Information Security Commons^™

Recommender Systems Research: A Connection-Centric Survey, Saverio Perugini, Marcos André Gonçalves, Edward A. Fox

Saverio Perugini

Recommender systems attempt to reduce information overload and retain customers by selecting a subset of items from a universal set based on user preferences. While research in recommender systems grew out of information retrieval and filtering, the topic has steadily advanced into a legitimate and challenging research area of its own. Recommender systems have traditionally been studied from a content-based filtering vs. collaborative design perspective. Recommendations, however, are not delivered within a vacuum, but rather cast within an informal community of users and social context. Therefore, ultimately all recommender systems make connections among people and thus should be surveyed from …

Information Assurance Through Binary Vulnerability Auditing, William B. Kimball, Saverio Perugini

Saverio Perugini

The goal of this research is to develop improved methods of discovering vulnerabilities in software. A large volume of software, from the most frequently used programs on a desktop computer, such as web browsers, e-mail programs, and word processing applications, to mission-critical services for the space shuttle, is unintentionally vulnerable to attacks and thus insecure. By seeking to improve the identification of vulnerabilities in software, the security community can save the time and money necessary to restore compromised computer systems. In addition, this research is imperative to activities of national security such as counterterrorism. The current approach involves a systematic …

Personalization By Website Transformation: Theory And Practice, Saverio Perugini

Saverio Perugini

We present an analysis of a progressive series of out-of-turn transformations on a hierarchical website to personalize a user’s interaction with the site. We formalize the transformation in graph-theoretic terms and describe a toolkit we built that enumerates all of the traversals enabled by every possible complete series of these transformations in any site and computes a variety of metrics while simulating each traversal therein to qualify the relationship between a site’s structure and the cumulative effect of support for the transformation in a site. We employed this toolkit in two websites. The results indicate that the transformation enables users …

Staging Transformations For Multimodal Web Interaction Management, Michael Narayan, Christopher Williams, Saverio Perugini, Naren Ramakrishnan

Saverio Perugini

Multimodal interfaces are becoming increasingly ubiquitous with the advent of mobile devices, accessibility considerations, and novel software technologies that combine diverse interaction media. In addition to improving access and delivery capabilities, such interfaces enable flexible and personalized dialogs with websites, much like a conversation between humans. In this paper, we present a software framework for multimodal web interaction management that supports mixed-initiative dialogs between users and websites. A mixed-initiative dialog is one where the user and the website take turns changing the flow of interaction. The framework supports the functional specification and realization of such dialogs using staging transformations – …

Mapping The Consensual Knowledge Of Security Risk Management Experts, David J. Brooks

David J Brooks Dr.

The security industry comprises of diverse and multidisciplined practitioners, originating from many disciplines. It has been suggested that the industry has an undefined knowledge structure, although security experts contain a rich knowledge structure. There has also been limited research mapping security expert knowledge structure, reducing the ability of tertiary educators to provide industry focused teaching and learning. The study utilized multidimensional scaling (MDS) and expert interviews to map the consensual knowledge structure of security experts in their understanding of security risk. Security risk concepts were extracted and critiqued from West Australian university courses. Linguistic analysis categorised the more utilized security …

Corporate Security: Using Knowledge Construction To Define A Practising Body Of Knowledge, David Brooks

David J Brooks Dr.

Security is a multidimensional concept, with many meanings, practising domains, and heterogeneous occupations. Therefore, it is difficult to define security as a singular concept, although understanding may be achieved by its applied context in presenting a domicile body of knowledge. There have been studies that have presented a number of corporate security bodies of knowledge; however, there is still restricted consensus. From these past body of knowledge studies, and supported by multidimensional scaling knowledge mapping, a body of knowledge framework is put forward, integrating core and allied knowledge categories. The core knowledge categories include practise areas such as risk management, …

Security Risk Assessment: Group Approach To A Consensual Outcome, Ben Beard, David J. Brooks

David J Brooks Dr.

AS/NZS4360:2004 suggests that the risk assessment process should not be conducted or information gathered in isolation. This insular method of data collection may lead to inaccurate risk assessment, as stakeholders with vested interests may emphasise their own risks or game the risk assessment process. The study demonstrated how a consensual risk assessment approach may result in a more acceptable risk assessment outcome when compared to individual assessments. The participants were senior managers at a West Australian motel located on the West Coast Highway, Scarborough. The motel consists of four three storey blocks of units, resulting in a total of 75 …

Darwin: A Ground Truth Agnostic Captcha Generator Using Evolutionary Algorithm, Eric Y. Chen, Lin-Shung Huang, Ole J. Mengshoel, Jason D. Lohn

Ole J Mengshoel

Architecture-Based Self-Protection: Composing And Reasoning About Denial-Of-Service Mitigations, Bradley Schmerl, Javier Camara, Jeffrey Gennari, David Garlan, Paulo Casanova, Gabriel A. Moreno, Thomas J. Glazierr, Jeffrey M. Barnes

Gabriel A. Moreno

Security features are often hardwired into software applications, making it difficult to adapt security responses to reflect changes in runtime context and new attacks. In prior work, we proposed the idea of architecture-based self-protection as a way of separating adaptation logic from application logic and providing a global per- spective for reasoning about security adaptations in the context of other business goals. In this paper, we present an approach, based on this idea, for combating denial-of-service (DoS) attacks. Our approach allows DoS-related tactics to be composed into more so- phisticated mitigation strategies that encapsulate possible responses to a security problem. …

Seniors Language Paradigms: 21st Century Jargon And The Impact On Computer Security And Financial Transactions For Senior Citizens, David M. Cook, Patryck Szewczyk, Krishnun Sansurooah

Dr. David M Cook

Senior Citizens represent a unique cohort of computer users insomuch as they have come to the field of computer usage later in life, as novices compared to other users. As a group they exhibit a resentment, mistrust and ignorance towards cyber related technology that is born out of their educational and social experiences prior to widespread information technology. The shift from analogue to digital proficiency has been understated for a generation of citizens who were educated before computer usage and internet ubiquity. This paper examines the language difficulties encountered by senior citizens in attempting to engage in banking and communications …

Mitigating Cyber-Threats Through Public-Private Partnerships: Low Cost Governance With High-Impact Returns , David M. Cook

Dr. David M Cook

The realization that cyber threats can cause the same devastation to a country as physical security risks has taken the long route towards acceptance. Governments and businesses have thrown the glove of responsibility back and forth on numerous occasions, with government agencies citing the need for private enterprise to take up the mantle, and Business returning the gesture by proposing a ‘national’ perspective on cyber security. Ambit claims such as these drain a range of security resources when both sides should work in concert by directing all available energy towards resolving cyber-threats. This paper compares the public-private arrangements through Australasia …

Securing The Elderly: A Developmental Approach To Hypermedia Based Online Information Security For Senior Novice Computer Users, David M. Cook, Patryck Szewczyk, Krishnun Sansurooah

Dr. David M Cook

Whilst security threats to the general public continue to evolve, elderly computer users with limited skill and knowledge are left playing catch-up in an ever-widening gap in fundamental cyber-related comprehension. As a definable cohort, the elderly generally lack awareness of current security threats, and remain under-educated in terms of applying appropriate controls and safeguards to their computers and networking devices. This paper identifies that web-based computer security information sources do not adequately provide helpful information to senior citizen end-users in terms of both design and content. It subsequently demonstrates a solution designed with the elderly, yet novice, end-user in mind. …

Birds Of A Feather Deceive Together: The Chicanery Of Multiplied Metadata, David M. Cook

Dr. David M Cook