Benefits of Location-Based Access Control:A Literature Study

Location-based access control (LBAC) has been suggested as a means to improve IT security. By 'grounding' users and systems to a particular location, \ud attackers supposedly have more difficulty in compromising a system. However, the motivation behind LBAC and its potential benefits have not been investigated thoroughly. To this end, we perform a structured literature review, and examine the goals that LBAC can potentially fulfill, \ud the specific LBAC systems that realize these goals and the context on which LBAC depends. Our paper has four main contributions:\ud first we propose a theoretical framework for LBAC evaluation, based on goals, systems and context. Second, we formulate and apply criteria for evaluating the usefulness of an LBAC system. Third, we identify four usage scenarios for LBAC: open areas and systems, hospitals, enterprises, and finally data centers and military facilities. Fourth, we propose directions for future research:\ud (i) assessing the tradeoffs between location-based, physical and logical access control, (ii) improving the transparency of LBAC decision making, and \ud (iii) formulating design criteria for facilities and working environments for optimal LBAC usage

The Impact of Automation and Stress on Human Performance in UAV Operation

The United States Air Force (USAF) has increasing needs for unmanned aerial vehicle (UAV) operators. Automation may enable a single operator to manage multiple UAVs at the same time. Multi-UAV operation may require a unique set of skills and the need for new operators calls for targeting new populations for recruitment. The objective of this research is to develop a simulation environment for studying the role of individual differences in UAV operation under different task configurations and investigate predictors of performance and stress. Primarily, the study examined the impact of levels of automation (LOAs), as well as task demands, on task performance, stress and operator reliance on automation. Two intermediate LOAs were employed for two surveillance tasks included in the simulation of UAV operation. Task demand was manipulated via the high and low frequency of events associated with additional tasks included in the simulation. The task demand and LOA manipulations influenced task performance generally as expected. The task demand manipulations elicited higher subjective distress and workload. LOAs did not affect operator workload but affected reliance behavior. Also, this study examined the role of individual differences in simulated UAV operation. A variety of individual difference factors were associated with task performance and with subjective stress response. Video gaming experience was linked to lower distress and better performance, suggesting possible transfer of skills. Some gender differences were revealed in stress response, task performance, but all the gender effects became insignificant with gaming experience controlled. Generally, the effects of personality were consistent with previous studies, except some novel findings with the performance metrics. Additionally, task demand was found to moderate the influence of personality factors on stress response and performance metrics. Specifically, conscientiousness was associated with higher subjective engagement and performance when demands were higher. This study supports future research which aims to improve the dynamic interfaces in UAV operation, optimize operator reliance on automation, and identify individuals with the highest aptitude for multi-UAV control

Gaming security by obscurity

Shannon sought security against the attacker with unlimited computational powers: *if an information source conveys some information, then Shannon's attacker will surely extract that information*. Diffie and Hellman refined Shannon's attacker model by taking into account the fact that the real attackers are computationally limited. This idea became one of the greatest new paradigms in computer science, and led to modern cryptography. Shannon also sought security against the attacker with unlimited logical and observational powers, expressed through the maxim that "the enemy knows the system". This view is still endorsed in cryptography. The popular formulation, going back to Kerckhoffs, is that "there is no security by obscurity", meaning that the algorithms cannot be kept obscured from the attacker, and that security should only rely upon the secret keys. In fact, modern cryptography goes even further than Shannon or Kerckhoffs in tacitly assuming that *if there is an algorithm that can break the system, then the attacker will surely find that algorithm*. The attacker is not viewed as an omnipotent computer any more, but he is still construed as an omnipotent programmer. So the Diffie-Hellman step from unlimited to limited computational powers has not been extended into a step from unlimited to limited logical or programming powers. Is the assumption that all feasible algorithms will eventually be discovered and implemented really different from the assumption that everything that is computable will eventually be computed? The present paper explores some ways to refine the current models of the attacker, and of the defender, by taking into account their limited logical and programming powers. If the adaptive attacker actively queries the system to seek out its vulnerabilities, can the system gain some security by actively learning attacker's methods, and adapting to them?Comment: 15 pages, 9 figures, 2 tables; final version appeared in the Proceedings of New Security Paradigms Workshop 2011 (ACM 2011); typos correcte

Multicast Mobility in Mobile IP Version 6 (MIPv6) : Problem Statement and Brief Survey

Publisher PD

The Internationalization of Agency Actions

U.S. agencies routinely base their domestic regulations on international considerations, such as the benefits of coordinating American and foreign standards or the foreign policy advantages of a particular policy. I refer to this phenomenon as the internationalization of agency actions. This Article examines what the internationalization of agency actions means for agency decision-making processes, institutional design, and legal doctrine. It creates a stylized model of how agencies determine whether to coordinate their standards with foreign regulations. Among other institutional design findings, it shows that court opinions that reduce the stringency of judicial review when agencies implement internationally coordinated standards make such coordination more likely to occur, but they simultaneously deprive the executive of bargaining power because U.S. agencies cannot credibly threaten that any coordinated agreement must align more closely with U.S. values or risk being overturned in U.S. courts. This Article also develops a taxonomy of international factors relied on by agencies and applies that taxonomy to help clarify the doctrinal issue of whether and when agencies can use international factors to justify their actions in court. This taxonomical approach shows how the Supreme Court’s opinion in Massachusetts v. EPA can reasonably be read to allow agencies to invoke a far broader range of foreign policy rationales than some prevailing views suggest