Portunes: generating attack scenarios by finding inconsistencies between security policies in the physical, digital and social domain

The security goals of an organization are implemented through security policies, which concern physical security, digital security and security awareness. An insider is aware of these security policies, and might be able to thwart the security goals without violating any policies, by combining physical, digital and social means. This paper presents the Portunes model, a model for describing and analyzing attack scenarios across the three security areas. Portunes formally describes security alignment of an organization and finds attack scenarios by analyzing inconsistencies between policies from the different security areas. For this purpose, the paper defines a language in the tradition of the Klaim family of languages, and uses graph-based algorithms to find attack scenarios that can be described using the defined language

Effects of grain size and shape in modeling reflectance spectra of mineral mixtures

The effects of grain size and shape on the reflectance spectra of mineral mixtures are investigated to improve a reflectance model called the isograin model, whose prototype was proposed by M. Kinoshita in 1985. The sample powder was assumed to consist of an infinite number of layers, each of which has the same thickness with the grain size d

Multispectral mapping of the lunar surface using groundbased telescopes

Images of the lunar surface were obtained at several wavelengths using a silicon vidicon imaging system and groundbased telescopes. These images were recorded and processed in digital form so that quantitative information is preserved. The photometric precision of the images is shown to be better than 1 percent. Ratio images calculated by dividing images obtained at two wavelengths (0.40/0.56 micrometer) and 0.95/0.56 micrometer are presented for about 50 percent of the lunar frontside. Spatial resolution is about 2 km at the sub-earth point. A complex of distinct units is evident in the images. Earlier work with the reflectance spectrum of lunar materials indicates that for the most part these units are compositionally distinct. Digital images of this precision are extremely useful to lunar geologists in disentangling the history of the lunar surface

Source of the optical red-slope in iron-rich meteorites

The relationship between ordinary chondrites and S-type asteroids is an unresolved issue in meteorite science. S-type asteroids exhibit a positively red-sloped spectrum that is interpreted to indicate the presence of elemental iron on the surfaces. The characteristic red-sloped spectrum of iron-rich meteorites is produced by only the specular component of the reflectance. Complex metallic surfaces can be modeled as linear mixtures of specular and nonspecular components. It is the geometry of the metal on a surface and its interaction with surrounding material, rather than the absolute amount of metal, that determine the redness of resulting spectra. In order to distinguish between ordinary chondrite and differentiated parent bodies it is important to understand how regolith processes affect the nature and form of metal on asteroid surfaces

Using Global Positioning System Analysis to Quantify the movement characteristics of sub elite rugby union players in training and Match Performance

Rugby Union (RU) involves various movement patterns (MP) which includes walking, jogging and sprinting. Substantial physiological differences exist between backs and forwards. The diversity of physiological requirements of each positional group results in a range of physiological stress experienced by players. Game demands and training loads needs to be quantified to maximize the physiological benefits of training an improve performance

Security Policy Alignment:A Formal Approach

Security policy alignment concerns the matching of security policies specified at different levels in socio-technical systems, and delegated to different agents, technical and human. For example, the policy that sales data should not leave an organization is refined into policies on door locks, firewalls and employee behavior, and this refinement should be correct with respect to the original policy. Although alignment of security policies in socio-technical systems has been discussed in the literature, especially in relation to business goals, there has been no formal treatment of this topic so far in terms of consistency and completeness of policies. Wherever formal approaches are used in policy alignment, these are applied to well-defined technical access control scenarios instead. Therefore, we aim at formalizing security policy alignment for complex socio-technical systems in this paper, and our formalization is based on predicates over sequences of actions. We discuss how this formalization provides the foundations for existing and future methods for finding security weaknesses induced by misalignment of policies in socio-technical systems

Portunes: representing attack scenarios spanning through the physical, digital and social domain

The security goals of an organization are realized through security policies, which concern physical security, digital security and security awareness. An insider is aware of these security policies, and might be able to thwart the security goals by combining physical, digital and social means. A systematic analysis of such attacks requires the whole environment where the insider operates to be formally represented. This paper presents Portunes, a framework which integrates all three security domains in a single environment. Portunes consists of a high-level abstraction model focusing on the relations between the three security domains and a lower abstraction level language able to represent the model and describe attacks which span the three security domains. Using the Portunes framework, we are able to represent a whole new family of attacks where the insider is not assumed to use purely digital actions to achieve a malicious goal