Addressing the Insider Threat

In their guest editors' introduction to the special issue on Insider Threat, Shari Lawrence Pfleeger and Salvatore Stolfo describe a taxonomy of insiders and their unwelcome actions, as well as the need for credible data to document the size and nature of the insider threat. They suggest that the three articles in the special issue shed light not only on how to generate data for further study but also on how to use the data in models that can help evaluate the likely effects of various responses. The introduction ends with a matrix showing the variety of sensible and effective responses that must be sensitive to the organizations, systems, environments, and individuals involved with inappropriate insider behavior

Picking battles: The impact of trust assumptions on the elaboration of security requirements

This position paper describes work on trust assumptions in the con-text of security requirements. We show how trust assumptions can affect the scope of the analysis, derivation of security requirements, and in some cases how functionality is realized. An example shows how trust assumptions are used by a requirements engineer to help define and limit the scope of analysis and to document the decisions made during the process

Burgerville: Sustainability and Sourcing in a QSR Supply Chain

Jack Graves is considering buying chicken. More precisely, Jack is considering where to buy chicken. He needs to make a recommendation to the purchasing team soon, and the decision is complicated. Jack is a long-time employee of the Burgerville restaurant chain, a quick-serve restaurant chain in the Northwest USA. Burgerville prides itself in being true to its long-held values while maintaining profitability and growth. Graves’ primary job at Burgerville is to assure that the company’s values are embedded in all its actions, including its relationships to its supply chain. His current concern is the dilemma of which values to promote. Burgerville sells chicken, lots of chicken. So the purchase of chicken has significant impacts on the social and environmental impacts of Burgerville’s supply chain. Should Burgerville buy local, with the inherent social and environmental benefits, while paying attention to concerns about labor issues, animal treatment, and non-organic stewardship? Or should it find a supplier with some assurance that these potential problems are eliminated, regardless of location? Jack knows that Burgerville needs to address this issue soon, as the supply of chicken that is produced to Burgerville’s high standards is small and there are sure to be competitors seeking the same products. He will have to weigh the company’s values and make a recommendation soon. As the Chief Cultural Officer of The Holland Inc., Burgerville’s parent company, Jack Graves is constantly aware of the need to align the Burgerville culture and identity throughout all units of the business, including vendor partners. The chain’s slogan: Fresh. Local. Sustainable. proclaims its commitment to offering foods differently than other quick serve chains, with specific attention to where food is being sourced. Burgerville aims to deliver on this promise as often as possible, and has had success in the past. Over the past decade, Burgerville has made a concerted effort to ensure its purchasing supports it values. As of 2009, over 70% of Burgerville’s total spending on food products was from local suppliers, up from less than 60% in 2008. With chicken, though, Graves was faced with some difficult questions and hard choices: can Burgerville find a local supplier who can provide a sufficient quantity and quality of breaded and plain chicken breasts and chicken strips at a cost comparable to the existing national brand supplier? Is buying local the most important decision to make for Burgerville and its image? Is the issue more than simply reducing the distance the food travels from origin to the customer? Are Burgerville customers willing to pay a premium for locally sourced chicken? It makes sense to purchase from local farmers who may then become loyal customers, but what if distant farms operate more sustainably than the local farms? Is there a sustainable chicken farm that could handle Burgerville’s demand? These questions weigh on Graves’s mind as he struggles to balance the chain’s profitability with the company’s values

Barriers to Usable Security? Three Organizational Case Studies

Usable security assumes that when security functions are more usable, people are more likely to use them, leading to an improvement in overall security. Existing software design and engineering processes provide little guidance for leveraging this in the development of applications. Three case studies explore organizational attempts to provide usable security products

A Case Study on Artefact-based RE Improvement in Practice

Most requirements engineering (RE) process improvement approaches are solution-driven and activity-based. They focus on the assessment of the RE of a company against an external norm of best practices. A consequence is that practitioners often have to rely on an improvement approach that skips a profound problem analysis and that results in an RE approach that might be alien to the organisational needs. In recent years, we have developed an RE improvement approach (called \emph{ArtREPI}) that guides a holistic RE improvement against individual goals of a company putting primary attention to the quality of the artefacts. In this paper, we aim at exploring ArtREPI's benefits and limitations. We contribute an industrial evaluation of ArtREPI by relying on a case study research. Our results suggest that ArtREPI is well-suited for the establishment of an RE that reflects a specific organisational culture but to some extent at the cost of efficiency resulting from intensive discussions on a terminology that suits all involved stakeholders. Our results reveal first benefits and limitations, but we can also conclude the need of longitudinal and independent investigations for which we herewith lay the foundation

Canonical finite state machines for distributed systems

There has been much interest in testing from finite state machines (FSMs) as a result of their suitability for modelling or specifying state-based systems. Where there are multiple ports/interfaces a multi-port FSM is used and in testing, a tester is placed at each port. If the testers cannot communicate with one another directly and there is no global clock then we are testing in the distributed test architecture. It is known that the use of the distributed test architecture can affect the power of testing and recent work has characterised this in terms of local s-equivalence: in the distributed test architecture we can distinguish two FSMs, such as an implementation and a specification, if and only if they are not locally s-equivalent. However, there may be many FSMs that are locally s-equivalent to a given FSM and the nature of these FSMs has not been explored. This paper examines the set of FSMs that are locally s-equivalent to a given FSM M. It shows that there is a unique smallest FSM χmin(M) and a unique largest FSM χmax(M) that are locally s-equivalent to M. Here smallest and largest refer to the set of traces defined by an FSM and thus to its semantics. We also show that for a given FSM M the set of FSMs that are locally s-equivalent to M defines a bounded lattice. Finally, we define an FSM that, amongst all FSMs locally s-equivalent to M, has fewest states. We thus give three alternative canonical FSMs that are locally s-equivalent to an FSM M: one that defines the smallest set of traces, one that defines the largest set of traces, and one with fewest states. All three provide valuable information and the first two can be produced in time that is polynomial in terms of the number of states of M. We prove that the problem of finding an s-equivalent FSM with fewest states is NP-hard in general but can be solved in polynomial time for the special case where there are two ports

Intrusion-aware Alert Validation Algorithm for Cooperative Distributed Intrusion Detection Schemes of Wireless Sensor Networks

Existing anomaly and intrusion detection schemes of wireless sensor networks have mainly focused on the detection of intrusions. Once the intrusion is detected, an alerts or claims will be generated. However, any unidentified malicious nodes in the network could send faulty anomaly and intrusion claims about the legitimate nodes to the other nodes. Verifying the validity of such claims is a critical and challenging issue that is not considered in the existing cooperative-based distributed anomaly and intrusion detection schemes of wireless sensor networks. In this paper, we propose a validation algorithm that addresses this problem. This algorithm utilizes the concept of intrusion-aware reliability that helps to provide adequate reliability at a modest communication cost. In this paper, we also provide a security resiliency analysis of the proposed intrusion-aware alert validation algorithm.Comment: 19 pages, 7 figure

From Weakest Link to Security Hero: Transforming Staff Security Behavior

Practitioners, researchers and policy-makers involved with cyber security often talk about “security hygiene:” ways to encourage users of computer technology to use safe and secure behavior online. But how do we persuade workers to follow simple, fundamental processes to protect themselves and others? These issues are raised by behavioral scientists, to encourage worker, passenger and patient compliance. In this paper, we explore and summarize findings in social psychology about moral values and habit formation, and then integrate them into suggestions for transforming staff security behavior online

On Evidence-based Risk Management in Requirements Engineering

Background: The sensitivity of Requirements Engineering (RE) to the context makes it difficult to efficiently control problems therein, thus, hampering an effective risk management devoted to allow for early corrective or even preventive measures. Problem: There is still little empirical knowledge about context-specific RE phenomena which would be necessary for an effective context- sensitive risk management in RE. Goal: We propose and validate an evidence-based approach to assess risks in RE using cross-company data about problems, causes and effects. Research Method: We use survey data from 228 companies and build a probabilistic network that supports the forecast of context-specific RE phenomena. We implement this approach using spreadsheets to support a light-weight risk assessment. Results: Our results from an initial validation in 6 companies strengthen our confidence that the approach increases the awareness for individual risk factors in RE, and the feedback further allows for disseminating our approach into practice.Comment: 20 pages, submitted to 10th Software Quality Days conference, 201