A novel Budget-oriented Role Based Access Control (B-RBAC) model is proposed. The new model introduces the notion of users’ behaviour into RBAC and provides means to influence users’ incentives. It is shown how RBAC policy can be used to individualise the cost of access to resources and also to determine users’ budget. The implementation overheads of B-RBAC is examined and several low-cost sub-models are proposed.
Resumo:
This paper aims to inform design strategies for smart space technology to enhance libraries as environments for co-working and informal social learning. The focus is on understanding user motivations, behaviour, and activities in the library when there is no programmed agenda. The study analyses gathered data over five months of ethnographic research at ‘The Edge’ – a bookless library space at the State Library of Queensland in Brisbane, Australia, that is explicitly dedicated to co-working, social learning, peer collaboration, and creativity around digital culture and technology. The results present five personas that embody people’s main usage patterns as well as motivations, attitudes, and perceived barriers to social learning. It appears that most users work individually or within pre-organised groups, but usually do not make new connections with co-present, unacquainted users. Based on the personas, four hybrid design dimensions are suggested to improve the library as a social interface for shared learning encounters across physical and digital spaces. The findings in this paper offer actionable knowledge for managers, decision makers, and designers of technology-enhanced library spaces and similar collaboration and co-working spaces.
Resumo:
We introduce the Network Security Simulator (NeSSi2), an open source discrete event-based network simulator. It incorporates a variety of features relevant to network security distinguishing it from general-purpose network simulators. Compared to the predecessor NeSSi, it was extended with a three-tier plugin architecture and a generic network model to shift its focus towards simulation framework for critical infrastructures. We demonstrate the gained adaptability by different use cases
Resumo:
Session Initiation Protocol (SIP) is developed to provide advanced voice services over IP networks. SIP unites telephony and data world, permitting telephone calls to be transmitted over Intranets and Internet. Increase in network performance and new mechanisms for guaranteed quality of service encourage this consolidation to provide toll cost savings. Security comes up as one of the most important issues when voice communication and critical voice applications are considered. Not only the security methods provided by traditional telephony systems, but also additional methods are required to overcome security risks introduced by the public IP networks. SIP considers security problems of such a consolidation and provides a security framework. There are several security methods defined within SIP specifications and extensions. But, suggested methods can not solve all the security problems of SIP systems with various system requirements. In this thesis, a Kerberos based solution is proposed for SIP security problems, including SIP authentication and privacy. The proposed solution tries to establish flexible and scalable SIP system that will provide desired level of security for voice communications and critical telephony applications.
Resumo:
An engaging narrative is maintained throughout this edited collection of articles that address the issue of militarism in international relations. The book seamlessly integrates historical and contemporary perspectives on militarism with theory and relevant international case studies, resulting in a very informative read. The work is comprised of three parts. Part 1 deals with the theorisation of militarism and includes chapters by Anna Stavrianakis and Jan Selby, Martin Shaw, Simon Dalby, and Nicola Short. It covers a range of topics relating to historical and contemporary theories of militarism, geopolitical threat construction, political economy, and the US military’s ‘cultural turn’.
