Portunes: generating attack scenarios by finding inconsistencies between security policies in the physical, digital and social domain

The security goals of an organization are implemented through security policies, which concern physical security, digital security and security awareness. An insider is aware of these security policies, and might be able to thwart the security goals without violating any policies, by combining physical, digital and social means. This paper presents the Portunes model, a model for describing and analyzing attack scenarios across the three security areas. Portunes formally describes security alignment of an organization and finds attack scenarios by analyzing inconsistencies between policies from the different security areas. For this purpose, the paper defines a language in the tradition of the Klaim family of languages, and uses graph-based algorithms to find attack scenarios that can be described using the defined language

Technology Integration around the Geographic Information: A State of the Art

One of the elements that have popularized and facilitated the use of geographical information on a variety of computational applications has been the use of Web maps; this has opened new research challenges on different subjects, from locating places and people, the study of social behavior or the analyzing of the hidden structures of the terms used in a natural language query used for locating a place. However, the use of geographic information under technological features is not new, instead it has been part of a development and technological integration process. This paper presents a state of the art review about the application of geographic information under different approaches: its use on location based services, the collaborative user participation on it, its contextual-awareness, its use in the Semantic Web and the challenges of its use in natural languge queries. Finally, a prototype that integrates most of these areas is presented

Shared visiting in Equator city

In this paper we describe an infrastructure and prototype system for sharing of visiting experiences across multiple media. The prototype supports synchronous co-visiting by physical and digital visitors, with digital access via either the World Wide Web or 3-dimensional graphics

Towards a Scalable Dynamic Spatial Database System

With the rise of GPS-enabled smartphones and other similar mobile devices, massive amounts of location data are available. However, no scalable solutions for soft real-time spatial queries on large sets of moving objects have yet emerged. In this paper we explore and measure the limits of actual algorithms and implementations regarding different application scenarios. And finally we propose a novel distributed architecture to solve the scalability issues.Comment: (2012

Portunes: analyzing multi-domain insider threats

The insider threat is an important problem in securing information systems. Skilful insiders use attack vectors that yield the greatest chance of success, and thus do not limit themselves to a restricted set of attacks. They may use access rights to the facility where the system of interest resides, as well as existing relationships with employees. To secure a system, security professionals should therefore consider attacks that include non-digital aspects such as key sharing or exploiting trust relationships among employees. In this paper, we present Portunes, a framework for security design and audit, which incorporates three security domains: (1) the security of the computer system itself (the digital domain), (2) the security of the location where the system is deployed (the physical domain) and (3) the security awareness of the employees that use the system (the social domain). The framework consists of a model, a formal language and a logic. It allows security professionals to formally model elements from the three domains in a single framework, and to analyze possible attack scenarios. The logic enables formal specification of the attack scenarios in terms of state and transition properties

Architecture and Implementation of a Trust Model for Pervasive Applications

Collaborative effort to share resources is a significant feature of pervasive computing environments. To achieve secure service discovery and sharing, and to distinguish between malevolent and benevolent entities, trust models must be defined. It is critical to estimate a device\u27s initial trust value because of the transient nature of pervasive smart space; however, most of the prior research work on trust models for pervasive applications used the notion of constant initial trust assignment. In this paper, we design and implement a trust model called DIRT. We categorize services in different security levels and depending on the service requester\u27s context information, we calculate the initial trust value. Our trust value is assigned for each device and for each service. Our overall trust estimation for a service depends on the recommendations of the neighbouring devices, inference from other service-trust values for that device, and direct trust experience. We provide an extensive survey of related work, and we demonstrate the distinguishing features of our proposed model with respect to the existing models. We implement a healthcare-monitoring application and a location-based service prototype over DIRT. We also provide a performance analysis of the model with respect to some of its important characteristics tested in various scenarios

The effect of representation location on interaction in a tangible learning environment

Drawing on the 'representation' TUI framework [21], this paper reports a study that investigated the concept of 'representation location' and its effect on interaction and learning. A reacTIVision-based tangible interface was designed and developed to support children learning about the behaviour of light. Children aged eleven years worked with the environment in groups of three. Findings suggest that different representation locations lend themselves to different levels of abstraction and engender different forms and levels of activity, particularly with respect to speed of dynamics and differences in group awareness. Furthermore, the studies illustrated interaction effects according to different physical correspondence metaphors used, particularly with respect to combining familiar physical objects with digital--based table-top representation. The implications of these findings for learning are discussed

Seamful interweaving: heterogeneity in the theory and design of interactive systems

Design experience and theoretical discussion suggest that a narrow design focus on one tool or medium as primary may clash with the way that everyday activity involves the interweaving and combination of many heterogeneous media. Interaction may become seamless and unproblematic, even if the differences, boundaries and 'seams' in media are objectively perceivable. People accommodate and take advantage of seams and heterogeneity, in and through the process of interaction. We use an experiment with a mixed reality system to ground and detail our discussion of seamful design, which takes account of this process, and theory that reflects and informs such design. We critique the 'disappearance' mentioned by Weiser as a goal for ubicomp, and Dourish's 'embodied interaction' approach to HCI, suggesting that these design ideals may be unachievable or incomplete because they underemphasise the interdependence of 'invisible' non-rationalising interaction and focused rationalising interaction within ongoing activity

empathi: An ontology for Emergency Managing and Planning about Hazard Crisis

In the domain of emergency management during hazard crises, having sufficient situational awareness information is critical. It requires capturing and integrating information from sources such as satellite images, local sensors and social media content generated by local people. A bold obstacle to capturing, representing and integrating such heterogeneous and diverse information is lack of a proper ontology which properly conceptualizes this domain, aggregates and unifies datasets. Thus, in this paper, we introduce empathi ontology which conceptualizes the core concepts concerning with the domain of emergency managing and planning of hazard crises. Although empathi has a coarse-grained view, it considers the necessary concepts and relations being essential in this domain. This ontology is available at https://w3id.org/empathi/