The New South Wales iVote System: Security Failures and Verification Flaws in a Live Online Election

In the world's largest-ever deployment of online voting, the iVote Internet voting system was trusted for the return of 280,000 ballots in the 2015 state election in New South Wales, Australia. During the election, we performed an independent security analysis of parts of the live iVote system and uncovered severe vulnerabilities that could be leveraged to manipulate votes, violate ballot privacy, and subvert the verification mechanism. These vulnerabilities do not seem to have been detected by the election authorities before we disclosed them, despite a pre-election security review and despite the system having run in a live state election for five days. One vulnerability, the result of including analytics software from an insecure external server, exposed some votes to complete compromise of privacy and integrity. At least one parliamentary seat was decided by a margin much smaller than the number of votes taken while the system was vulnerable. We also found protocol flaws, including vote verification that was itself susceptible to manipulation. This incident underscores the difficulty of conducting secure elections online and carries lessons for voters, election officials, and the e-voting research community

10341 Abstracts Collection -- Insider Threats: Strategies for Prevention, Mitigation, and Response

From August 22 to 26, 2010, the Dagstuhl Seminar 10341 ``Insider Threats: Strategies for Prevention, Mitigation, and Response\u27\u27 was held in Schloss Dagstuhl~--~Leibniz Center for Informatics. During the seminar, several participants presented their current research, and ongoing work and open problems were discussed. Abstracts of the presentations given during the seminar as well as abstracts of seminar results and ideas are put together in this paper. The first section describes the seminar topics and goals in general. Links to extended abstracts or full papers are provided, if available

Reducing Data Loss and Saving Money by Acquiring Data Loss Prevention Software

Choosing and implementing the right security software tools can protect a company’s assets. In particular, data breaches might not happen if a company is aware of its information flow and has the proper tool to protect it. This thesis paper will explain why and how acquiring data loss prevention (DLP) software will help a company to reduce data loss, mitigate the loss impact and save money. Facts and examples are provided to support and illustrate the statement above

Integrate Text Mining into Computer and Information Security Education

Insider threats has become a significant challenge to organization, due to the employees varying levels of access to the internal network. This will intern bypass the external security measures that have been put in place to protect the organization’s resources. Computer-mediated communication (CMC) is a form of communication over virtual spaces where users cannot see each other. CMC includes email and communication over social networks, amongst others. This paper focuses on the design and implementation of exercise modules, which can be integrated into cybersecurity courses. The main objectives of the paper include how to teach and integrate the CMC learning modules into cyber security courses. Further, experimental case studies and hands-on labs will be discussed to facilitate effective teaching practices pertaining to cybersecurity education

Secure Software Engineering Education: Knowledge Area, Curriculum and Resources

This paper reviews current efforts and resources in secure software engineering education, with the goal of providing guidance for educators to make use of these resources in developing secure software engineering curriculum. These resources include Common Body of Knowledge, reference curriculum, sample curriculum materials, hands-on exercises, and resources developed by industry and open source community. The relationship among the Common Body of Knowledge proposed by the Department of Homeland Security, the Software Engineering Institute at Carnegie Mellon University, and ACM/IEEE are discussed. The recent practices on secure software engineering education, including secure software engineering related programs, courses, and course modules are reviewed. The course modules are categorized into four categories to facilitate the adoption of these course modules. Available hands-on exercises developed for teaching software security are described and mapped to the taxonomy of coding errors. The rich resources including various secure software development processes, methods and tools developed by industry and open source community are surveyed. A road map is provided to organize these resources and guide educators in adopting these resources and integrating them into their courses

Regulating Habit-Forming Technology

Tech developers, like slot machine designers, strive to maximize the user’s “time on device.” They do so by designing habit-forming products— products that draw consciously on the same behavioral design strategies that the casino industry pioneered. The predictable result is that most tech users spend more time on device than they would like, about five hours of phone time a day, while a substantial minority develop life-changing behavioral problems similar to problem gambling. Other countries have begun to regulate habit-forming tech, and American jurisdictions may soon follow suit. Several state legislatures today are considering bills to regulate “loot boxes,” a highly addictive slot-machine- like mechanic that is common in online video games. The Federal Trade Commission has also announced an investigation into the practice. As public concern mounts, it is surprisingly easy to envision consumer regulation extending beyond video games to other types of apps. Just as tobacco regulations might prohibit brightly colored packaging and fruity flavors, a social media regulation might limit the use of red notification badges or “streaks” that reward users for daily use. It is unclear how much of this regulation could survive First Amendment scrutiny; software, unlike other consumer products, is widely understood as a form of protected “expression.” But it is also unclear whether well-drawn laws to combat compulsive technology use would seriously threaten First Amendment values. At a very low cost to the expressive interests of tech companies, these laws may well enhance the quality and efficacy of online speech by mitigating distraction and promoting deliberation

The Nuclear Security Science and Policy Institute at Texas A&M University

The Nuclear Security Science and Policy Institute (NSSPI) is a multidisciplinary organization at Texas A&M University and was the first U.S. academic institution focused on technical graduate education, research, and service related to the safeguarding of nuclear materials and the reduction of nuclear threats. NSSPI employs science, engineering, and policy expertise to: (1) conduct research and development to help detect, prevent, and reverse nuclear and radiological proliferation and guard against nuclear terrorism; (2) educate the next generation of nuclear security and nuclear nonproliferation leaders; (3) analyze the interrelationships between policy and technology in the field of nuclear security; and (4) serve as a public resource for knowledge and skills to reduce nuclear threats. Since 2006, over 31 Doctoral and 73 Master degrees were awarded through NSSPI-sponsored research. Forty-one of those degrees are Master of Science in Nuclear Engineering with a specialization in Nuclear Nonproliferation and 16 were Doctorate of Philosophy degrees with a specific focus on nuclear nonproliferation. Over 200 students from both technical and policy backgrounds have taken classes provided by NSSPI at Texas A&M. The model for creating safeguards and security experts, which has in large part been replicated worldwide, was established at Texas A&M by NSSPI faculty and staff. In addition to conventional classroom lectures, NSSPI faculty have provided practical experiences; advised students on valuable research projects that have contributed substantially to the overall nuclear nonproliferation, safeguards and security arenas; and engaged several similar academic and research institutes around the world in activities and research for the benefit of Texas A&M students. NSSPI has had an enormous impact on the nuclear nonproliferation workforce (across the international community) in the past 8 years, and this paper is an attempt to summarize the activities accomplished by NSSPI during this time and the future direction of the program

College Report Fall 2019

Dear COES Friends, As we finish the 2019 Fall Quarter, I would like to express my appreciation to our students, faculty, staff, alumni and friends. Our students provide leadership throughout campus, volunteering for projects that enhance the College and University, while faculty and staff continue to find increasingly effective ways to engage students. I am appreciative that you, our alumni and friends, continue to support our students by devoting time to industry boards and student organizations. I believe that, together, we are creating an environment built for success. On that note, I am pleased to announce that students will begin using learning spaces in the Integrated Engineering and Science Building this winter quarter. In this report, you’ll learn more about the building. You’ll also learn about senior Mechanical Engineering student Luke Moreau’s family ties to Louisiana Tech, Dr. Elisabeth Fatila’s dedication to students learning chemistry and how students in the CyberCorps® Scholarship for Service program are preparing to protect us from cyber threats. Building a Legacy, the theme of this report reflects on both the content of these articles and the community that we are building together. I hope you enjoy this snapshot of the Louisiana Tech University College of Engineering and Science. Best Regards, Hisham Hegab, Ph.D. Dean and Max Watson, Sr., Professorhttps://digitalcommons.latech.edu/coes-annual-reports/1001/thumbnail.jp