A methodology for testing virtualisation security

There is a growing interest in virtualisation due to its central role in cloud computing, virtual desktop environments and Green IT. Data centres and cloud computing utilise this technology to run multiple operating systems on one physical server, thus reducing hardware costs. However, vulnerabilities in the hypervisor layer have an impact on any virtual machines running on top, making security an important part of virtualisation. In this paper, we evaluate the security of virtualisation, including detection and escaping the environment. We present a methodology to investigate if a virtual machine can be detected and further compromised, based upon previous research. Finally, this methodology is used to evaluate the security of virtual machines. The methods used to evaluate the security include analysis of known vulnerabilities and fuzzing to test the virtual device drivers on three different platforms: VirtualBox, Hyper-V and VMware ESXI. Our results demonstrate that the attack surface of virtualisation is more prone to vulnerabilities than the hypervisor. Comparing our results with previous studies, each platform withstood IOCTL and random fuzzing, demonstrating that the platforms are more robust and secure than previously found. By building on existing research, the results show that security in the hypervisor has been improved. However, using the proposed methodology in this paper it has been shown that an attacker can easily determine that the machine is a virtual machine, which could be used for further exploitation. Finally, our proposed methodology can be utilised to effectively test the security of a virtualised environment

Review of Innovation and Entrepreneurship

Review of Bessant, J. and Tidd, J. (2015). Innovation and entrepreneurship. 3rd ed. Chichester: John Wiley & Son

Guest Introduction to the 40th Anniversary Issue: Manifestos, Web Pages, and Continuities in Criticality

A decade ago, JCI marked its 30th anniversary with a tracing of mastheads (McLuskie, 2004) once manifesto-like in character, but less so as the journal moved through its first three decades. Now, at its 40th year, the word “Inquiry” in the journal’s title still announces an orientation that aims beyond method. Whether discussing the field and its problems or offering alternative modes of inquiry, JCI has a reputation as a space for fresh academic air (more on the history, importance, and perennial vulnerability of that reputation in a moment)

When Conduct is Deemed to Occur in the Workplace and the Liability of Employers for the Sexual Harassment of one Co-Worker by Another

This paper analyses the different approaches of the Employment Relations Act 2000 and the Human Rights Act 1993 as to whether sexual harassment of one co­worker by another occurs as a part of the employment relationship. It examines the Court of Appeal and the Human Rights Review Tribunal regarding the liability of the same person (Smith) for sexual harassment. The Court of Appeal upheld Smith’s dismissal as it impacted on his employment relationship, while the Human Rights Review Tribunal held Smith’s behaviour was not in the in the course of his involvement in employment. Reasons for the difference between the two decisions are examined, looking in particular at employer liability for the actions of co­workers, and the different ways the two Acts deal with such liability. Canadian and Australian approaches to employer liability are examined, noting consistency between the approaches in their human rights and employment legislation. It is suggested that inconsistencies between the Employment Relations Act and the Human Rights may lead to different outcomes regarding employer liability. Finally it is suggested that, given the differences between the two Acts, it would be better for matters of sexual harassment to only be dealt with under the Human Rights Act

Performative entrepreneurship: identity, behaviour and place in adventure sports Enterprise

This research explores entrepreneurial identity and place in adventure sports within the emerging field of sports entrepreneurship. A growing body of literature has established the broad parameters of sports entrepreneurs mainly within the fitness sector. This study applies a performative entrepreneurship lens to explore the embedded nature of identity, behaviour and place amongst mountain bike (MTB) trainers and guides. This qualitative study is based around interviews with six trainers/guides conducted via online forums as well as participatory observations made on a group ride and of a communal response to the natural environment through trail building. Findings illustrate that unlike the fitness sector where there is a more established market and where entrepreneurs often move from employment to self-employment within the sector, the MTB adventure sports entrepreneur operates in a less formalised market resulting in less formal strategic planning. ‘Place’ is an important factor in the performative nature of enterprise in this study and it is clear that it is through lifestyle entrepreneurship that the individuals are ‘performing’ identity

Near-ultrasonic covert channels using software-defined radio techniques

Traditional cybersecurity practices rely on computers only communicating through well-defined expected channels. If malware was developed to use covert channels, such as one created using ultrasonic sound, then this could bypass certain security measures found in computer networks. This paper aims to demonstrate the viability of acoustic covert channels by creating a low-bandwidth ultrasonic frequency channel utilising software-defined radio (SDR) techniques. Previous work was evaluated to identify the strengths and weaknesses of their implementations. Software-defined radio techniques were then applied to improve the performance and reliability of the acoustic covert channel. The proposed implementation was then evaluated over a range of hardware and compared to previous implantations based on the attributes of their throughput, range, and reliability. The outcome of this research was an ultrasonic covert channel implemented in GNU Radio. The proposed implementation was found to provide 47% higher throughput than previous work while using less signal bandwidth. Utilising software-defined radio techniques improves the performance of the acoustic covert channels over previous implementations. It is expected that this technique would be effective in an office environment, but less effective in high security or server environments due to the lack of audio equipment available in these spaces

When Conduct is Deemed to Occur in the Workplace and the Liability of Employers for the Sexual Harassment of one Co-Worker by Another

This paper analyses the different approaches of the Employment Relations Act 2000 and the Human Rights Act 1993 as to whether sexual harassment of one co­worker by another occurs as a part of the employment relationship. It examines the Court of Appeal and the Human Rights Review Tribunal regarding the liability of the same person (Smith) for sexual harassment. The Court of Appeal upheld Smith’s dismissal as it impacted on his employment relationship, while the Human Rights Review Tribunal held Smith’s behaviour was not in the in the course of his involvement in employment. Reasons for the difference between the two decisions are examined, looking in particular at employer liability for the actions of co­workers, and the different ways the two Acts deal with such liability. Canadian and Australian approaches to employer liability are examined, noting consistency between the approaches in their human rights and employment legislation. It is suggested that inconsistencies between the Employment Relations Act and the Human Rights may lead to different outcomes regarding employer liability. Finally it is suggested that, given the differences between the two Acts, it would be better for matters of sexual harassment to only be dealt with under the Human Rights Act