Threat Modelling for Active Directory

This paper analyses the security threats that can arise against an Active Directory server when it is included in a Web application. The approach is based on the STRIDE classification methodology. The paper also provides outline descriptions of countermeasures that can be deployed to protect against the different threats and vulnerabilities identified here

Threats Management Throughout the Software Service Life-Cycle

Software services are inevitably exposed to a fluctuating threat picture. Unfortunately, not all threats can be handled only with preventive measures during design and development, but also require adaptive mitigations at runtime. In this paper we describe an approach where we model composite services and threats together, which allows us to create preventive measures at design-time. At runtime, our specification also allows the service runtime environment (SRE) to receive alerts about active threats that we have not handled, and react to these automatically through adaptation of the composite service. A goal-oriented security requirements modelling tool is used to model business-level threats and analyse how they may impact goals. A process flow modelling tool, utilising Business Process Model and Notation (BPMN) and standard error boundary events, allows us to define how threats should be responded to during service execution on a technical level. Throughout the software life-cycle, we maintain threats in a centralised threat repository. Re-use of these threats extends further into monitoring alerts being distributed through a cloud-based messaging service. To demonstrate our approach in practice, we have developed a proof-of-concept service for the Air Traffic Management (ATM) domain. In addition to the design-time activities, we show how this composite service duly adapts itself when a service component is exposed to a threat at runtime.Comment: In Proceedings GraMSec 2014, arXiv:1404.163

Terrorism threat in Belgium : the resilience of Belgian citizens and the protection of governmental reputation by means of communication

In November 2015, the terrorism threat in Belgium confronted both citizens and the government with a situation characterized by high uncertainty. In this context, a national survey was conducted among 805 respondents, with three purposes. First, this case study aimed to explore how Belgians deal with the threat by examining if they change their behavior in public places and seek information about the threat. Second, we investigated why people seek and process information about the terrorism threat based on three determinants,namely their level of involvement with the threat, the expert efficacy of the government, and attitudes towards mass media communication. Finally, this study elaborated on perceived governmental efficacy, researching how governmental reputation is affected through institutional trust and governmental responsibility. The results show that the terrorism threat leads citizens to be more alert in public places and participate less in mass events. Moreover, one fifth stopped traveling by public transport. It was found that Belgian citizens also searched for information several times a day, mostly via traditional media such as television and radio. Furthermore, based on structural equation modelling, we found that information seeking and processing behavior is determined by the cognitive assessment of the risk. This cognitive risk assessment is in turn positively influenced by risk involvement and perceived governmental expert efficacy. However, if the mass media are seen to focus too much on drama and sensationalism then the perception of risk decreases, and this in turn reduces information seeking behavior. In addition, results show that a perception of governmental expert efficacy is able to increase trust and decrease the level of governmental responsibility, which is in turn beneficial for governmental reputation. The implications of these findings are discussed

The THREAT-ARREST Cyber-Security Training Platform

Cyber security is always a main concern for critical infrastructures and nation-wide safety and sustainability. Thus, advanced cyber ranges and security training is becoming imperative for the involved organizations. This paper presets a cyber security training platform, called THREAT-ARREST. The various platform modules can analyze an organization’s system, identify the most critical threats, and tailor a training program to its personnel needs. Then, different training programmes are created based on the trainee types (i.e. administrator, simple operator, etc.), providing several teaching procedures and accomplishing diverse learning goals. One of the main novelties of THREAT-ARREST is the modelling of these programmes along with the runtime monitoring, management, and evaluation operations. The platform is generic. Nevertheless, its applicability in a smart energy case study is detailed

Geospatial threat measurement : an analysis of the threat the diatom Didymosphenia geminata poses to Canterbury, New Zealand : a thesis submitted in fulfilment of the requirements for the degree of Master of Philosophy in Geographic Information Systems in Massey University, Palmerston North

This thesis provides analysis of the threat Didymosphenia geminata poses to the Canterbury Conservancy of the Department of Conservation More specifically, it examines the relationship between Values, Risk and Hazard to measure the degree of threat posed by the diatom. This is the first time this type of Threat Analysis has been applied to such a problem in this region; and so will provide an important insight into the validity of the application of this methodology to an alien invasive threat. Moreover, it is the first time Values. Risk and Hazard have been modelled together to give an over all threat classification in this context. Risk mitigation is one of the variables that can be measured, managed and priced; factoring this into the model is also discussed. Qualitative and quantitative Values and Risk information is provided by Department of Conservation staff; some from their local knowledge and some from biodiversity datasets which have been collected over time. The Risk data is supplemented by fishing access data supplied by the two local Fish and Game Council Offices. Where available, further Values and Risk data has been gleaned from existing datasets in order to supplement the existing data. The Hazard data is taken from the work done by NIWA in 2005 and 2007; the latter being generated after field surveys were conducted on D. geminaia infected sites in the South Island

Climate change impacts on water for irrigated horticulture in the Vale of Evesham. Final Report

This project has undertaken a scoping review and assessment of the impacts of climate change on irrigated horticulture in the Vale of Evesham, an area of intense irrigated production located within the Environment Agency’s Warwickshire Avon CAMS Catchment. The research was based on a combination of methodologies including desk-based review of published and grey literature, computer agroclimatic and water balance modelling, GIS mapping, meetings with key informants and a stakeholder workshop. Future climate datasets were derived from the latest UK Climate Impacts Programme (UKICIP02) climatology, using selected emission scenarios for the 2020s, 2050s and 2080s. These scenarios were then used to model and map the future agroclimatic conditions under which agriculture might operate and the consequent impacts on irrigation need (depths of water applied) and volumetric demand. This was complimented by a postal survey to abstractors and a stakeholder workshop, to identify, review and assess farmer adaptation options and responses. The key findings arising from the research, implications for water resource management and recommendations for further work are summarised below. Using a geographical information system (GIS), a series of agroclimate maps have been produced, for the baseline and selected UKCIP02 scenario. The maps show major changes in agroclimate within the catchment over the next 50 years. The driest agroclimate zones are currently located around Worcester, Evesham, Tewkesbury and Gloucester, corresponding to areas where horticultural production and irrigation demand are most concentrated. By the 2020s, all agroclimate zones are predicted to increase in aridity. By the 2050s the entire catchment is predicted to have a drier agroclimate than is currently experienced anywhere in the driest parts of the catchment. This will have major impacts on the pattern of land use and irrigation water demand. Cont/d

Terrorism Prevention: A General Model

In this paper, I present and discuss a method for modelling an important trade-off faced by terrorism prevention policies: the trade-off between, on the one hand, trying to reduce people's inclination towards terrorism, and, on the other hand, trying to protect society against existing terrorists. In general, cause-related policies reduce inclination towards terrorism (first goal), involving measures such as raising the standard of living, and symptom-related policies reduce the power of terrorists (second goal), involving measures such as capturing and detaining terrorists. But, crucially, symptom-related policies also affect the inclination towards terrorism, through (desirable) deterrence and (undesirable) 'hate effects'. If 'hate effects' dominate over deterrence, more toughness overall increases inclination, possibly overcompensating the 'capture success'. So, symptom-related policies may face a trade-off between capturing terrorists, and thereby possibly creating new terrorists. Through the modelling method presented, both policy goals are simultaneously taken into account.terrorism, threat, war, symptom-related policy, cause-related policy, development policy, development aid, deterrence, hate effect, trade-off, game theory

The economic implications of a multiple species approach to bioeconomic modelling : a thesis presented in partial fulfilment of the requirements for the degree of Master of Applied Economics at Massey University, Palmerston North, New Zealand

Human activity frequently leads to the endangerment or extinction of other species. While ecologists study the biological facets of species loss, economics, as the science of understanding people's behaviour, has been charged with investigating the incentives underlying the actions people take that lead to this loss. One approach economists have taken to gain this understanding is to develop models of endangered species that include both economic and biological components, known as bioeconomic models. While ecologists frequently note the importance of modelling entire ecosystems rather than single species, most bioeconomic models in the current literature focus only on a single species. This thesis addresses the economic significance of this assumption through the development of a series of multiple species models and demonstrates, using African Wildlife as an example, the importance of interrelationships and economic values to the survival of endangered species. From these models one can infer the conditions under which a single species model may be appropriate, at least in general terms. If species are independent, and either the opportunity cost of capital or the value of habitat is very low relative to the value of the species in question, then a single species model may yield results similar to that of a multiple species model. In contrast, if species are independent and these additional conditions are not met, a single species model may significantly underestimate both optimal stock levels and land allocation. However, species do not live independently; they interact with species with which they share habitat and, when species interact, the potential for misapplication of the single species framework is even greater. When species compete, the single species framework consistently produces higher stock levels than the multiple species framework, the greater the level of competition the greater the difference. In a predator-prey relationship, the relative values of predator and prey are critical to determining the outcome of the multiple species model. It is demonstrated that the inclusion of at least all economically valuable species in an ecosystem is important when constructing bioeconomic models. Using single species models where multiple species are economically significant could lead to misleading results and ultimately to incorrect policy decisions