Portunes: generating attack scenarios by finding inconsistencies between security policies in the physical, digital and social domain

The security goals of an organization are implemented through security policies, which concern physical security, digital security and security awareness. An insider is aware of these security policies, and might be able to thwart the security goals without violating any policies, by combining physical, digital and social means. This paper presents the Portunes model, a model for describing and analyzing attack scenarios across the three security areas. Portunes formally describes security alignment of an organization and finds attack scenarios by analyzing inconsistencies between policies from the different security areas. For this purpose, the paper defines a language in the tradition of the Klaim family of languages, and uses graph-based algorithms to find attack scenarios that can be described using the defined language

Portunes: representing attack scenarios spanning through the physical, digital and social domain

The security goals of an organization are realized through security policies, which concern physical security, digital security and security awareness. An insider is aware of these security policies, and might be able to thwart the security goals by combining physical, digital and social means. A systematic analysis of such attacks requires the whole environment where the insider operates to be formally represented. This paper presents Portunes, a framework which integrates all three security domains in a single environment. Portunes consists of a high-level abstraction model focusing on the relations between the three security domains and a lower abstraction level language able to represent the model and describe attacks which span the three security domains. Using the Portunes framework, we are able to represent a whole new family of attacks where the insider is not assumed to use purely digital actions to achieve a malicious goal

Two methodologies for physical penetration testing using social engineering

Penetration tests on IT systems are sometimes coupled with physical penetration tests and social engineering. In physical penetration tests where social engineering is allowed, the penetration tester directly interacts with the employees. These interactions are usually based on deception and if not done properly can upset the employees, violate their privacy or damage their trust toward the organization and might lead to law suits and loss of productivity. We propose two methodologies for performing a physical penetration test where the goal is to gain an asset using social engineering. These methodologies aim to reduce the impact of the penetration test on the employees. The methodologies have been validated by a set of penetration tests performed over a period of two year

A Real-Time Ethernet Network at Home

This paper shows the current state of our research into a home network which provides both real-time and non-real-time capabilities for one coherent, distributed architecture. It is based on a new type of real-time token protocol that uses scheduling to achieve optimal token-routing in the network. Depending on the scheduling algorithm, bandwidth utilisations of 100% are possible. Token management, to prevent token-loss or multiple tokens, is essential to support a dynamic, plug-and-play configuration. Our network will support inexpensive, small appliances as well as more expensive, large appliances. Small appliances, like sensors, would contain low-cost, embedded processors with limited computing power, which can handle lightweight network protocols. All other operations can be delegated to other appliances that have sufficient resources. This provides a basis for transparency, as it separates controlling and controlled object

Staphylococcus aureus nasal colonization in HIV-seropositive and HIV-seronegative drug users

Nasal colonization plays an important role in the pathogenesis of Staphylococcus aureus infections. To identify characteristics associated with colonization, we studied a cross-section of a well-described cohort of HIV-seropositive and -seronegative active and former drug users considered at risk for staphylococcal infections. Sixty percent of the 217 subjects were Hispanic, 36% were women, 25% actively used injection drugs, 23% actively used inhalational drugs, 23% received antibiotics, and 35% were HIV-seropositive. Forty-one percent of subjects had positive nasal cultures for S. aureus. The antibiotic susceptibility patterns were similar to the local hospital's outpatient isolates and no dominant strain was identified by arbitrarily primed polymerase chain reaction (AB-PCR). Variables significantly and independently associated with colonization included antibiotic use (odds ratio [OR] = 0.37; confidence interval [CI] = 0.18-0.77), active inhalational drug use within the HIV-seropositive population (OR = 2.36; CI = 1.10-5.10) and female gender (OR = 1.97; CI = 1.09-3.57). Characteristics not independently associated included injection drug use, HIV status, and CD4 count. The association with active inhalational drug use, a novel finding, may reflect alterations in the integrity of the nasal mucosa. The lack of association between HIV infection and S. aureus colonization, which is contrary to most previous studies, could be explained by our rigorous control for confounding variables or by a limited statistical power due to the sample sizes

A social-ecological analysis of ecosystem services supply and trade-offs in European wood-pastures

Wood-pastures are complex social-ecological systems (SES), which are the product of long-term interaction between society and its surrounding landscape. Traditionally characterized by multifunctional low-intensity management that enhanced a wide range of ecosystem services (ES), current farm management has shifted toward more intensive farm models. This study assesses the supply of ES in four study areas dominated by managed wood-pastures in Spain, Sweden, and Romania. On the basis of 144 farm surveys and the use of multivariate techniques, we characterize farm management and structure in the study areas and identify the trade-offs in ES supply associated with this management. We link these trade-offs to multiple factors that characterize the landholding: economic, social, environmental, technological, and governance. Finally, we analyze how landholders' values and perspectives have an effect on management decisions. Results show a differentiated pattern of ES supply in the four study areas. We identified four types of trade-offs in ES supply that appear depending on what is being promoted by the farm management and that are associated with different dimensions of wood-pasture management: productivity-related trade-offs, crop production-related trade-offs, multifunctionality-related trade-offs, and farm accessibility-related trade-offs. These trade-offs are influenced by complex interactions between the properties of the SES, which have a direct influence on landholders' perspectives and motivations. The findings of this paper advance the understanding of the dynamics between agroecosystems and society and can inform system-based agricultural and conservation policies

Verification of a Transactional Memory Manager under Hardware Failures and Restarts

Abstract. We present our formal verification of the persistent mem-ory manager in IBM’s 4765 secure coprocessor. Its task is to achieve a transactional semantics of memory updates in the face of restarts and hardware failures and to provide resilience against the latter. The inclu-sion of hardware failures is novel in this area and incurs a significant jump in system complexity. We tackle the resulting verification challenge by a combination of a monad-based model, an abstraction that reduces the system’s non-determinism, and stepwise refinement. We propose novel proof rules for handling repeated restarts and nested metadata transac-tions. Our entire development is formalized in Isabelle/HOL.