179,660 research outputs found
Simulatable security for quantum protocols
The notion of simulatable security (reactive simulatability, universal
composability) is a powerful tool for allowing the modular design of
cryptographic protocols (composition of protocols) and showing the security of
a given protocol embedded in a larger one. Recently, these methods have
received much attention in the quantum cryptographic community.
We give a short introduction to simulatable security in general and proceed
by sketching the many different definitional choices together with their
advantages and disadvantages.
Based on the reactive simulatability modelling of Backes, Pfitzmann and
Waidner we then develop a quantum security model. By following the BPW
modelling as closely as possible, we show that composable quantum security
definitions for quantum protocols can strongly profit from their classical
counterparts, since most of the definitional choices in the modelling are
independent of the underlying machine model.
In particular, we give a proof for the simple composition theorem in our
framework.Comment: Added proof of combination lemma; added comparison to the model of
Ben-Or, Mayers; minor correction
Evaluation of Airport Security Training Programs: Perspectives and Issues
While many governments and airport operators
have emphasized the importance of security training and
committed a large amount of budget to security training
programs, the implementation of security training programs
was not proactive but reactive. Moreover, most of the security training programs were employed as a demand or a trendchasing activity from the government. In order to identify issues in airport security training and to develop desirable security training procedures in an airport, this preliminary study aims at providing (1) the description of current state of airport security training and training in general, (2) the study design and interview guide for studying airport security training, and (3) expected outcome from the study
Strategic interests and Australian grand strategy
The newly-released National Security Strategy provides good coverage of broad security issues, but could have given a more expansive worldview. Previous Defence White Papers have shown our approach to national security interests has been narrow and reactive rather than broad and proactive.
This four-page report suggests there are ways to avoid the trap that strategic interests and objectives are all about the use of force and to move to an Australian grand strategy
Building in web application security at the requirements stage : a tool for visualizing and evaluating security trade-offs : a thesis presented in partial fulfilment of the requirements for the degree of Master of Information Science in Information Systems at Massey University, Albany, New Zealand
One dimension of Internet security is web application security. The purpose of this Design-science study was to design, build and evaluate a computer-based tool to support security vulnerability and risk assessment in the early stages of web application design. The tool facilitates risk assessment by managers and helps developers to model security requirements using an interactive tree diagram. The tool calculates residual risk for each component of a web application and for the application overall so developers are provided with better information for making decisions about which countermeasures to implement given limited resources tor doing so. The tool supports taking a proactive approach to building in web application security at the requirements stage as opposed to the more common reactive approach of putting countermeasures in place after an attack and loss have been incurred. The primary contribution of the proposed tool is its ability to make known security-related information (e.g. known vulnerabilities, attacks and countermeasures) more accessible to developers who are not security experts and to translate lack of security measures into an understandable measure of relative residual risk. The latter is useful for managers who need to prioritize security spending. Keywords: web application security, security requirements modelling, attack trees, threat trees, risk assessment
Control-Related Motivations and Information Security Policy Compliance: The Effect of Reflective and Reactive Autonomy
Employees’ failures to follow information security policy can be costly to organizations. Organizations implement security controls in order to motivate employees. Many control-related motivations have been explored in information security research (e.g., self-efficacy and behavioral control); however, self-determination has yet to receive attention. Self-determination theory is widely used in other fields to explain intrinsically driven performance. This paper examines the effect self-determination—conceptualized as reflective autonomy, and psychological reactance—conceptualized as reactive autonomy have on employees’ intentions to comply with security policy. Reflective and reactive autonomy offer complementary yet opposite conceptualizations of autonomy, offering a more holistic view of control-related motivation. We find that both reflective and reactive autonomy affect information security policy compliance intentions. Reflective autonomy increases and reactive autonomy decreases compliance intentions. Managers should become aware of the way employees view security controls in order to develop controls that maximize reflective autonomy and minimize reactive autonomy in employees
Beck and beyond: Selling security in the world risk society
©2010 British International Studies AssociationExpanding on the works of Beck and others on the growing business of risk, this article examines the role of the private security industry in the creation, management and
perpetuation of the world risk society. It observes that the replacement of the concept of security with risk over the past decades has permitted private firms to identify a growing range of unknown and unknown-unknown dangers which cannot be eliminated, but require permanent risk management. Using the discourse of risk and its strategies of commercialised, individualised and reactive risk management, the private risk industry thus has contributed to the rise of a world risk society in which the demand for security can never be satisfied and guarantees continuous profits
A Survey on Wireless Security: Technical Challenges, Recent Advances and Future Trends
This paper examines the security vulnerabilities and threats imposed by the
inherent open nature of wireless communications and to devise efficient defense
mechanisms for improving the wireless network security. We first summarize the
security requirements of wireless networks, including their authenticity,
confidentiality, integrity and availability issues. Next, a comprehensive
overview of security attacks encountered in wireless networks is presented in
view of the network protocol architecture, where the potential security threats
are discussed at each protocol layer. We also provide a survey of the existing
security protocols and algorithms that are adopted in the existing wireless
network standards, such as the Bluetooth, Wi-Fi, WiMAX, and the long-term
evolution (LTE) systems. Then, we discuss the state-of-the-art in
physical-layer security, which is an emerging technique of securing the open
communications environment against eavesdropping attacks at the physical layer.
We also introduce the family of various jamming attacks and their
counter-measures, including the constant jammer, intermittent jammer, reactive
jammer, adaptive jammer and intelligent jammer. Additionally, we discuss the
integration of physical-layer security into existing authentication and
cryptography mechanisms for further securing wireless networks. Finally, some
technical challenges which remain unresolved at the time of writing are
summarized and the future trends in wireless security are discussed.Comment: 36 pages. Accepted to Appear in Proceedings of the IEEE, 201
Recommended from our members
The commodification of security in the risk society
Expanding on the works of Beck and others on the growing business of risk, this paper examines the role of private industry in the creation, management and perpetuation of the world risk society. It observes that the replacement of the concept of security with risk over the past decades has permitted private firms to identify a growing range of unknown and unknown-unknown dangers which cannot be eliminated and require continuous risk management. Using the discourse of risk and its strategies of commercialized, individualized and reactive risk management, the private risk industry has thus contributed to the rise of a world risk society in which the demand for security can never be satisfied and so guarantees continuous profits
- …