Introduction to Security for Computer Architecture Students

Supplementary material for a graduate computer architecture class (4824) at Columbia

Human Factors in Information-Age Trade Secret Protection

[Excerpt] Trade secret information security involves a multi-dimensional array of human, legal, and technological factors. I argue that organizational culture, employee policies, and other human factors are fundamental prerequisites to the successful implementation of legal and technological security measures. After a brief introduction to trade secret law for the nonlegal reader, I present an overview of trade secret litigation and an analysis of computer hacking strategy to emphasize the extent to which the legal and technological dimensions of trade secret information security are predicated on human factors. I conclude with a discussion of how human resource policy can engender cultural sensitivity to trade secrets and mitigate the risk of information leakage

Strategic Investment in Protection in Networked Systems

We study the incentives that agents have to invest in costly protection against cascading failures in networked systems. Applications include vaccination, computer security and airport security. Agents are connected through a network and can fail either intrinsically or as a result of the failure of a subset of their neighbors. We characterize the equilibrium based on an agent's failure probability and derive conditions under which equilibrium strategies are monotone in degree (i.e. in how connected an agent is on the network). We show that different kinds of applications (e.g. vaccination, malware, airport/EU security) lead to very different equilibrium patterns of investments in protection, with important welfare and risk implications. Our equilibrium concept is flexible enough to allow for comparative statics in terms of network properties and we show that it is also robust to the introduction of global externalities (e.g. price feedback, congestion).Comment: 32 pages, 3 figure

Automation for network security configuration: state of the art and research trends

The size and complexity of modern computer networks are progressively increasing, as a consequence of novel architectural paradigms such as the Internet of Things and network virtualization. Consequently, a manual orchestration and configuration of network security functions is no more feasible, in an environment where cyber attacks can dramatically exploit breaches related to any minimum configuration error. A new frontier is then the introduction of automation in network security configuration, i.e., automatically designing the architecture of security services and the configurations of network security functions, such as firewalls, VPN gateways, etc. This opportunity has been enabled by modern computer networks technologies, such as virtualization. In view of these considerations, the motivations for the introduction of automation in network security configuration are first introduced, alongside with the key automation enablers. Then, the current state of the art in this context is surveyed, focusing on both the achieved improvements and the current limitations. Finally, possible future trends in the field are illustrated

Introduction to Steganography

Security is a big issue in today’s world. The world today has completely or mostly started working on computers. Computer stores data which can be vital information in the form of electronic files. Providing security to these files is essential. Study was done on various attacks on these files in order to provides a brief introduction of breaches and security holes. The paper consists of background to future perspective of lacunas in security as threats to security are in its evolutionary phase. DOI: 10.17762/ijritcc2321-8169.16045

Asymptotic Methods for Asset Market Equilibrium Analysis

General equilibrium analysis is difficult when asset markets are incomplete. We make the simplifying assumption that uncertainty is small and use bifurcation methods to compute Taylor series approximations for asset demand and asset market equilibrium. A computer must be used to derive these approximations since they involve large amounts of algebraic manipulation. To illustrate this method, we apply it to analyzing the allocative, price, and welfare effects of introducing a new derivative security. We find that the introduction of any derivative will raise the value of the risky asset relative to bonds.

IDENTIFYING IT SOLUTIONS ON FRAUD IN ELECTRONIC TRANSACTIONS OF FUNDS FROM BANKING SYSTEM

Although we hear daily of fraud, most of them are not reported. Some reports estimated that approximately 90% of assaults are not reported outside organizations were attacked, and only some of the reports are completed by punishment.In fact, for fear of losing customers, some companies (usually banks and large corporations) prefers to fall to an understanding with attackers in exchange for preserving part of the stolen money and keeping silence. Taking into account the development and modernization of the economies of the world in the last four decades, and simultaneous this global banking development and distribution were strongly influenced by the introduction of new computer technology; in such activities new computer technology had a strong impact on providers and on consumers.IT security, fraud, electronic transactions, banking system

Detecting Danger: Applying a Novel Immunological Concept to Intrusion Detection Systems'

INTRODUCTION In recent years computer systems have become increasingly complex and consequently the challenge of protecting these systems has become increasingly difficult. Various techniques have been implemented to counteract the misuse of computer systems in the form of firewalls, antivirus software and intrusion detection systems. The complexity of networks and dynamic nature of computer systems leaves current methods with significant room for improvement. Computer scientists have recently drawn inspiration from mechanisms found in biological systems and, in the context of computer security, have focused on the human immune system (HIS). The human immune system provides an example of a robust, distributed system that provides a high level of protection from constant attacks. By examining the precise mechanisms of the human immune system, it is hoped the paradigm will improve the performance of real intrusion detection systems. This paper presents an introduction to recent developments in the field of immunology. It discusses the incorporation of a novel immunological paradigm, Danger Theory, and how this concept is inspiring artificial immune systems (AIS). Applications within the context of computer security are outlined drawing direct reference to the underlying principles of Danger Theory and finally, the current state of intrusion detection systems is discussed and improvements suggested