Virtual world security inspection : a software inspection process carried out on popular virtual world environments

 Virtual property theft is a serious problem that exists in virtual worlds. Legitimate users of these worlds invest considerable amounts of time, effort and real-world money into obtaining virtual property, but unfortunately, are becoming victims of theft in high numbers. It is reported that there are over 1 billion registered users of virtual worlds containing virtual property items worth an estimated US$50 billion dollars. The problem of virtual property theft is complex, involving many legal, social and technological issues. The software used to access virtual worlds is of great importance as they form the primary interface to these worlds and as such the primary interface to conduct virtual property theft. The security vulnerabilities of virtual world applications have not, to date, been examined. This study aims to use the process of software inspection to discover security vulnerabilities that may exist within virtual world software – vulnerabilities that enable virtual property theft to occur. Analyzing three well know virtual world applications World of Warcraft, Guild Wars and Entropia Universe, this research utilized security analysis tools and scenario testing with focus on authentication, trading, intruder detection and virtual property recovery. It was discovered that all three examples were susceptible to keylogging, mail and direct trade methods were the most likely method for transferring stolen items, intrusion detection is of critical concern to all VWEs tested, stolen items were unable to be recovered in all cases and lastly occurrences of theft were undetectable in all cases. The results gained in this study present the key problem areas which need to be addressed to improve security and reduce the occurrence of virtual property theft.

Virtual world security inspection

Virtual property theft is a serious problem that exists in virtual worlds. Legitimate users of these worlds invest considerable amounts of time, effort and real-world money into obtaining virtual property, but unfortunately, are becoming victims of theft in high numbers. It is reported that there are over 1 billion registered users of virtual worlds containing virtual property items worth an estimated US$50 billion dollars. The problem of virtual property theft is complex, involving many legal, social and technological issues. The software used to access virtual worlds is of great importance as they form the primary interface to these worlds and as such the primary interface to conduct virtual property theft. The security vulnerabilities of virtual world applications have not, to date, been examined. This study aims to use the process of software inspection to discover security vulnerabilities that may exist within virtual world software – vulnerabilities that enable virtual property theft to occur. Analyzing three well know virtual world applications World of Warcraft, Guild Wars and Entropia Universe, this research utilized security analysis tools and scenario testing with focus on authentication, trading, intruder detection and virtual property recovery. It was discovered that all three examples were susceptible to keylogging, mail and direct trade methods were the most likely method for transferring stolen items, intrusion detection is of critical concern to all VWEs tested, stolen items were unable to be recovered in all cases and lastly occurrences of theft were undetectable in all cases. The results gained in this study present the key problem areas which need to be addressed to improve security and reduce the occurrence of virtual property theft.

Security of RFID systems - a hybrid approach

The use of RFID (Radio Frequency Identification) technology can be employed for tracking and detecting each container, pallet, case, and product uniquely in the supply chain. It connects the supply chain stakeholders (i.e.; suppliers, manufacturers, wholesalers/distributors, retailers and customers) and allows them to exchange data and product information. Despite these potential benefits, security issues are the key factor in the deployment of a RFID-enabled system in the global supply chain. This paper proposes a hybrid approach to secure RFID transmission in Supply Chain Management (SCM) systems using modified Wired Equivalent Encryption (WEP) and Rivest, Shamir and Adleman (RSA) cryptosystem. The proposed system also addresses the common loop hole of WEP key algorithm and makes it more secure compare to the existing modified WEP key process.

A security framework for networked RFID

In the last decade RFID technology has become a major contender for managing large scale logistics operations and generating and distributing the massive amount of data involved in such operations. One of the main obstacles to the widespread deployment and adoption of RFID systems is the security issues inherent in them. This is compounded by a noticeable lack of literature on how to identify the vulnerabilities of a RFID system and then effectively identify and develop counter measures to combat the threats posed by those vulnerabilities. In this chapter, the authors develop a conceptual framework for analysing the threats, attacks, and security requirements pertaining to networked RFID systems. The vulnerabilities of, and the threats to, the system are identified using the threat model. The security framework itself consists of two main concepts: (1) the attack model, which identifies and classifies the possible attacks, and (2) the system model, which identifies the security requirements. The framework gives readers a method with which to analyse the threats any given system faces. Those threats can then be used to identify the attacks possible on that system and get a better understanding of those attacks. It also allows the reader to easily identify all the security requirements of that system and identify how those requirements can be met.

Mobile agents security protocols

Mobile agents are expected to run in partially unknown and untrustworthy environments. They transport from one host to another host through insecure channels and may execute on non-trusted hosts. Thus, they are vulnerable to direct security attacks of intruders and non-trusted hosts. The security of information the agents collect is a fundamental requirement for a trusted implementation of electronic business applications and trade negotiations. This chapter discusses the security protocols presented in the literature that aim to secure the data mobile agents gather while searching the Internet, and identifies the security flaws revealed in the protocols. The protocols are analyzed with respect to the security properties, and the security flaws are identified. Two recent promising protocols that fulfill the various security properties are described. The chapter also introduces common notations used in describing security protocols and describes the security properties of the data that mobile agents gather.

Security framework for mobile agents-based applications

Mobile agents have been proposed for key applications such as forensics analysis, intrusion detection, e-commerce, and resource management. Yet, they are vulnerable to various security threats by malicious hosts or intruders. Conversely, genuine platforms may run malicious agents. It is essential to establish a truly secure framework for mobile agents to gain trust of clients in the system. Failure to accomplish a trustworthy secured framework for Mobile Agent System (MAS) will limit their deployment into the key applications. This chapter presents a comprehensive taxonomy of various security threats to Mobile Agent System and the existing implemented security mechanisms. Different mechanisms are discussed, and the related security deficiencies are highlighted. The various security properties of the agent and the agent platform are described. The chapter also introduces the properties, advantages, and roles of agents in various applications. It describes the infrastructure of the system and discusses several mobile agent frameworks and the accomplished security level.

The mutual obligation policy in Australia : the rhetoric and reasoning of recent social security policy

Since 1997, the Australian Federal Liberal Government has introduced policies which have sought to reduce rates of unemployment, particularly long-term unemployment. The policy, known as Mutual Obligation, increased the expectations on unemployed people in return for their social security payment. At the same time, previous labour market programmes and government assistance schemes were scrapped or privatised. This article explores the justification of the term 'Mutual Obligation' by examining both the language and the underlying principles of the policy. By defining the problem of unemployment in terms of flaws in the previous social security system, the stage is set for the government to introduce policies which remedy those flaws by emphasising self- reliance in favour of government assistance. Further, by invoking notions of fairness and mutuality, the article argues that the term 'Mutual Obligation' masks both the extent and the strength of the obligations imposed on unemployed people.

Advancing Australian 'shared security' : secular-religious peacebuilding networks

The role of religious leaders in promoting social cohesion and ‘shared security’ is increasingly being examined by scholars, as is the growing multifaith movement. The VIIIth World Assembly of Religions for Peace first proposed the notion of ‘shared security’ and the importance of religious leaders’ role in advancing such a concept in Kyoto 2006. A recent study, Managing the Impact of Global Crisis Events on Community Relations in Multicultural Australia (Bouma et al. 2007) has documented the impacts of international crisis events and discourses of exclusion on religiously diverse communities in Australia, in particular rising Islamophobia, migrantophobia and attacks on multiculturalism. Religious communities have been far from passive in their responses to the impact of these events initiating dialogue and educational activities to dispel negative stereotypes and attitudes. State actors, including police, have prioritized engagement with religious leaders resulting in a rise of state supported multifaith and secular-religious peacebuilding activities. This paper argues that, in response to global risks of terror and exclusion, secular-religious networks including religious leaders, state actors, educators and the media have the potential to advance ‘shared security’ in multifaith societies, by drawing on Australian experiences documented in the Global Crisis Events study.

Terrorism and social exclusion : misplaced risk - common security

Recent thinking on globalization places risk at the centre of contemporary life. Yet what if our perception of risk is misplaced? What if the greatest risk is not terrorism itself but the conditions that allow terrorism to flourish? This fascinating book illustrates that elevated perceptions of terrorism-related risks are having a deleterious impact on many societies, exacerbating feelings of exclusion among individuals and groups. Via their exploration of various societies, the expert contributors show that as a causal factor of terrorism, social exclusion can be remedied by inclusive, participatory and deliberative measures. They prescribe a recalibration of counter-terrorism policies to unite rather than divide multicultural societies.