Vulnerability anti-patterns:a timeless way to capture poor software practices (Vulnerabilities)

There is a distinct communication gap between the software engineering and cybersecurity communities when it comes to addressing reoccurring security problems, known as vulnerabilities. Many vulnerabilities are caused by software errors that are created by software developers. Insecure software development practices are common due to a variety of factors, which include inefficiencies within existing knowledge transfer mechanisms based on vulnerability databases (VDBs), software developers perceiving security as an afterthought, and lack of consideration of security as part of the software development lifecycle (SDLC). The resulting communication gap also prevents developers and security experts from successfully sharing essential security knowledge. The cybersecurity community makes their expert knowledge available in forms including vulnerability databases such as CAPEC and CWE, and pattern catalogues such as Security Patterns, Attack Patterns, and Software Fault Patterns. However, these sources are not effective at providing software developers with an understanding of how malicious hackers can exploit vulnerabilities in the software systems they create. As developers are familiar with pattern-based approaches, this paper proposes the use of Vulnerability Anti-Patterns (VAP) to transfer usable vulnerability knowledge to developers, bridging the communication gap between security experts and software developers. The primary contribution of this paper is twofold: (1) it proposes a new pattern template – Vulnerability Anti-Pattern – that uses anti-patterns rather than patterns to capture and communicate knowledge of existing vulnerabilities, and (2) it proposes a catalogue of Vulnerability Anti-Patterns (VAP) based on the most commonly occurring vulnerabilities that software developers can use to learn how malicious hackers can exploit errors in software

Effects of attention on postural sway after ACL injury

The structure of variability in the human neuromotor system can be indicative of its health and function (Stergiou & Decker, 2011). More regular variation in gait is found in those with an ACL injury compared to those without (Decker, et al., 2011). Many things may influence postural control including where the mind is focused during a task. Focusing on something outside the body made performance on a balance task more automatic, whereas focusing on the body induced less automatic control (Wulf, et al., 2003). We tested the influence of attentional focus on non-linear aspects of postural sway post ACL injury. Participants stood on a force plate standing as still as possible, keeping the injured knee as still as possible, keeping the uninjured knee as still as possible, or keeping a laser beam as still as possible. Sample Entropy was measured for medial lateral sway, anterior posterior sway, and average displacement of the center of pressure from the mean. A 2 group (injured vs. non-injured) by 4 task (no focus, focus on injured knee, focus on uninjured knee, external focus) ANOVA was run to compare groups and tasks. Those in the ACL group had significantly more irregular sway than the non-injured group for anterior-posterior sway and average displacement. The ACL group, but not the no-injury group, had significantly more irregular average displacement during the external focus task compared to the internal focus tasks. These results lend support for the influence of attentional focus in rehabilitation settings. References: Decker, L.M., Moraiti, C.O., Stergiou, N., & Georgoulis, A.D. (2011). New insights into anterior cruciate ligament deficiency and reconstruction through the assessment of the knee kinematic variability in terms of nonlinear dynamics. Journal Articles. Paper 89. Stergiou, N., & Decker, L. M. (2011). Human movement variability, nonlinear dynamics, and pathology: Is there a connection?. Human Movement Science, 30(5), 869-888. Wulf, G., Weigelt, M., Poulter, D., McNevin, N., (2003). Attentional focus on suprapostural tasks affects balance learning. The Quarterly Journal of Experimental Psychology Section A: Human Experimental Psychology. 56(7), 1191-1211

The gamification of cybersecurity training

Due to the rapidly and continued evolving nature of technology, there is a constant need to update police officers’ training in cyber security to ensure that the UK continues to be a secure place to live and do business. Rather than deliver traditional classroom-based training, our project assesses the effectiveness of the delivery of cyber security through the use of games based learning to simulate cybercrimes and provide training in incident response. The aim of our research is to transform the delivery of first responder training in tackling cybercrime.Through the use of a Game Jam and subsequent prototype development, we have trialed training materials that are based on serious games technology. The game poses a common incident reported to the police, for example the problem of a virtual person receiving offensive messages via Facebook and the training reflects the dialogue with that person and the technical steps to ensure that a copy of the evidence has been preserved for further investigation. Evaluation has been conducted with local police officers. Overall, this approach to the large-scale provision of training (potentially to a whole force) is shown to offer potential

On the use of serious games technology to facilitate large-scale training in cybercrime response

As technology becomes pervasive in everyday life, there are very few crimes that don’t have some ‘cyber’ element to them. The vast majority of crime now has some digital footprint; whether it’s from a CCTV camera, mobile phone or IoT device, there exists a vast range of technological devices with the ability to store digital evidence that could be of use during a criminal investigation. There is a clear requirement to ensure that digital forensic investigators have received up-to-date training on appropriate methods for the seizure, acquisition and analysis of digital devices. However, given the increasing number of crimes now involving a range of technological devices it is increasingly important for those police officers who respond to incidents of crime to have received appropriate training.The aim of our research is to transform the delivery of first responder training in tackling cybercrime.A project trialling the use of computer games technology to train officers in cybercrime response is described. A game simulating typical cybercrime scenes has been developed and its use in training first responders has been evaluated within Police Scotland. Overall, this approach to the large-scale provision of training (potentially to a whole force) is shown to offer potential

On the creation of a secure key enclave via the use of memory isolation in systems management mode

One of the challenges of modern cloud computer security is how to isolate or contain data and applications in a variety of ways, while still allowing sharing where desirable. Hardware-based attacks such as RowHammer and Spectre have demonstrated the need to safeguard the cryptographic operations and keys from tampering upon which so much current security technology depends. This paper describes research into security mechanisms for protecting sensitive areas of memory from tampering or intrusion using the facilities of Systems Management Mode. The work focuses on the creation of a small, dedicated area of memory in which to perform cryptographic operations, isolated from the rest of the system. The approach has been experimentally validated by a case study involving the creation of a secure webserver whose encryption key is protected using this approach such that even an intruder with full Administrator level access cannot extract the key

On the creation of a secure key enclave via the use of memory isolation in systems management mode

One of the challenges of modern cloud computer security is how to isolate or contain data and applications in a variety of ways, while still allowing sharing where desirable. Hardware-based attacks such as RowHammer and Spectre have demonstrated the need to safeguard the cryptographic operations and keys from tampering upon which so much current security technology depends. This paper describes research into security mechanisms for protecting sensitive areas of memory from tampering or intrusion using the facilities of Systems Management Mode. The work focuses on the creation of a small, dedicated area of memory in which to perform cryptographic operations, isolated from the rest of the system. The approach has been experimentally validated by a case study involving the creation of a secure webserver whose encryption key is protected using this approach such that even an intruder with full Administrator level access cannot extract the key

Virtual Reality For Therapeutic Recreation In Dementia Hospice Care: A Feasibility Study

Purpose Feasibility study to explore virtual reality (VR) via wireless goggles as a therapeutic recreation for people with dementia on hospice (hPWD) To explore the acceptability of VR to hPWD To identify any problems and/or benefits associated with using VR as a form of therapeutic recreation in hPWD on hospicehttps://digitalcommons.unmc.edu/emet_posters/1002/thumbnail.jp

Promoting nurses’ and midwives’ ethical responsibilities towards vulnerable people : An alignment of research and clinical practice

Aim To stimulate discussion and debate about the inclusion of vulnerable populations in primary research to inform practice change and improve health outcomes. Background Current research practices to safeguard vulnerable people from potential harms related to power imbalances may in fact limit the generation of evidence-based practice. Evaluation The authors draw on their experience working and researching with a recognized group of vulnerable people, incarcerated pregnant women, to provide insight into the application of ethics in both research and clinical practice. In a novel approach, the ethical principles are presented in both contexts, articulating the synergies between them. Suggestions are presented for how individuals, managers and organizations may improve research opportunities for clinical practitioners and enhance the engagement of vulnerable people to contribute to meaningful practice and policy change. Key Issues Ethical practice guidelines may limit the ability to create meaningful change for vulnerable populations, who need authentic system change to achieve good health outcomes. Conclusion Inclusive research and practice are essential to ensuring a strengths-based approach to healthcare and addressing health needs of the whole population. Health systems and models of care recognizing the diverse lives and health needs of the broader population demand practical, sustainable support from clinical managers. Implications for Nursing Management Practical suggestions for clinical managers to support point of care research is provided, embedding vulnerable voices in policy, practice development and care provision