Annual Report of the University, 1999-2000, Volumes 1-4

The Robert O. Anderson School and Graduate School of Management at The University of New Mexico Period of Report: July 1, 1999 to June 30, 2000 Submitted by Howard L. Smith, Dean The Anderson Schools of Management is divided into four distinct divisions- the Department of Accounting; the Department of Finance, International and Technology Management; the Department of Marketing, Information and Decision Sciences; and the Department of Organizational Studies. This structure provides an opportunity for The Anderson Schools to develop four distinct areas of excellence, proven by results reported here. I. Significant Developments During the Academic Year The Anderson Schools of Management • As a result of the multi-year gift from the Ford Motor Company, completed renovation of The Schools\u27 Advisement and Placement Center, as well as all student organization offices. • The Ford gift also provided for $100,000 to support faculty research, case studies and course development. • The Schools revised the MBA curriculum to meet the changing needs of professional, advanced business education. • The Schools updated computer laboratory facilities, with the addition of a 45-unit cluster for teaching and student work. • The faculty and staff of The Schools furthered outreach in economic development activities by participating directly as committee members and leaders in the cluster workgroups of the Next Generation Economy Initiative. • The faculty, staff and students of The Schools contributed to the development of the Ethics in Business Awards; particularly exciting was the fact that all nominee packages were developed by student teams from The Anderson Schools. • The Schools continue to generate more credit hours per faculty member than any other division of the UNM community. The Accounting Department • Preparation and presentation of a progress report to accrediting body, the AACSB. The Department of Finance, International and Technology Management • The Department continued to focus on expansion of the Management of Technology program as a strategic strength of The Schools. The Department of Marketing. Information and Decision Sciences • Generated 9022 credit hours, with a student enrollment of 3070. The Department of Organizational Studies • Coordinated the 9th UNM Universidad de Guanajuato (UG) Mexico Student Exchange

Security Analysis of System Behaviour - From "Security by Design" to "Security at Runtime" -

The Internet today provides the environment for novel applications and processes which may evolve way beyond pre-planned scope and purpose. Security analysis is growing in complexity with the increase in functionality, connectivity, and dynamics of current electronic business processes. Technical processes within critical infrastructures also have to cope with these developments. To tackle the complexity of the security analysis, the application of models is becoming standard practice. However, model-based support for security analysis is not only needed in pre-operational phases but also during process execution, in order to provide situational security awareness at runtime. This cumulative thesis provides three major contributions to modelling methodology. Firstly, this thesis provides an approach for model-based analysis and verification of security and safety properties in order to support fault prevention and fault removal in system design or redesign. Furthermore, some construction principles for the design of well-behaved scalable systems are given. The second topic is the analysis of the exposition of vulnerabilities in the software components of networked systems to exploitation by internal or external threats. This kind of fault forecasting allows the security assessment of alternative system configurations and security policies. Validation and deployment of security policies that minimise the attack surface can now improve fault tolerance and mitigate the impact of successful attacks. Thirdly, the approach is extended to runtime applicability. An observing system monitors an event stream from the observed system with the aim to detect faults - deviations from the specified behaviour or security compliance violations - at runtime. Furthermore, knowledge about the expected behaviour given by an operational model is used to predict faults in the near future. Building on this, a holistic security management strategy is proposed. The architecture of the observing system is described and the applicability of model-based security analysis at runtime is demonstrated utilising processes from several industrial scenarios. The results of this cumulative thesis are provided by 19 selected peer-reviewed papers