Open Access. Powered by Scholars. Published by Universities.®

Physical Sciences and Mathematics Commons

Open Access. Powered by Scholars. Published by Universities.®

2010

Edith Cowan University

Discipline
Keyword
Publication
Publication Type
File Type

Articles 1 - 30 of 100

Full-Text Articles in Physical Sciences and Mathematics

Assessing Vulnerabilities Of Biometric Readers Using An Applied Defeat Evaluation Methodology, David Brooks Nov 2010

Assessing Vulnerabilities Of Biometric Readers Using An Applied Defeat Evaluation Methodology, David Brooks

Australian Security and Intelligence Conference

Access control systems using biometric identification readers are becoming common within critical infrastructure and other high security applications. There is a perception that biometric, due to their ability to identify and validate the user, are more secure. However, biometric systems are vulnerable to many categories of attack vectors and there has been restricted research into such defeat vulnerabilities. This study expands on a past article (Brooks, 2009) that presented a defeat evaluation methodology applied to high-security biometric readers. The defeat methodology is represented, but applied to both fingerprint and back-of-hand biometric readers. Defeat evaluation included both physical and technical integrity …

Go to article

Organisational Resilience: A Propositional Study To Understand And Identify The Essential Concepts, Bruce Braes, David Brooks Nov 2010

Organisational Resilience: A Propositional Study To Understand And Identify The Essential Concepts, Bruce Braes, David Brooks

Australian Security and Intelligence Conference

Increased exposure to turmoil has raised business, social and governmental concerns over the ability of organisations to anticipate and respond positively to disruptions. Organisations are spending increased sums of money to raise levels of security; however, Organisational Resilience is a vague, multidisciplined and diverse philosophy, requiring a multiplicity of skills and knowledge that reaches far beyond security alone. The resilience domain is still developing and expanding; however, early embodiments of Organisational Resilience, originating in the United Kingdom and the United States, were nothing more than a rebranding of business continuity management strategies, put together as a ‘resilience processes’, or ‘resilience …

Go to article

Chemical Plume Tracing By Discrete Fourier Analysis And Particle Swarm Optimization, Eugene Jun Jie Neo, Eldin Wee Chuan Lim Nov 2010

Chemical Plume Tracing By Discrete Fourier Analysis And Particle Swarm Optimization, Eugene Jun Jie Neo, Eldin Wee Chuan Lim

Australian Security and Intelligence Conference

A novel methodology for solving the chemical plume tracing problem that utilizes data from a network of stationary sensors has been developed in this study. During a toxic chemical release and dispersion incident, the imperative need of first responders is to determine the physical location of the source of chemical release in the shortest possible time. However, the chemical plume that develops from the source of release may evolve into a highly complex distribution over the entire contaminated region, making chemical plume tracing one of the most challenging problems known to date. In this study, the discrete Fourier series method …

Go to article

Terrorism In Australia: A Psychometric Study Into The Western Australian Public Perception Of Terrorism, Richard Sargent, David J. Brooks Nov 2010

Terrorism In Australia: A Psychometric Study Into The Western Australian Public Perception Of Terrorism, Richard Sargent, David J. Brooks

Australian Security and Intelligence Conference

Terrorism is not a new concept, as historically terrorist organisations have used the threat of violence or actual violence to generate fear in individuals, organisations and governments alike. Fear is a weapon and is used to gain political, ideological or religious objectives. Past terrorist attacks have raised concerns around the world, as governments ensured that their anti-terrorism security strategies are adequate. Domestically, Australia upgraded its capacity to respond to terrorism events through security enhancements across many areas and with new initiatives such as the 2002 public counter terrorism campaign. Nevertheless, there has been restricted research into how terrorist events have …

Go to article

Defining The Security Professional: Definition Through A Body Of Knowledge, Mel Griffiths, David J. Brooks, Jeffrey Corkill Nov 2010

Defining The Security Professional: Definition Through A Body Of Knowledge, Mel Griffiths, David J. Brooks, Jeffrey Corkill

Australian Security and Intelligence Conference

A subject that eludes a consensus definition, security is an amalgam of disciplines that is moving inexorably towards professionalisation. Yet identifying who or what defines a security professional remains as difficult and elusory as a comprehensive definition of security that captures all of its modern facets and many actors. The view of elevating such a discipline as security to the status of a profession provokes polarised opinions. This article reviews the literature, examining what elements identify a security professional and exploring the significant themes and issues. To support these elements, security experts (n=27) were surveyed using a multidimensional scaling technique …

Go to article

National Security: A Propositional Study To Develop Resilience Indicators As An Aid To Personnel Vetting, David Brooks, Jeff Corkill, Julie-Ann Pooley, Lynne Cohen, Cath Ferguson, Craig Harmes Nov 2010

National Security: A Propositional Study To Develop Resilience Indicators As An Aid To Personnel Vetting, David Brooks, Jeff Corkill, Julie-Ann Pooley, Lynne Cohen, Cath Ferguson, Craig Harmes

Australian Security and Intelligence Conference

Within the National Security domain there is a convergence of security responsibility across the national security agencies, law enforcement and private security sectors. The sensitivity of this environment requires individuals operating in the domain to be honest, trustworthy and loyal. Personnel vetting is a formal process used to determine an individual’s suitability for access to this domain. Notwithstanding this process, significant breaches of trust, security, and corruption still occur. In psychology, resilience is a well researched phenomenon that is considered a multidimensional construct where individual attributes, family aspects and social environment interact in aiding individuals to deal with vulnerability. There …

Go to article

Mahalanobis Distance Map Approach For Anomaly Detection, Aruna Jamdagnil, Zhiyuan Tan, Priyadarsi Nanda, Xiangjian He, Ren Ping Liu Nov 2010

Mahalanobis Distance Map Approach For Anomaly Detection, Aruna Jamdagnil, Zhiyuan Tan, Priyadarsi Nanda, Xiangjian He, Ren Ping Liu

Australian Information Security Management Conference

Web servers and web-based applications are commonly used as attack targets. The main issues are how to prevent unauthorised access and to protect web servers from the attack. Intrusion Detection Systems (IDSs) are widely used security tools to detect cyber-attacks and malicious activities in computer systems and networks. In this paper, we focus on the detection of various web-based attacks using Geometrical Structure Anomaly Detection (GSAD) model and we also propose a novel algorithm for the selection of most discriminating features to improve the computational complexity of payload-based GSAD model. Linear Discriminant method (LDA) is used for the feature reduction …

Go to article

“Make A Bomb In Your Mums Kitchen”: Cyber Recruiting And Socialisation Of ‘White Moors’ And Home Grown Jihadists, Robyn Torok Nov 2010

“Make A Bomb In Your Mums Kitchen”: Cyber Recruiting And Socialisation Of ‘White Moors’ And Home Grown Jihadists, Robyn Torok

Australian Counter Terrorism Conference

As a consequence of the war on terror, al-Qaeda and associated jihad groups have evolved and made increasing use of internet technologies for cyber recruitment. Recently, there has been an increasing focus on recruiting home grown terrorists who can more easily escape the scrutiny of cross border entries. Case study analysis indicates that links do exist between cyber tools, radicalisation and terrorism, however, the strength and nature of these relationships is generally unclear. Evidence does seem to support that cyber tools are most significant in the initial phases of recruitment and radicalisation. Coupled with this is the strong evolution of …

Go to article

An Information Security Governance Framework For Australian Primary Care Health Providers, Donald C. Mcdermid, Rachel J. Mahncke, Patricia A H Williams Nov 2010

An Information Security Governance Framework For Australian Primary Care Health Providers, Donald C. Mcdermid, Rachel J. Mahncke, Patricia A H Williams

Australian Information Security Management Conference

The competitive nature of business and society means that the protection of information, and governance of the information security function, is increasingly important. This paper introduces the notion of a governance framework for information security for health providers. It refines the idea of an IT Balanced Scorecard into a scorecard process for use in governing information security for primary care health providers, where IT and security skills may be limited. The approach amends and justifies the four main elements of the scorecard process. The existence of a governance framework specifically tailored for the needs of primary care practice is a …

Go to article

Information Security Disclosure: A Victorian Case Study, Ian Rosewall, Matthew Warren Nov 2010

Information Security Disclosure: A Victorian Case Study, Ian Rosewall, Matthew Warren

Australian Information Security Management Conference

This paper will focus upon the impact of Generation Y and their attitudes to security. The paper will be based around discussing the findings of a recent report by the Office of Police Integrity (OPI) on “Information Security and the Victoria Police State Surveillance Unit”. Issues that will be discussed include the context of Generation Y and how they contribute to the case study, their attitudes, or their perceived attitudes to security of information. A discussion of the OPI report itself, and the issues that have arisen. A brief overview of the key findings within this report and the implications …

Go to article

Yet Another Symbian Vulnerability Update, Nizam Uddin Bhuiyan Nov 2010

Yet Another Symbian Vulnerability Update, Nizam Uddin Bhuiyan

Australian Information Security Management Conference

The more the mobile devices are approaching to advance their security, the numbers of vulnerabilities are also becoming more astonishing. The number of mobile phones including smart phones is rising vertically, and so has the amount of malware activity. This report documents the latest threats in Symbian mobile industry and analyses the consequence. In addition, it will suggest the possible solution that may help individuals to protect their device & ultimately maintain the privacy.

Go to article

Organisational Learning And Incident Response: Promoting Effective Learning Through The Incident Response Process, Piya Shedden, Atif Ahmad, A B. Ruighaver Nov 2010

Organisational Learning And Incident Response: Promoting Effective Learning Through The Incident Response Process, Piya Shedden, Atif Ahmad, A B. Ruighaver

Australian Information Security Management Conference

Effective response to information security incidents is a critical function of modern organisations. However, recent studies have indicated that organisations have adopted a narrow and technical view of incident response (IR), focusing on the immediate concern of detection and subsequent corrective actions. Although some reflection on the IR process may be involved, it is typically limited to technical issues and does not leverage opportunities to learn about the organisational security threat environment and to adapt incident response capabilities. Given the science of incident response is rooted in practice, it is not surprising that the same criticisms can be applied to …

Go to article

An Analytical Study Of It Security Governance And Its Adoption On Australian Organisations, Tanveer A. Zia Nov 2010

An Analytical Study Of It Security Governance And Its Adoption On Australian Organisations, Tanveer A. Zia

Australian Information Security Management Conference

Contemporary organisations are at infancy stages of adopting IT governance processes in Australia. Organisations who have adopted these processes underestimate the security processes within the governance framework. If the security processes are designed, they are often flawed with operational level implementation. This study investigates IT security governance broadly and in Australian organisations specifically. The objective of this study is to bring the local organisations in alignment with international standards and frameworks in terms of integration of information security, IT audits, risks and control measures. A survey of selected organisations is completed and results are presented in this paper identifying the …

Go to article

Success Of Agile Environment In Complex Projects, Abbass Ghanbary, Julian Day Nov 2010

Success Of Agile Environment In Complex Projects, Abbass Ghanbary, Julian Day

Australian Information Warfare and Security Conference

This paper discusses the impact of agile methodology in complex and modular interrelated projects based on the authors’ practical experience and observations. With the advancement of Web technologies and complex computer systems, business applications are able to transcend boundaries in order to fully meet business requirements and comply with the legislation, policies and procedures. The success of software development as well as software deployment of these complex applications is dependent upon the employed methodology and project management. This is so because employed methodology plays an important position in capturing and modeling of business requirements and project management helps to ensure …

Go to article

International Relations And Cyber Attacks: Official And Unofficial Discourse, Kay Hearn, Patricia A H Williams, Rachel J. Mahncke Nov 2010

International Relations And Cyber Attacks: Official And Unofficial Discourse, Kay Hearn, Patricia A H Williams, Rachel J. Mahncke

Australian Information Warfare and Security Conference

The potential for cyberwarfare is vast and is of concern to all nations, and national security defence. It appears that many countries are actively trying to protect their computer networks, whilst looking for ways that might bring down the networks of other countries, although this is not officially acknowledged. Bringing down another nations computer networks could give the attacking national intelligence and control. These kinds of interactions are now a part of the way in which international relations are played out, and the internet is also a place in which international relations are contested. As such the internet plays a …

Go to article

2d Spatial Distributions For Measures Of Random Sequences Using Conjugate Maps, Qingping Li, Jeffrey Zhi J. Zheng Nov 2010

2d Spatial Distributions For Measures Of Random Sequences Using Conjugate Maps, Qingping Li, Jeffrey Zhi J. Zheng

Australian Information Warfare and Security Conference

Advanced visual tools are useful to provide additional information for modern information warfare. 2D spatial distributions of random sequences play an important role to understand properties of complex sequences. This paper proposes time-sequences from a given logical function of 1D Cellular Automata in both Poincare map and conjugate map. Multiple measure sequences of Markov chains can be used to display spatial distributions using conjugate maps. Measure sequences recursively produced by different logical functions generating maps. Possible complementary feature exits between pair functions, Conjugate symmetry relationships between a pair of logical functions in conjugate maps can be observed.

Go to article

Influence Operations: Action And Attitude, William Hutchinson Nov 2010

Influence Operations: Action And Attitude, William Hutchinson

Australian Information Warfare and Security Conference

This paper investigates the relationships between attitudes, behaviour and influence. The major objective of influence operations is predominantly to exert soft power and in doing this there is an assumption that it will change attitudes. It is assumed that by changing attitudes favourable to the influencer that behaviours will be changed. However, this is a problematic assumption. Influence operations whose messages seem to contradict the real behaviour of the influencer tends to nullify the message; and, in fact, might reinforce the attitudes and behaviours of the foe and begin to alienate friends. Messages should be based on a credible reality; …

Go to article

Information Warfare: Time For A Redefinition, Patricia A H Williams Nov 2010

Information Warfare: Time For A Redefinition, Patricia A H Williams

Australian Information Warfare and Security Conference

Information warfare has become an increasingly diverse field. The changes to its composition have been primarily driven by changes in technology and the resulting increased access to information. Further, it has been the progressively more diverse methods available for communication that has fuelled expanding applications for information warfare techniques into non-military environments. In order for younger generations of students to understand the place of information warfare in the larger security picture, there is a need to shift the emphasis from many of the military underpinnings to its relevance in modern society and the challenges in the commercial environment. This paper …

Go to article

Australian Critical Infrastructure Protection: A Case Of Two Tales, Matthew Warren, Graeme Pye, William Hutchinson Nov 2010

Australian Critical Infrastructure Protection: A Case Of Two Tales, Matthew Warren, Graeme Pye, William Hutchinson

Australian Information Warfare and Security Conference

The protection of critical infrastructures and the choices made in terms of priorities and cost, all impact upon the planning, precautions and security aspects of protecting these important systems. Often the when choices made is difficult to assess at the time the decision is taken and it is only after an incident that the truth of the choices made become fully evident. The paper focuses on two recent examples of Australian Critical Infrastructure protection and the issues that related to those examples.

Go to article

Criminal Intelligence Career Development – Supporting The Case For Integration And Inclusion, Wayne Snell Nov 2010

Criminal Intelligence Career Development – Supporting The Case For Integration And Inclusion, Wayne Snell

Australian Security and Intelligence Conference

The implementation of a developmental continuum for intelligence professionals, based on a traditional competency model may be ubiquitous across the breadth of intelligence. This paper argues that specialised contextual and cultural education and training and subsequent recognition of those skills, knowledge and attributes, is an essential element in achieving organisational and individual objectives for criminal intelligence professionals. The full integration of criminal intelligence operations into police and law enforcement decision making at the tactical, operational and strategic levels is an aspirational step in achieving a multidisciplinary operational environment. The delineation of intelligence practitioners based on employment status, facilitated by the …

Go to article

Detect And Sanitise Encoded Cross-Site Scripting And Sql Injection Attack Strings Using A Hash Map, Erwin Adi, Irene Salomo Nov 2010

Detect And Sanitise Encoded Cross-Site Scripting And Sql Injection Attack Strings Using A Hash Map, Erwin Adi, Irene Salomo

Australian Information Security Management Conference

Cross-Site Scripting (XSS) and SQL injection are the top vulnerabilities found in web applications. Attacks to these vulnerabilities could have been minimised through placing a good filter before the web application processes the malicious strings. However adversaries could craft variations on the attack strings in such a way that they do not get filtered. Checking through all of the possible attack strings was tedious and causes the web application performance to degrade. In this paper, we propose the use of a hash map as a data structure to address the issue. We implemented a proof-of-concept filter which we tested through …

Go to article

Threat Modelling With Stride And Uml, Michael N. Johnstone Nov 2010

Threat Modelling With Stride And Uml, Michael N. Johnstone

Australian Information Security Management Conference

Threat modelling as part of risk analysis is seen as an essential part of secure systems development. Microsoft’s Security Development Lifecycle (SDL) is a well-known software development method that places security at the forefront of product initiation, design and implementation. As part of SDL, threat modelling produces data flow diagrams (DFDs) as key artefacts and uses those diagrams as mappings with STRIDE to identify threats. This paper uses a standard case study to illustrate the effects of using an alternative process model (UML activity diagrams) with STRIDE and suggests that using a more modern process diagram can generate a more …

Go to article

A Novel Design And Implementation Of Dos-Resistant Authentication And Seamless Handoff Scheme For Enterprise Wlans, Isaac Lee, Ray Hunt Nov 2010

A Novel Design And Implementation Of Dos-Resistant Authentication And Seamless Handoff Scheme For Enterprise Wlans, Isaac Lee, Ray Hunt

Australian Information Security Management Conference

With the advance of wireless access technologies, the IEEE 802.11 wireless local area network (WLAN) has gained significant increase in popularity and deployment due to the substantially improved transmission rate and decreased deployment costs. However, this same widespread deployment makes WLANs an attractive target for network attacks. Several vulnerabilities have been identified and reported regarding the security of the current 802.11 standards. To address those security weaknesses, IEEE standard committees proposed the 802.11i amendment to enhance WLAN security. The 802.11i standard has demonstrated the capability of providing satisfactory mutual authentication, better data confidentiality, and key management support, however, the design …

Go to article

Information Leakage Through Online Social Networking: Opening The Doorway For Advanced Persistence Threats, Nurul Nuha Abdul Molok, Shanton Chang, Atif Ahmad Nov 2010

Information Leakage Through Online Social Networking: Opening The Doorway For Advanced Persistence Threats, Nurul Nuha Abdul Molok, Shanton Chang, Atif Ahmad

Australian Information Security Management Conference

The explosion of online social networking (OSN) in recent years has caused damages to organisations due to leakage of information by their employees. Employees’ social networking behaviour, whether accidental or intentional, provides an opportunity for advanced persistent threats (APT) attackers to realise their social engineering techniques and undetectable zero-day exploits. APT attackers use a spear-phishing method that targeted on key employees of victim organisations through social media in order to conduct reconnaissance and theft of confidential proprietary information. This conceptual paper posits OSN as the most challenging channel of information leakage and provides an explanation about the underlying factors of …

Go to article

Wikileaks: The Truth Or Not, Ian Rosewall, Matthew J. Warren Nov 2010

Wikileaks: The Truth Or Not, Ian Rosewall, Matthew J. Warren

Australian Information Warfare and Security Conference

We live in the Information Age, an age where information is shared in a global context and in real time. The issue is whether all information should be disclosed. In the ‘Information Age’ do secrets still exist? Another major issue is whether groups of vigilantes are the ones who should be disclosing this information, should these vigilante groups be trusted? This paper will focus upon the impact of Wikileaks and the problem of Information disclosure especially when that information is confidential. It will identify cases for discussion. In the main these cases will be of a military flavour.

Go to article

A Proposed Policy-Based Management Architecture For Wireless Clients Operating In A Heterogeneous Mobile Environment, Mayank Keshariya, Ray Hunt Nov 2010

A Proposed Policy-Based Management Architecture For Wireless Clients Operating In A Heterogeneous Mobile Environment, Mayank Keshariya, Ray Hunt

Australian Information Security Management Conference

The objective of this paper is to provide a managed always best connected service to mobile entities over underlying heterogeneous wireless and mobile platforms while maintaining negotiated security and quality of service (QoS). This paper proposes a new model and its architecture which is based upon Policy-based Management but provides a new framework based on layered-approach for the centralised management of mobile clients. In particular, we propose and implement a new model of a policy-managed mobile client and its architecture to support seamless handoff across multiple access networks. The proposed mobile client supports multi-domain authentication, authorisation and security based on …

Go to article

Micro-Blogging In The Workplace, Chia Yao Lee, Matthew Warren Nov 2010

Micro-Blogging In The Workplace, Chia Yao Lee, Matthew Warren

Australian Information Security Management Conference

Micro-blogging services such as Twitter, Yammer, Plurk and Google Buzz have generated substantial interest among members of the business community in recent years. Many CEOs, managers and front-line employees have embraced micro-blogs as a tool for interacting with colleagues, employees, customers, suppliers and investors. Micro-blogs are considered a more informal channel than emails and official websites, and thus present a different set of challenges to businesses. As a positional paper, this paper uses a case study of a bogus Twitter account to emphasise security and ethical issues relating to (i) Trust, Accuracy and Authenticity of Information, (ii) Privacy and Confidentiality, …

Go to article

Anomaly Detection Over User Profiles For Intrusion Detection, Grant Pannell, Helen Ashman Nov 2010

Anomaly Detection Over User Profiles For Intrusion Detection, Grant Pannell, Helen Ashman

Australian Information Security Management Conference

Intrusion detection systems (IDS) have often been used to analyse network traffic to help network administrators quickly identify and respond to intrusions. These detection systems generally operate over the entire network, identifying “anomalies” atypical of the network’s normal collective user activities. We show that anomaly detection could also be host-based so that the normal usage patterns of an individual user could be profiled. This enables the detection of masquerading intruders by comparing a learned user profile against the current session’s profile. A prototype behavioural IDS applies the concept of anomaly detection to user behaviour and compares the effects of using …

Go to article

The Complexity Of Security Studies In Nfc Payment System, Marc Pasquet, Sylvie Gerbaix Nov 2010

The Complexity Of Security Studies In Nfc Payment System, Marc Pasquet, Sylvie Gerbaix

Australian Information Security Management Conference

If we compare the security problem of a face-to-face contactless card payment process with a mobile phone NFC payment process, we may easily consider that the latter is far more difficult to study. Indeed, the more partners from different organizations involved in the process there are, the more complex the studies are and, accordingly, its protection. As well as the current solutions applied to studying the electronic payment security chain (Common Criteria, ISO 27005, etc), the James Reason model has pointed out the specific risks implied by the interaction between the different links in a complex chain. His theory has …

Go to article

Development And Evaluation Of A Secure Web Gateway Using Existing Icap Open Source Tools, Michael Pearce, Ray Hunt Nov 2010

Development And Evaluation Of A Secure Web Gateway Using Existing Icap Open Source Tools, Michael Pearce, Ray Hunt

Australian Information Security Management Conference

This work in progress paper discusses the development and evaluation of an open source secure web gateway. The proof of concept system uses a combination of open source software (including the Greasyspoon ICAP Server, Squid HTTP proxy, and Clam Antivirus) to perform the various security tasks that range from simple (such as passive content insertion) to more advanced (such as active content alteration) by modules installed on the server. After discussing the makeup of the proof of concept system we discuss our evaluation methodology for both effectiveness and performance. The effectiveness was tested using comparative analysis of groups of self-browsing …

Go to article

Next Last