Hunting the unobservables for optimal social security a general equilibrium approach

We study the optimal size of a pay-as-you-go social security program for an economy composed of both permanent-income and hand-to-mouth consumers. While previous work on this topic is framed within a two-period partial equilibrium setup, we study this issue in a life-cycle general equilibrium model. Because this type of welfare analysis depends critically on unobservable preference parameters, we methodically consider all parameterizations of the unobservables that are both feasible and reasonable—all parameterizations that can mimic key features of macro data (feasible) while still being consistent with micro evidence and convention (reasonable). The baseline model predicts that the optimal tax rate is between 6 percent and 15 percent of wage income.

Security protection for critical infrastructure

Understanding and managing information infrastructure (II) security risks is a priority to most organizations dealing with information technology and information warfare (IW) scenarios today (Libicki, 2000). Traditional security risk analysis (SRA) was well suited to these tasks within the paradigm of computer security, where the focus was on securing tangible items such as computing and communications equipment (NCS,1996; Cramer, 1998). With the growth of information interchange and reliance on information infrastructure, the ability to understand where vulnerabilities lie within an organization, regardless of size, has become extremely difficult (NIPC, 1996). To place a value on the information that is owned and used by an organization is virtually an impossible task. The suitability of risk analysis to assist in managing IW and information infrastructure-related security risks is unqualified, however studies have been undertaken to build frameworks and methodologies for modeling information warfare attacks (Molander, Riddile, & Wilson, 1996; Johnson, 1997; Hutchinson & Warren, 2001) which will assist greatly in applying risk analysis concepts and methodologies to the burgeoning information technology security paradigm, information warfare.

Security and privacy threats to volunteer computing

The vision of volunteer computing is to provide large scale computational infrastructure by using dynamic collections of donated desktop computers. There have been many works that highlighted the significant benefits of volunteer computing but little on the security and privacy threats associated with its exploitation. However, volunteer computing is vulnerable to a variety of attacks and presents numerous significant security threats to the stakeholders. This paper presents security and privacy threat taxonomy along with the security features developed to cope with such threats.

Rule-based dependency models for security protocol analysis

Security protocol analysis has been discussed for quite some time in the past few years. Although formal methods have been widely used to identify various vulnerabilities, mainly susceptibility to freshness attacks and impersonation, the arisen inconsistent data between principals and collusion attacks held by a group of dishonest principals have been largely ignored. Moreover, the previous methods focus on reasoning about certain security-related properties and detecting known attacks against secure message, whereas there have been insufficient efforts to handle the above hidden but powerful attacks. In this paper, we address these critical issues and prove the efficiency and intuitiveness of rule-based dependency models in defending a protocol against the attacks. This is able to provide a numerical estimation to measure he occurrence of these attacks. It will be useful in enhancing the current protocol analysis.

Multi-core security defense system (MSDS)

Today's security program developers are not only facing an uphill battle of developing and implementing. But now have to take into consideration, the emergence of next generation of multi-core system, and its effect on security application design. In our previous work, we developed a framework called bodyguard. The objective of this framework was to help security software developers, shift from their use of serialized paradigm, to a multi-core paradigm. Working within this paradigm, we developed a security bodyguard system called Farmer. This abstract framework placed particular applications into categories, like security or multi-media, which were ran on separate core processors within the multi-core system. With further analysis of the bodyguard paradigm, we found that this paradigm was suitable to be used in other computer science areas, such as spam filtering and multi-media. In this paper, we update our research work within the bodyguard paradigm, and showed a marked improvement of 110% speedup performance with an average cost of 1.5 ms.

Investigation of stakeholders commitment to information security awaremess programs

Organisations have become increasingly dependent on technology in order to compete in their respective markets. As IT technology advances at a rapid pace, so does its complexity, giving rise to new IT security vulnerabilities and methods of attack. Even though the human factors have been recognized to have a crucial role in information security management, the effects of weakness of will and lack of commitment on the stakeholders (i.e., employers and employees) parts has never been factored into the design and delivery of awareness programs. To this end, this paper investigates the impacts of the availability of awareness programs and end-user drive and lack of commitment to information security awareness program design, delivery and success.

Security and ethical issues in the virtual world of Second Life

In recent times, Virtual Worlds such as Second Life have generated substantial publicity due to the participation of Fortune 500 companies, and other public and private organisations. As practitioners continue to discuss how organisations could derive business value from Virtual Worlds, new security and ethical issues in Virtual Worlds have emerged to challenge Virtual World users and stakeholders. This paper discusses privacy, intellectual property and a host of other security and ethical issues in Virtual Worlds. It contributes to practice and research by (i) providing insight into emerging security and ethical issues in Virtual Worlds, (ii) analysing the implication of these issues, within and beyond Virtual Worlds, and (iii) raising awareness on security and ethics among Virtual World users and stakeholders.

Organisational security requirements : an agile approach to ubiquitous information security

This paper proposes to address the need for more innovation in organisational information security by adding a security requirement engineering focus. Based on the belief that any heavyweight security requirements process in organisational security will be doomed to fail, we developed a security requirement approach with three dimensions. The use of a simple security requirements process in the first dimension has been augmented by an agile security approach. However, introducing this second dimension of agile security does provide support for, but does not necessarily stimulate, innovation. A third dimension is, therefore, needed to ensure there is a proper focus in the organisation's efforts to identify potential new innovations in their security. To create this focus three common shortcomings in organisational information security have been identified. The resulting security approach that addresses these shortcomings is called Ubiquitous Information Security. This paper will demonstrate the potential of this new approach by briefly discussing its possible application in two areas: Ubiquitous Identity Management and Ubiquitous Wireless Security.

IT security certifications : stakeholder evaluation and selection

Information technology (IT) security certifications have proliferated in recent years. However they differ in regards to stakeholder considerations of credibility, accessibility and relevance. Key stakeholders with an interest in selecting an IT security certification (IT security professionals, employers, governments and higher education institutes) lack a systematic approach for differentiating between candidate certifications and selecting the “best” certification to satisfy requirements. The paper focuses on reporting a confirmatory focus group from a recent research project. It provides a framework for supporting stakeholder evaluation and selection of IT security certifications and discusses key implications for the IT security industry, IT security certifications, and the higher education sector.

Security analysis and modelling framework for critical infrastructure systems

The provision and delivery of many of the services that modern society enjoys are the result of ubiquitous critical infrastructure systems that permeate across many sectors of the Australian community. Moreover, the integration of technological enhancements and networking interconnections between critical infrastructure systems has heightened system interdependence, availability and resilience, including the efficient delivery of services to consumers within Australia's industrialised society. This research delivers a system security analysis and system modelling framework tool based on an associated conceptual methodology as the basis for assessing security and conceptually modelling a critical infrastructure system incident. The intent to identify potential system security issues and gain operational insights that will contribute to improving system resilience, contingency planning development applicable to disaster recovery and ameliorating incident management responses for Australian critical infrastructure system incidents.