The effects of security protocols on cybercrime at Ahmadu Bello University, Zaria, Nigeria.

Masters Degree. University of KwaZulu-Natal, Durban.The use of Information Communication Technology (ICT) within the educational sector is increasing rapidly. University systems are becoming increasingly dependent on computerized information systems (CIS) in order to carry out their daily routine. Moreover, CIS no longer process staff records and financial data only, as they once did. Nowadays, universities use CIS to assist in automating the overall system. This automation includes the use of multiple databases, data detail periodicity (i.e. gender, race/ethnicity, enrollment, degrees granted, and program major), record identification (e.g. social security number ‘SSN’), linking to other databases (i.e. linking unit record data with external databases such as university and employment data). The increasing demand and exposure to Internet resources and infrastructure by individuals and universities have made IT infrastructure easy targets for cybercriminals who employ sophisticated attacks such as Advanced Persistent Threats, Distributed Denial of Service attacks and Botnets in order to steal confidential data, identities of individuals and money. Hence, in order to stay in business, universities realise that it is imperative to secure vital Information Systems from easily being exploited by emerging and existing forms of cybercrimes. This study was conducted to determine and evaluate the various forms of cybercrimes and their consequences on the university network at Ahmadu Bello University, Zaria. The study was also aimed at proposing means of mitigating cybercrimes and their effects on the university network. Hence, an exploratory research design supported by qualitative research approach was used in this study. Staff of the Institute of Computing, Information and Communication technology (ICICT) were interviewed. The findings of the study present different security measures, and security tools that can be used to effectively mitigate cybercrimes. It was found that social engineering, denial of service attacks, website defacement were among the types of cybercrimes occurring on the university network. It is therefore recommended that behavioural approach in a form of motivation of staff behaviour, salary increases, and cash incentive to reduce cybercrime perpetrated by these staff

An Explanatory Model of Motivation for Cyber-Attacks Drawn from Criminological Theories

A new influence model for Cyber Security is presented that deals with security attacks and implementation of security measures from an attacker's perspective. The underlying hypothesis of this model is that Criminological theories of Rational Choice, Desire for Control, and Low Self-Control are relevant to cybercrime and thereby aid in the understanding its basic Motivation. The model includes the roles of Consequences, Moral Beliefs such as Shame and Embarrassment together with Formal Sanctions in deterring cybercrime, as well as role of Defense Posture to limit the Opportunity to attack and increase the likelihood that an attacker will be detected and exposed. One of the motivations of the study was the observation that few attempts have been made to understand cybercrime, in the context of typical crime because: (a) an attacker may consider his actions as victimless due to remoteness of the victim; (b) ease to commit cybercrimes due to opportunities afforded by the Internet and its accessibility, and readily available tools and knowledge for an attack; and (c) vagueness of cybercrime laws that makes prosecution difficult. In developing the model, information from studies in classical crime was related to Cybercrime allowing for analysis of past cyber-attacks, and subsequently preventing future IS attacks, or mitigating their effects. The influence model's applicability is demonstrated by applying it to case studies of actual information attacks which were prosecuted through the United States Courts, and whose judges' opinions are used for statements of facts. Additional, demonstration of the use and face validity of the model is through the mapping of the model to major annual surveys' and reports' results of computer crime. The model is useful in qualitatively explaining "best practices" in protecting information assets and in suggesting emphasis on security practices based on similar results in general criminology

Toward a Criminal Law for Cyberspace: Distributed Security

Cybercrime creates unique challenges for the reactive model of crime control that has been predominant for approximately the last century and a half. That model makes certain assumptions about crime, which derive from characteristics of real-world crime. These assumptions do not hold for cybercrime, so the reactive model is not an appropriate means of dealing with online crime. The article explains how modified principles of criminal law can be utilized to implement a new, non-reactive model which can deal effectively with cybercrime. This model of distributed security emphasizes prevention, rather than reaction, which is achieved by holding citizens liable for their failure to prevent cybercrime

A reputation framework for behavioural history: developing and sharing reputations from behavioural history of network clients

The open architecture of the Internet has enabled its massive growth and success by facilitating easy connectivity between hosts. At the same time, the Internet has also opened itself up to abuse, e.g. arising out of unsolicited communication, both intentional and unintentional. It remains an open question as to how best servers should protect themselves from malicious clients whilst offering good service to innocent clients. There has been research on behavioural profiling and reputation of clients, mostly at the network level and also for email as an application, to detect malicious clients. However, this area continues to pose open research challenges. This thesis is motivated by the need for a generalised framework capable of aiding efficient detection of malicious clients while being able to reward clients with behaviour profiles conforming to the acceptable use and other relevant policies. The main contribution of this thesis is a novel, generalised, context-aware, policy independent, privacy preserving framework for developing and sharing client reputation based on behavioural history. The framework, augmenting existing protocols, allows fitting in of policies at various stages, thus keeping itself open and flexible to implementation. Locally recorded behavioural history of clients with known identities are translated to client reputations, which are then shared globally. The reputations enable privacy for clients by not exposing the details of their behaviour during interactions with the servers. The local and globally shared reputations facilitate servers in selecting service levels, including restricting access to malicious clients. We present results and analyses of simulations, with synthetic data and some proposed example policies, of client-server interactions and of attacks on our model. Suggestions presented for possible future extensions are drawn from our experiences with simulation

The Legal Aspects of Cybercrime in Nigeria: An Analysis with the UK Provisions

Cybercrime offences know no limits to physical geographic boundaries and have continued to create unprecedented issues regarding to the feasibility and legitimacy of applying traditional legislations based on geographic boundaries. These offences also come with procedural issues of enforcement of the existing legislations and continue to subject nations with problems unprecedented to its sovereignty and jurisdictions. This research is a critical study on the legal aspects of cybercrime in Nigeria, which examines how laws and regulations are made and applied in a well-established system to effectively answer questions raised by shortcomings on the implementation of cybercrime legislations, and critically reviews various laws in Nigeria relating or closely related to cybercrime. This research will provide insight into current global cybercrime legislations and the shortfalls to their procedural enforcement; and further bares the cybercrime issues in Nigeria while analysing and proffering a critique to the provisions as provided in the recently enacted Nigerian Cybercrime (Prohibition and Prevention) Act 2015, in contradistinction to the existing legal framework in the United Kingdom and the other regional enactments like the Council of Europe Convention on Cybercrime, African Union Convention on Cybersecurity and Personal Data Protection 2014, and the ECOWAS Directive on Cybercrime 2011

Securing the software-defined networking control plane by using control and data dependency techniques

Software-defined networking (SDN) fundamentally changes how network and security practitioners design, implement, and manage their networks. SDN decouples the decision-making about traffic forwarding (i.e., the control plane) from the traffic being forwarded (i.e., the data plane). SDN also allows for network applications, or apps, to programmatically control network forwarding behavior and policy through a logically centralized control plane orchestrated by a set of SDN controllers. As a result of logical centralization, SDN controllers act as network operating systems in the coordination of shared data plane resources and comprehensive security policy implementation. SDN can support network security through the provision of security services and the assurances of policy enforcement. However, SDN’s programmability means that a network’s security considerations are different from those of traditional networks. For instance, an adversary who manipulates the programmable control plane can leverage significant control over the data plane’s behavior. In this dissertation, we demonstrate that the security posture of SDN can be enhanced using control and data dependency techniques that track information flow and enable understanding of application composability, control and data plane decoupling, and control plane insight. We support that statement through investigation of the various ways in which an attacker can use control flow and data flow dependencies to influence the SDN control plane under different threat models. We systematically explore and evaluate the SDN security posture through a combination of runtime, pre-runtime, and post-runtime contributions in both attack development and defense designs. We begin with the development a conceptual accountability framework for SDN. We analyze the extent to which various entities within SDN are accountable to each other, what they are accountable for, mechanisms for assurance about accountability, standards by which accountability is judged, and the consequences of breaching accountability. We discover significant research gaps in SDN’s accountability that impact SDN’s security posture. In particular, the results of applying the accountability framework showed that more control plane attribution is necessary at different layers of abstraction, and that insight motivated the remaining work in this dissertation. Next, we explore the influence of apps in the SDN control plane’s secure operation. We find that existing access control protections that limit what apps can do, such as role-based access controls, prove to be insufficient for preventing malicious apps from damaging control plane operations. The reason is SDN’s reliance on shared network state. We analyze SDN’s shared state model to discover that benign apps can be tricked into acting as “confused deputies”; malicious apps can poison the state used by benign apps, and that leads the benign apps to make decisions that negatively affect the network. That violates an implicit (but unenforced) integrity policy that governs the network’s security. Because of the strong interdependencies among apps that result from SDN’s shared state model, we show that apps can be easily co-opted as “gadgets,” and that allows an attacker who minimally controls one app to make changes to the network state beyond his or her originally granted permissions. We use a data provenance approach to track the lineage of the network state objects by assigning attribution to the set of processes and agents responsible for each control plane object. We design the ProvSDN tool to track API requests from apps as they access the shared network state’s objects, and to check requests against a predefined integrity policy to ensure that low-integrity apps cannot poison high-integrity apps. ProvSDN acts as both a reference monitor and an information flow control enforcement mechanism. Motivated by the strong inter-app dependencies, we investigate whether implicit data plane dependencies affect the control plane’s secure operation too. We find that data plane hosts typically have an outsized effect on the generation of the network state in reactive-based control plane designs. We also find that SDN’s event-based design, and the apps that subscribe to events, can induce dependencies that originate in the data plane and that eventually change forwarding behaviors. That combination gives attackers that are residing on data plane hosts significant opportunities to influence control plane decisions without having to compromise the SDN controller or apps. We design the EventScope tool to automatically identify where such vulnerabilities occur. EventScope clusters apps’ event usage to decide in which cases unhandled events should be handled, statically analyzes controller and app code to understand how events affect control plane execution, and identifies valid control flow paths in which a data plane attacker can reach vulnerable code to cause unintended data plane changes. We use EventScope to discover 14 new vulnerabilities, and we develop exploits that show how such vulnerabilities could allow an attacker to bypass an intended network (i.e., data plane) access control policy. This research direction is critical for SDN security evaluation because such vulnerabilities could be induced by host-based malware campaigns. Finally, although there are classes of vulnerabilities that can be removed prior to deployment, it is inevitable that other classes of attacks will occur that cannot be accounted for ahead of time. In those cases, a network or security practitioner would need to have the right amount of after-the-fact insight to diagnose the root causes of such attacks without being inundated with too much informa- tion. Challenges remain in 1) the modeling of apps and objects, which can lead to overestimation or underestimation of causal dependencies; and 2) the omission of a data plane model that causally links control and data plane activities. We design the PicoSDN tool to mitigate causal dependency modeling challenges, to account for a data plane model through the use of the data plane topology to link activities in the provenance graph, and to account for network semantics to appropriately query and summarize the control plane’s history. We show how prior work can hinder investigations and analysis in SDN-based attacks and demonstrate how PicoSDN can track SDN control plane attacks.Ope

Alaska Criminal Code Revision — Tentative Draft, Part 6: Sentencing: Classification of Offenses Chart; Index to Tentative Draft, Parts 1-6

As of 1975, Alaska’s criminal laws were based primarily on Oregon criminal statutes as they existed at the close of the nineteenth century, with new statutes added and old statutes amended over the succeeding 75 years by Alaska territorial and state legislatures in a piecemeal approach to revision. This resulted in a criminal code containing outdated statutes, obsolete terminology, a number of overly specific statutes, a haphazard approach to mens rea (the culpable mental state with which a defendant must perform an act in order to be convicted of a crime) and the lack of a coherent, rational sentencing structure. The Alaska Criminal Code Revision Commission was established in 1975 with the responsibility to present a comprehensive revision of Alaska’s criminal code for consideration by the Alaska State Legislature. (The Commission was reestablished in June 1976 as a Subcommission of the newly formed Code Commission.) Staff services for the Criminal Code Revision Commission and Criminal Code Revision Subcommission were provided by the Criminal Justice Center at University of Alaska, Anchorage (John Havelock, project executive director; Barry Jeffrey Stern, reporter/staff counsel; Sheila Gallagher, Reporter/Staff Counsel; and Peter Smith Ring, research director). The tentative draft proposed by the Criminal Code Revision Subcommission was substantially amended by the Alaska State Legislature prior to its approval as the Revised Alaska Criminal Code in June 1978 (effective January 1, 1980).The Alaska Criminal Code Revision Commission was established in 1975, and reestablished in June 1976 as a Subcommission of the newly formed Code Commission, with the responsibility to present a comprehensive revision of Alaska’s criminal code for consideration by the Alaska State Legislature. Tentative Draft, Part 6, contains an overview of sentencing in existing Alaska law as of 1978 and the provisions on sentencing and related procedures of the draft Revised Criminal Code, including classification of offenses, probation, fines, restitution, community service, imprisonment, and appeals. Commentary following each article is designed to aid the reader in analyzing the effect of the draft Revised Code on existing law and also provides a section-by-section analysis of each provision of the draft Revised Code. Appendices include definitions, proposed revisions to Title 33 of the Alaska Statutes (parole), a chart of classification of offenses, and an index to the six volumes of the Tentative Draft.Alaska Criminal Code Revision SubcommissionIntroduction to Tentative Draft, Part 6 // TENTATIVE DRAFTS AND COMMENTARY / I. Overview of Sentencing in Existing Law / II. Article 1. Purposes and General Provisions / III. Article 2. Classification of Offenses / IV. Article 3. Suspended Imposition of Sentence / V. Article 4. Probation and Unconditional Discharge / VI. Article 5. Fines / VII. Article 6. Restitution / VIII. Article 7. Community Work Service / IX. Article 8. Imprisonment / X. Article 9. Suspension and Restoration of Civil Rights; Certain Occupational Disabilities Prohibited / XI. Article 10. Appeal of Sentence / XII. Article 11. Definitions // APPENDICES / I. Definitions / II. Revisions to Title 33 [Parole] / III. Classification of Offenses Chart / IV. Index to Tentative Draft, Parts l–

Behavior Management Guide for Auburn Riverside High School

This project examined preventative and proactive behavior models and strategies that effect positive school climate and minimized misbehavior. The review of current research found that schools were more successful in reducing or eliminating violent behavior when a positive school-wide behavior program was developed with input from staff, students, community and parents and was frequently monitored and assessed over time. Included is a High School (9-12) Behavior Manual that focused on teaching good behavior and expectations and support for students using an in-school suspension model for students that need remediation. The overall purpose of this guide was to assist teachers and staff with the task of student discipline and school policies designed with that in mind