Improving the Judicial System to Handle Computer Crime

This paper asked professionals in the legal system to evaluate the current state and effectiveness of laws to identify and deter computer crime. Responses were evaluated with a formal structural equation model. The results generally show that legal professionals believe potential jurors have minimal knowledge of computer crime issues. More importantly, they also believe that judges have little knowledge or experience. A similar lack of knowledge by defense attorneys indicates that it could be difficult for a person accused of computer related infractions to find adequate representation. On the other hand, more experienced participants do not believe computer laws present an effective deterrent to computer crime. The bottom line is that all levels of the legal profession will need more education and training in aspects of computer security laws

A Framework for Cyber Vulnerability Assessments of InfiniBand Networks

InfiniBand is a popular Input/Output interconnect technology used in High Performance Computing clusters. It is employed in over a quarter of the world’s 500 fastest computer systems. Although it was created to provide extremely low network latency with a high Quality of Service, the cybersecurity aspects of InfiniBand have yet to be thoroughly investigated. The InfiniBand Architecture was designed as a data center technology, logically separated from the Internet, so defensive mechanisms such as packet encryption were not implemented. Cyber communities do not appear to have taken an interest in InfiniBand, but that is likely to change as attackers branch out from traditional computing devices. This thesis considers the security implications of InfiniBand features and constructs a framework for conducting Cyber Vulnerability Assessments. Several attack primitives are tested and analyzed. Finally, new cyber tools and security devices for InfiniBand are proposed, and changes to existing products are recommended

Performance Metrics for Network Intrusion Systems

Intrusion systems have been the subject of considerable research during the past 33 years, since the original work of Anderson. Much has been published attempting to improve their performance using advanced data processing techniques including neural nets, statistical pattern recognition and genetic algorithms. Whilst some significant improvements have been achieved they are often the result of assumptions that are difficult to justify and comparing performance between different research groups is difficult. The thesis develops a new approach to defining performance focussed on comparing intrusion systems and technologies. A new taxonomy is proposed in which the type of output and the data scale over which an intrusion system operates is used for classification. The inconsistencies and inadequacies of existing definitions of detection are examined and five new intrusion levels are proposed from analogy with other detection-based technologies. These levels are known as detection, recognition, identification, confirmation and prosecution, each representing an increase in the information output from, and functionality of, the intrusion system. These levels are contrasted over four physical data scales, from application/host through to enterprise networks, introducing and developing the concept of a footprint as a pictorial representation of the scope of an intrusion system. An intrusion is now defined as “an activity that leads to the violation of the security policy of a computer system”. Five different intrusion technologies are illustrated using the footprint with current challenges also shown to stimulate further research. Integrity in the presence of mixed trust data streams at the highest intrusion level is identified as particularly challenging. Two metrics new to intrusion systems are defined to quantify performance and further aid comparison. Sensitivity is introduced to define basic detectability of an attack in terms of a single parameter, rather than the usual four currently in use. Selectivity is used to describe the ability of an intrusion system to discriminate between attack types. These metrics are quantified experimentally for network intrusion using the DARPA 1999 dataset and SNORT. Only nine of the 58 attack types present were detected with sensitivities in excess of 12dB indicating that detection performance of the attack types present in this dataset remains a challenge. The measured selectivity was also poor indicting that only three of the attack types could be confidently distinguished. The highest value of selectivity was 3.52, significantly lower than the theoretical limit of 5.83 for the evaluated system. Options for improving selectivity and sensitivity through additional measurements are examined.Stochastic Systems Lt

Sistema antívirus baseado em agentes móveis - Sistema SABAM

Dissertação (mestrado) - Universidade Federal de Santa Catarina, Centro Tecnológico. Programa de Pós-Graduação em Ciência da Computação

Operating system auditing and monitoring

Ph.DDOCTOR OF PHILOSOPH

Interpreting a major event organization's efforts to reliably manage information security risks: The case of the Athens 2004 Olympics.

The implementation of mega projects and events is increasingly becoming part of corporate and governmental reality in an effort to create global and frictionless operations and infrastructures that result into a new mobility that has been labelled as 'the most powerful and coveted stratifying factor in contemporary society'. The successful implementation of such mega projects and events usually relies on the highly reliable operations of technological infrastructures and the secure, yet flexible, management of information resources across a number of partnering organizations. However, the past performance of mega projects and events has been greatly criticised for inefficiency, lack of decision-making transparency and an overall lack of diligence with regards to the true nature and extent of associated risks. A need has been identified to investigate more thoroughly the mechanisms employed to manage and communicate risks across a number of vertical and horizontal project and event management dimensions. The objective would be to capture know-how and lessons learned from past experiences in order to support more successful, future mega-project implementations. The aim of this research is to increase understanding of the risk issues and concerns in the management of information systems security (ISS) in a major events context, in an effort to deliver highly reliable IS operations. The study is conducted by reviewing the analysis, design, management and risk communication processes of ISS in the Athens 2004 Olympic Games event. The research methodology adopts an interpretive mode of inquiry, where the management of ISS is longitudinally evaluated in terms of the organizational scope, context and culture, the expectations and motivations of different actors, the meanings assigned to various ISS risk signals and events, and the related patterns of behaviour and organizational actions and controls. The theoretical foundation that informs the collection and analysis of data is that of the Social Amplification of Risk Framework (SARF), which suggests that the experience of risk is determined by the direct physical consequences of a risk/risk event and the interaction of psychological, social, institutional and cultural processes. Findings from the case study under investigation indicate that a major event demonstrates high levels of operational and functional interdependence and complexity, directly or indirectly affecting ISS management efforts, decisions and communications. Principles of high reliability and mindful management can indeed improve overall ISS performance and management of risk, yet the structural and cultural aspects of a major event project will amplify/attenuate risk perceptions and constrain the effectiveness of such controls. Therefore, there is a need to improve understanding of such factors, incorporating this into risk evaluation, management and communication practices. In conclusion, this study shows that the management of IS security and integrity in an environment of great organizational reliability demands requires the appreciation of structural/functional interdependencies and cultural interactions. By sustaining mindful and reflexive processes and structures of risk communication and interpretation, ISS assurance and governance practices will allow organizations to demonstrate that they can reliably anticipate and contain ISS risks

The Use and Effectiveness of Anti-Virus Software

This study evaluates the effectiveness of currently available anti-virus software. The brand of anti-virus software appears to make a slight difference in identifying viruses on network servers. When individual company workstations were evaluated, no significant differences were detected across products. In general, current users are satisfied with their anti-virus software. Adequate financial resources and lack of management commitment were expressed as the primary limitations to implementing more pervasive security procedure measures within organizations. Most organizations wait until they suffer a substantial attack before they implement serious anti-virus policies and install virus-scanning software. It appears that the shock of a virus episode is needed to force management to commit and allocate the funds to prevent further attacks