Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
- Institution
- Publication
- Publication Type
Articles 1 - 7 of 7
Full-Text Articles in Physical Sciences and Mathematics
Security Requirements Engineering-The Reluctant Oxymoron, Michael N. Johnstone
Security Requirements Engineering-The Reluctant Oxymoron, Michael N. Johnstone
Australian Information Security Management Conference
Security is a focus in many systems that are developed today, yet this aspect of systems development is often relegated when the shipping date for a software product looms. This leads to problems post-implementation in terms of patches required to fix security defects or vulnerabilities. A simplistic answer is that if the code was correct in the first instance, then vulnerabilities would not exist. The reality of a complex software artefact is however, driven by other concerns. Rather than probing programs for coding errors that lead to vulnerabilities, it is perhaps more beneficial to look at the root causes of …
Assessment Of Internationalised Domain Name Homograph Attack Mitigation, Peter Hannay, Christopher Bolan
Assessment Of Internationalised Domain Name Homograph Attack Mitigation, Peter Hannay, Christopher Bolan
Australian Information Security Management Conference
With the advent of internationalised domains the threat posed by non-english character sets has eventuated. Whilst this phenomenon remains well known in the development and internet industry the actual implementations of popular applications have been tested to determine their resilience to homograph based attack. The research found that most provided features that overcome such attacks, but there remain a few notable exceptions. Should an attacker take advantage of such oversights a victim would likely not be able to spot a fraudulent site or email and thus provide a perfect platform for subsequent attack.
Information Security Disclosure: A Case Study, I Rosewall, M J. Warren
Information Security Disclosure: A Case Study, I Rosewall, M J. Warren
Australian Information Security Management Conference
New social networking systems such as Facebook are an ever evolving and developing means of social interaction, which is not only being used to disseminate information to family, friends and colleagues but as a way of meeting and interacting with "strangers" through the advent of a large number of social applications. This paper will focus upon the impact of Generation F - the Facebook Generation and their attitudes to security. The paper will be based around discussing the findings of a major UK case study and the implications that this has. The case study identifies 51 recommendations to improve the …
A Study Of Content Authentication In Proxy-Enabled Multimedia Delivery Systems: Model, Techniques, And Applications, Robert H. Deng, Yanjiang Yang
A Study Of Content Authentication In Proxy-Enabled Multimedia Delivery Systems: Model, Techniques, And Applications, Robert H. Deng, Yanjiang Yang
Research Collection School Of Computing and Information Systems
Compared with the direct server-user approach, the server-proxy-user architecture for multimedia delivery promises significantly improved system scalability. The introduction of the intermediary transcoding proxies between content servers and end users in this architecture, however, brings unprecedented challenges to content security. In this article, we present a systematic study on the end-to-end content authentication problem in the server-proxy-user context, where intermediary proxies transcode multimedia content dynamically. We present a formal model for the authentication problem, propose a concrete construction for authenticating generic data modality and formally prove its security. We then apply the generic construction to authenticating specific multimedia formats, for …
Wireless Networks: Improved Secure Network Authentication Protocol (Isnap) For Ieee 802.16, Raheel M. Hashmi, Arooj M. Siddiqui, M. Jabeen, K. Shehzad, A. Zubair, K. S. Alimgeer
Wireless Networks: Improved Secure Network Authentication Protocol (Isnap) For Ieee 802.16, Raheel M. Hashmi, Arooj M. Siddiqui, M. Jabeen, K. Shehzad, A. Zubair, K. S. Alimgeer
International Conference on Information and Communication Technologies
Security is amongst one of the major issues in broadband wireless access (BWA) networks. After the launch of the IEEE 802.16 standard (WiMAX), a number of security issues were reported in several articles. Ever since the beginning, work has been in progress for the neutralization of these identified threats. In this paper, the analysis of the authentication protocols implemented in WiMAX has been presented along with the description of the threats posed to them. The paper also describes security sub-layer and limitations of the existing architecture. An approach has also been presented for the prevention of these threats like the …
Beyond Output Voting: Detecting Compromised Replicas Using Hmm-Based Behavioral Distance, Debin Gao, Michael K. Reiter, Dawn Song
Beyond Output Voting: Detecting Compromised Replicas Using Hmm-Based Behavioral Distance, Debin Gao, Michael K. Reiter, Dawn Song
Research Collection School Of Computing and Information Systems
Many host-based anomaly detection techniques have been proposed to detect code-injection attacks on servers. The vast majority, however, are susceptible to "mimicry" attacks in which the injected code masquerades as the original server software, including returning the correct service responses, while conducting its attack. "Behavioral distance," by which two diverse replicas processing the same inputs are continually monitored to detect divergence in their low-level (system-call) behaviors and hence potentially the compromise of one of them, has been proposed for detecting mimicry attacks. In this paper, we present a novel approach to behavioral distance measurement using a new type of hidden …
Security Decay: An Entropic Approach To Definition And Understanding, Michael Coole, David J. Brooks
Security Decay: An Entropic Approach To Definition And Understanding, Michael Coole, David J. Brooks
Australian Security and Intelligence Conference
This article discusses the affect decay has within a systems approach used when implementing security strategies, in particular, the theory of defence in depth. Defence in depth is implemented within a risk management framework to reduce an organisation’s identified risks, which could lead to undesirable and unacceptable consequences. Defence in depth aims to link layered security elements into a system to ensure a holistic and functional security system, underpinned by the functions of; deter, detect, delay, response and recovery. For such a system to be commissioned and maintain its commissioning effectiveness, these functions must be performed in their sequential order …