6th European Conference - Academic Conferences Limited

Proceedings
of the
7th International
Conference on Information
Warfare and Security
Center for Information Assurance
and Cybersecurity
University of Washington
Seattle
USA
22-23 March 2012
Edited by
Dr. Volodymyr Lysenko
Center for Information Assurance
and Cybersecurity
University of Washington
Seattle
USA

Copyright The Authors, 2012. All Rights Reserved.
No reproduction, copy or transmission may be made without written
permission from the individual authors.
Papers have been double-blind peer reviewed before final submission to the
conference. Initially, paper abstracts were read and selected by the
conference panel for submission as possible papers for the conference.
Many thanks to the reviewers who helped ensure the quality of the full
papers.
These Conference Proceeding have been submitted to the Thomson ISI for
indexing.
Further copies of this book can be purchased from
http://academic-conferences.org/2-proceedings.htm
CD version ISBN: 978-1-908272-30-0
CD version ISSN: 2048-9897
Book version ISBN: 978-1-908272-29-4
Book Version ISSN: 2048-9870
Published by Academic Publishing Limited
Reading
UK
44-118-972-4148
www.academic-publishing.org

Contents
Paper Title Author(s) Guide
Page
i
Page
No.
Preface vi iv
Biographies of Conference
Chairs, Programme Chair,
Keynote Speaker and Minitrack
Chairs
Biographies of contributing
authors
Detecting Hidden Logic
Bombs in Critical
Infrastructure Software
The Development of IO / IW
Curriculums in the United
States: A Review of Current
Efforts and a Case Study
From Norwich University
Establishing Cyberspace
Sovereignty
Study of the Perception of
Cyber Threats and the Fear
of Cybercrime
Effectively Teaching Cyber
Warfare to a Non-Technical
Audience
Decision-Making by Effective
C2I System
Virtual NonState Actors as
Clausewitzian Centers of
Gravity: An Examination for
Sensemaking, Elaboration
and Discussion
Hira Agrawal, James Alberi,
Lisa Bahler , Josephine
Micallef, Alexandr Virodov,
Mark Magenheimer, Shane
Snyder, Vidroha Debroy
and Eric Wong
x vii
xiii ix
1 1
Edwin Leigh Armistead 1 12
Kris Barcomb, Dennis Krill,
Robert Mills and Michael
Saville
Igor Bernik and Gorazd
Mesko
David Bibighaus, David
Gibson, Martin Carlisle,
David Merritt, Jeff Boleng
and James Maher
Martin Blaha and Kateřina
Brabcová
2 19
3 27
4 36
4 44
Larisa Breton 5 51

Paper Title Author(s) Guide
Page
BioONT: Improving
Knowledge Organization and
Representation in the
Domain of Biometric
Authentication
Fairness of Trust Based
Mobile ad hoc Network
Protocols
Attribution of Drive-by
Downloads Involved in
Osama’s Death Malware
Campaign
SCADA Systems in South
Africa and Their
Vulnerabilities
Cyber Security Awareness
Initiatives in South Africa: A
Synergy Approach
Comparing Models of
Offensive Cyber Operations
Protecting Health
Information Privacy and
Safety on the Internet:
United States eHealth
Systems and Legal
Perspectives
Security Preprocessor for
Industrial Control Networks
The Influence of Cyber
Security Levels of South
African Citizens on National
Security
A Targeted Wireless Denial
of Service Attack: Deauth or
not to Deauth, That is the
Question
ii
Page
No.
Stephen Buerle 6 56
Ivan Daniel Burke and
Martin Olivier
Manoj Cherukuri and
Srinivas Mukkamala
Grace Chileshe and Renier
van Heerden
Zama Dlamini and Mapule
Modise
Tim Grant Ivan Burke and
Renier van Heerden
Virginia Greiman, Tanya
Zlateva, and Lou
Chitkushev
Jeffrey Hieb, James
Graham, Jacob Schreiver
and Kyle Moss
Joey Jansen van Vuuren,
Marthie Grobler and Jannie
Zaaiman
Michael Kraft and Jonathan
Holston
6 67
7 82
8 90
8 98
9 108
10 122
11 130
11 138
12 148

Paper Title Author(s) Guide
Page
A Novel Friendly Image-
Based CAPTCHA With Auto-
Generation of Test Data
Using Attack Trees to
Assess Security Controls for
Supervisory Control and
Data Acquisition Systems
(SCADA)
Measures to Abate Evil Twin
Attacks in 802.11
Securing America Against
Cyber war
Examining Trade Offs for
Hardware-Based Intellectual
Property Protection
An Approach for Cross-
Domain Intrusion Detection
Perceptions Towards
eBanking Security: An
Empirical Investigation of a
Developing Country`s
Banking Sector, how Secure
is eBanking?
Implementation of
Symmetric Block Ciphers
Using GPGPU
Trolling Online for Real
World Identities
From Traditional Local to
Global Cyberspace –
Slovenian Perspectives on
Information Warfare
Chun-Jung Lee, Wei-Bin
Lee, Chin-Sheng Liu, Kevin
Ho and Chyi-Ren Dow
Juan Lopez Jr., Jason
Nielsen, Jeffrey Hemmes
and Jeffrey Humphries
Sayonnha Mandal and
Nagadivya Veldanda
Jayson McCune and
Dwight Haworth
Jeffrey Todd McDonald and
Yong Kim
Thuy Nguyen, Mark
Gondree, Jean Khosalim,
David Shifflett, Timothy
Levin and Cynthia Irvine
iii
Page
No.
13 158
14 166
15 178
15 185
16 192
16 203
Bongani Ngwenya 17 213
Naoki Nishikawa, Keisuke
Iwai and Takakazu
Kurokawa
Christopher Perr, Daniel
Compton and John
Hamilton
Kaja Prislan and Igor
Bernik
18 222
19 233
19 237

Paper Title Author(s) Guide
Page
Convergence of Electronic
Warfare and Computer
Network Exploitation/Attacks
Within the Radio Frequency
Spectrum
Supply Chain Attacks: Basic
Input Output Systems
(BIOS), Mux Multiplexers
and Field Programmable
Gate Arrays (FPGA)
Attribution: Accountability in
Cyber Incidents
A Game Theoretic Model of
Strategic Conflict in
Cyberspace
Visualization in Information
Security
A Novel Biometric System
Based on Tongueprint
Images
Intelligence and Influence
Potential in Virtual Worlds
Classifying Network Attack
Scenarios Using an
Ontology
A Practical Method for
Minimization of Attack
Surfaces in Information
Warfare
Simulated e-Bomb Effects
on Electronically Equipped
Targets
David Rohret and Abiud
Jimenez
David Rohret and Justin
Willmann
iv
Page
No.
20 245
21 254
Daniel Ryan and Julie Ryan 22 265
Harrison Schramm, David
Alderson, Matthew Carlyle
and Nedialko Dimitrov
Dino Schweitzer and
Steven Fulton
Mohammad Reza
Shahriari, Shirin Manafi and
Sepehr Sadeghian
23 272
23 288
24 297
George Stein 25 304
Renier Pelser van Heerden ,
Barry Irwin and Ivan Burke
Charles Wilson and Bradley
Wilkerson
26 311
27 325
Enes Yurtoğlu 28 330
PhD Papers 29 349
Cyberpower: Learning From
the Rich, Historical
Experience of War
Ernest Lincoln Bonner 31 351

Paper Title Author(s) Guide
Page
Reducing False Positives in
an Anomaly-Based NIDS
An Ontological Approach to
Information Security
Management
Saeide Hatamikhah and
Mohammad Laali
Teresa Pereira and
Henrique Santos
v
Page
No.
31 358
32 368
Non Academic paper 33 377
The Crawl, Walk, run
Progression for Strategic
Communication
Christopher Paul 35 379
Work In Progress papers 37 387
Cyber Fratricide: A Literature
Review
Behavioral-Based Method
for Detecting SCADA
Malware
Modelling Organizational
Management by
Strengthening the
Information Protection
Requirements in Innovative
Organizations
Evaluation of Traditional
Security Solutions in the
SCADA Environment
Hackers at the State
Service: Cyberwars Against
Estonia and Georgia
Norah Abokhodair and
Aaron Alva
Henry Bushey, Juan Lopez
and Jonathan Butts
Marcela Izabela Ciopa
Stiuca and Cristian Silviu
Banacu
Robert Larkin, Juan Lopez
and Jonathan Butts
Volodymyr Lysenko and
Barbara Endicott-Popovsky
Presentation only 43
ICT Security In The Modern
Airport – Can Organic
Growth Ever be Secure?
A Progress Report on the IW
Ops Manual
John McCarthy, Bryan Mills
and Don Milne
39 389
40 392
41 395
41 399
42 404
45
Eneken Tikk Ringas 46

Preface
These Proceedings are the work of researchers contributing to the 7th
International Conference on Information Warfare and Security (ICIW 2012),
hosted this year by the Center for Information Assurance and Cybersecurity,
University of Washington University, Seattle, USA. The Conference Chair is
Dr. Barbara Endicott-Popovsky, and the Programme Chair is Dr. Volodymyr
Lysenko, both from the Center for Information Assurance and Cybersecurity.
The opening keynote address this year is given by Kirk Bailey, from CISO,
University of Washington, Seattle, USA,. The second day will be opened by
Dr. Eneken Tikk-Ringas, from the University of Toronto, Munk School of
International Affairs, Toronto, Canada.
An important benefit of attending this conference is the ability to share ideas
and meet the people who hold them. The range of papers will ensure an
interesting and enlightened discussion over the full two day schedule. The
topics covered by the papers this year illustrate the depth of the information
operations’ research area, with the subject matter ranging from the highly
technical to the more strategic visions of the use and influence of information.
With an initial submission of 76 abstracts, after the double blind, peer review
process there are 46 papers published in these Conference Proceedings,
including contributions from Czech Republic, India, Iran, Japan, Netherlands,
Nigeria, Portugal, Romania, Slovenia, South Africa, Taiwan, Turkey, United
Kingdom, USA and Zimbabwe.
I wish you a most enjoyable conference.
March 2012
Volodymyr Lysenko
Washington University
Programme Chair
vi

Conference Committee
Conference Executive
Barbara Endicott-Popovsky, Center for Information Assurance and
Cybersecurity, University of Washington, Seattle, USA
Volodymyr Lysenko, Center for Information Assurance and Cybersecurity,
University of Washington, Seattle, USA
Daniel T Kuehl, National Defense University, Washington, DC, USA
Leigh Armistead, Peregrine Technical Solutions LLC, USA
Andy Jones, Security Research Centre, BT, UK and and Khalifa University,
UAE
William Mahoney The Peter Kiewit Institute, University of Nebraska Omaha,
Omaha, USA
Mini Track Chairs
Natarajan Vijayarangan, Tata Consultancy Services, India
Daniel J. Ryan, National Defense University, Washington, DC, USA
Juan Lopez Jr., Center for Cyberspace Research at the Air Force Institute of
Technology (AFIT), Dayton, Ohio, USA
Dan Shoemaker, Center for Cybersecurity and Intelligence Studies (CCSIS),
at the University of Detroit Mercy, Michigan, USA
Ronald C. Dodge, Information and Educational Technology at the United
States Military Academy (USMA), West Point, USA
Committee Members
The conference programme committee consists of key people in the
information systems, information warfare and information security
communities around the world. The following people have confirmed their
participation:
Olalekan Babatunde Adeleye (University of Ado Ekiti, Nigeria); Gail-joon Ahn
(University of North Carolina at Charlotte, USA); Jim Alves-Foss (University of
Idaho, USA); Todd Andel (Air Force Institute of Technology, USA); Leigh
Armistead (Edith Cowan University, Australia); Johnnes Arreymbi (University
of East London, UK); Rusty Baldwin (Air Force Institute of Technology, USA);
Richard Baskerville (Georgia State University, USA); Alexander Bligh (College
of Judea and Samaria, Ariel, Israel); Svet Braynov (University of Illinois,
Springfield, USA); Susan Brenner, University of Dayton, Ohio, USA); Acma
Bulent (Anadolu University, Eskisehir, Turkey); Jonathan Butts (AFIT, USA);
Blaine Burnham (University of Nebraska, Omaha, USA); Roy Campbell
(University of Ilinois at Urbana and Champaign, USA); Catharina Candolin
(Defence Command Finland, Finland); Marco Carvalho (Institute for Human
and Machine Cognition (IHMC), USA); Joobin Choobineh (Texas A&M
University, USA); Nathan Clarke (University of Plymouth, UK); Ronen Cohen
(Ariel University Centre, Israel); Earl Crane (George Washington University,
vii

USA); Geoffrey Darnton (Requirements Analytics, UK); Dipankar Dasgupta
(Intelligent Security Systems Research Lab, University of Memphis, USA);
Evan Dembskey (UNISA, Pretoria, South Africa); Dorothy Denning (Naval
Post Graduate School, USA); Glenn Dietrich (University of Texas, Antonio,
USA); Prokopios Drogkaris (University of the Aegean, Greece); David
Fahrenkrug (379 EOSS/CC, USAF, Qatar); Larry Fleurantin (Larry R.
Fleurantin & Associates, P.A., USA); Xinwen Fu (Dakota State University,
USA); Kenneth Geers (Cooperative Cyber Defence Centre of Excellence,
USA); Kevin Gleason (KMG Consulting, MA, USA); Sanjay Goel (University
of Albany, SUNY, USA); Virginia Greiman (Boston University, USA); Michael
Grimaila (Air Force Institute of Technology, USA); Daniel Grosu (Wayne State
University, Detroit, USA, USA); Drew Hamilton (Auburn University, Alabama,
USA); Joel Harding (IO Institute, Association of Old Crows, USA); Dwight
Haworth (University of Nebraska at Omaha, USA); Philip Hippensteel (Penn
State University, Middletown, USA); Bill Hutchinson (Edith Cowan University,
Australia); Jeffrey Humphries (Air Force Institute of Technology, USA); Berg
Hyacinthe (Assas School of Law, Universite Paris II/CERSA-CNRS, France);
Cynthia Irvine (Naval Post Graduate School, USA); Andy Jones (BT, UK);
James Joshi (University of Pittsburgh, USA); Leonard Kabeya Mukeba
(ESU/ISTA-Kin & Ecole Doctorale de l'UPN, Kinshasa, Democratic Republic
of the Congo); Prashant Krishnamurthy (University of Pittsburgh, USA); Dan
Kuehl (National Defense University, USA); Takakazu Kurokawa (The National
Defense Academy, Japan); Rauno Kuusisto (Finish Defence Force, Finland);
Tuija Kuusisto (Internal Security ICT Agency HALTIK, Finland); Arun Lakhotia
(University of Louisiana Lafayertte, USA); Michael Lavine (John Hopkins
University's Information Security Institute, USA); Louise Leenan (CSIR,
Pretoria, South Africa); Tara Leweling (Naval Postgraduate School, Pacific
Grove, USA); Sam Liles (Purdue University Calumet, USA); Juan Lopez (Air
Force Institute of Technology, USA); Cherie Long (Clayton State University,
USA); Bin Lu (West Chester University of PA, USA); Brian Lopez (Lawrence
Livermore National Laboratory, USA); Bill Mahoney (University of Nebraska,
Omaha, USA); Billy Maloney (UAHuntsville and Dynetics Inc., Huntsville,
USA); John McCarthy (Buckinghamshire and Chiltern University College,
USA); Todd McDonald (Air Force Institute of Technology, USA); Robert Miller
(National defense University, USA); yaich Mohamed Reda (École nationale
supérieure des mines , France); Evangelos Moustakos (Middlesex University,
UK); Srinivas Mukkamala (New Mexico Tech, Socorro, USA); Barry Mullins
(Air Force Institute of Technology, USA); Muhammad Naveed (University of
Engineering and Technology, Peshawar, Pakistan); Rain Ottis (Cooperative
Cyber Defence Centre of Excellence, Estonia); Andrea Perego (Università
degli Studi dell’Insubria, Italy); Gilbert Peterson (Air Force Institute of
Technology, USA); Andy Pettigrew (George Washington University, USA);
Jackie Phahlamohlaka (Council for Scientific and Industrial Research,
Petoria, South Africa); Engur Pisirici (govermental-independent, Turkey); Rick
Raines (Air Force Institute of Technology, USA); Ken Revett (British University
viii

in Egypt, Egypt ); Neil Rowe (US Naval Postgraduate School, Monterey,
USA); Sankardas Roy (University of Memphis, USA); Julie Ryan (George
Washington University, USA); Daniel Ryan (National Defence University,
Washington DC, USA); Corey Schou (Idaho State University, USA); Frederick
Shelton (Oak Ridge National Labratory One, USA); Dan Shoemaker
(University of Detroit Mercy, Detroit, USA); Ma Shuangge (Yale University,
USA); Risby Sohaimi (National Defence University of Malaysia); William
Sousan (University Nebraska, Omaha, USA); Dennis Strouble (Air Force
Institute of Technology, USA); Kevin Streff (Dakota State University, USA);
Peter Thermos (Columbia Univeristy/Palindrome Technologies, Red Bank);
Bhavani Thuraisingham (University of Texas at Dallas, USA); Eric Trias (Air
Force Institute of Technology, USA); Doug Twitchell (Illinois State University,
USA); Renier van Heerden (CSIR, Pretoria, South Africa); Kumar Vijaya (High
Court of Andhra Pradesh, India); Natarajan Vijayarangan (Tata Consultancy
Services Ltd, India); Stylianos Vidalis (Newport Business School, Newport,
UK); Kenneth Webb (Edith Cowan University, Australia); Fahad Waseem
(University of Northumbria, UK); Takahiro Yonekawa (HUB Networks, Inc.,
Tokyo, Japan); Zehai Zhou (University of Houston-Downtown, USA);
Shambhu Upadhyaya (University at Buffalo, USA,); Saripalli Ramanamurthy
(Pragati Engineering College, India,); William Acosta (University of Toledo,
United States, United States); Ernest Robinson (US Marine Corps / Air War
College, USA,); Tanya Zlateva (Boston University, USA)
ix

Biographies of Conference Chairs, Programme Chairs and
Keynote Speakers
Conference Chair
Barbara Endicott-Popovsky holds the post of Director for
the Center of Information Assurance and Cybersecurity at
the University of Washington, an NSA/DHS Center for
Academic Excellence in Information Assurance Education
and Research, Academic Director for the Masters in
Infrastructure Planning and Management in the Urban
Planning/School of Built Environments and holds an
appointment as Research Associate Professor with the Information School.
Her academic career follows a 20-year career in industry marked by
executive and consulting positions in IT architecture and project
management. Barbara earned her Ph.D. in Computer Science/Computer
Security from the University of Idaho (2007), and holds a Masters of Science
in Information Systems Engineering from Seattle Pacific University (1987), a
Masters in Business Administration from the University of Washington (1985).
Programme Chair
Volodymyr Lysenko is a graduate of the Ph.D. program
in Information Science at the Information School of the
University of Washington, Seattle. He also has a degree
in Physics. Volodymyr’s research interests are in the area
of political cyberprotests and cyberwars in the
international context."
Keynote Speakers
Kirk Bailey prior to his appointment as the first CISO for
the University of Washington in 2005, Mr. Bailey served as
the first ever CISO for the City of Seattle. His long career as
an information assurance professional has included
accountability for cyber-security programs in healthcare,
banking, financial services, local government and higher
education. In response to growing concerns by
professionals in the field regarding the troubling challenges posed by
emerging technologies, Mr. Bailey founded “The Agora” in November of 1995.
The Agora is a successful strategic association of information systems
security professionals, technical experts, researchers, and officials from the
public and private sectors.
x

Eneken Tikk-Ringas recently joined Toronto University
Munk School of International Affairs as a research fellow.
2006-2011 she worked as the legal adviser and later the
head of the legal and policy branch for the NATO
Cooperative Cyber Defence Centre of Excellence in Tallinn.
She has practiced IT&Law as an attorney and as a legal
adviser for several Estonian authorities and lectured in the
field of international law and law of armed conflict, IT&Law and cyber security
law at universities and colleges in Estonia, Sweden and the United States.
She holds her PhD from Tartu University.
Mini Track Chairs
Col Ronald C Dodge has served for over 23 years as an
Aviation officer and is a member of the Army Acquisition
Corps in the United States Army. Currently he is an Associate
Professor permanently stationed at the United States Military
Academy and the Associate Dean for Information and
Education Technology. His military assignments range from
duties in an attack helicopter battalion during Operation Just Cause in the
Republic of Panama to the United States Military Academy. Ron received his
Ph.D. from George Mason University, Fairfax, Virginia in Computer Science.
His current research focuses are information warfare, network deception,
security protocols, internet technologies, and performance planning and
capacity management. He is a frequent speaker at national and international
IA conferences and has published many papers and articles on information
assurance topics
Juan Lopez Jr is a research engineer with the Center for
Cyberspace Research at the Air Force Institute of
Technology. He conducts research in Critical Infrastructure
Protection, RFID, and EMI modeling of 4G wireless systems.
Mr. Lopez is currently pursuing a Ph.D. in Computer Science
at the Air Force Institute of Technology. His academic resume
includes a Bachelor of Science from the University of Maryland, a Master of
Science from Capitol College, and a Master of Science from the Air Force
Institute of Technology. He has performed research and worked extensively
with the Command and Control Systems School in Quantico, Virginia, SANS
Institute, Joint Task Force 6 supporting Counter Drug Operations, the G-8
Summit for President Clinton, and the Defense Information Systems Agency.
xi

Prof Daniel Ryan teaches courses in cyberlaw and
information assurance at the National Defense University.
Before entering academia, he served in the public sector as
Executive Assistant to the Director of Central Intelligence
after earlier serving as Director of Information Systems
Security for the Office of the Secretary of Defense. In the
private sector, he has served as a Corporate Vice President of Science
Applications International Corporation, and served in earlier executive roles at
Booz Allen & Hamilton, Bolt Beranek & Newman, TRW, and Hughes Aircraft
Company. He began his career as a cryptologic mathematician at the
National Security Agency.
Dr Dan Shoemaker is a professor and the Chair of the
Department of Computer and Information Systems at the
University of Detroit Mercy (UDM). He also oversees the
Information Assurance Program, a National Security
Agency (NSA) Center of Academic Excellence in
Information Assurance Education at UDM. He also serves
on the Assurance Business Case Working Group and the
Workforce Education and Training Working Group. He founded the
International Cybersecurity Education Coalition (ICSEC), connecting higher
education institutions located in Michigan, Ohio, and Indiana. ICSEC’s
mission is to exceed and support the teaching of standard information
assurance curricula within the Midwest. Dan is currently Co-Chair of the
Software Assurance Training and Education working group at DHS. His two
books on cybersecurity are used in colleges across the country and he writes
extensively about cybersecurity.
Dr. Natarajan Vijayarangan is a senior scientist at Tata
Consultancy Services. He obtained his Ph.D (Mathematics) in
the year of 2001 at RIASM, University of Madras, India. He has
received 'Best Research Paper Award' of Ramanujan
Mathematical Society in 2000. He has published patents,
papers and books in the fields of Information Security, Mobile
computing and Applied Mathematics. He has participated in NIST SHA-3
competition and received 'AIP Anchor Award' from TCS for his contribution on
Academia Industry relationship. He also received Distinguished Lecture
Award 2010 from Los Andes University, Venezuela and TCS Patent
Champion 2010 award. He contributed to Record Holders Republic by
showing 660 ft long Indian national flag with a concept of Real Number
System. He is an active member of ICIW and ECIW.
xii

Biographies of contributing authors (in alphabetical order)
Norah Abokhodair is a PhD student in UW’s Information School. Her
research interests focus on information security in regards to emerging
technologies. Joined University of Washington (2009) from Saudi Arabis as a
Fulbright scholar. Recently received Master degree in information
management from the iSchool.
Hira Agrawal is a senior scientist at Telcordia Technologies. He has over
twenty years of R&D experience in software engineering and automation
field. He is currently leading two U.S. Army CERDEC projects on detecting
developer-inserted malicious code and automated malware abstraction
analysis. He received his Ph.D. in computer science from Purdue University.
Dr Leigh Armistead is the President of Peregrine Technical Solutions, which
focuses on IO and IA opportunities. Master Faculty at the JFSC, he received
his PhD from Edith Cowan University, serves as a Co-Editor for the Journal of
International Warfare, and wrote nine books, 18 journal articles, and served
as a Chairman for numerous conferences.
Major Kris Barcomb is a student in the School of Advanced Air and Space
Studies at Maxwell AFB. He is a Developmental Engineer and Operator for
the US Air Force. His assignments span spacelift, satellite operations,
systems acquisition, and R&D. He has an M.S. in Cyber Warfare from the Air
Force Institute of Technology.
Igor Bernik PhD.is an Assistant Professor of Information Sciences and the
head of Information Security department at the Faculty of Criminal Justice
and Security, University of Maribor, Slovenia. His research fields are
information system, information security and growing requirement for
information security awareness.
Lt Col David Bibighaus is the Deputy Department Head for the Computer
Science Department at the Air Force Academy. He holds a PhD in Computer
Science from the Naval Post Graduate School. He has served as the Chief of
the Cyber Defense Branch at AFRL and as a Crew Commander for the
AFCERT.
Martin Blaha . 1994 – 2001 Grammar school, branch of study: humane
branch. 2001 - 2004 .Military College of Ground Forces in Vyškov (bachelor),
branch of study: commander of artillery unit. 2004 – 2006, University of
Defence (engineer), branch of study: commander of artillery unit. 2008 –
2010, Police Academy in Prague (master), branch of study: safety laws and
studies. 2006 – present University of defence (PhD.), Distance version:
economics and management
xiii

Major Lincoln Bonner is an airpower strategist in the Chief of Staff of the Air
Force’s Strategic Studies Group. He is a graduate of M.I.T. and the School of
Advanced Air and Space Studies. He is an Air University PhD candidate in
Military Strategy, and his dissertation focuses on cyberpower in military and
national strategy.
Larisa Breton is a Strategic Communication practitioner and theoretician with
COCOM, NATO, and other program experience. Her work has been
published in The Small Wars Journal and Mountainrunner.us. She has Guest
Lectured at the JFK School for Special Operations at Fort Bragg. She is
adjunct faculty at the University of the District of Columbia.
Stephen Buerle is an Assistant Professor in the School of Computer Science
and Mathematics at Marist College where he teaches courses in information
assurance, software engineering, and networking. Currently he is a PhD
student at the State University of New York, Albany specializing in
Information Assurance. In addition, Mr. Buerle maintains CISSP and CISM
certifications.
Ivan Burke is a Msc student in the department of Computer Science at the
University of Pretoria, South Africa. He also works full time at the Council of
Scientific and Industrial Research South Africa in the department of Defense
Peace Safety and Security,where he works within the Command, Control and
Information Warfare research group
Henry Bushey received his B.S. in Electrical Engineering from the University
of Texas, San Antonio, in 2007. Henry is an active duty officer of the United
States Air Force and is pursuing a M.S. in Graduate Cyber Operations at the
Air Force Institute of Technology in Ohio.
Grace Chileshe holds a Bachelor of Engineering degree in Computer
Engineering obtained from the University of Pretoria. She is currently
pursuing an Honours degree in Software Engineering at the same institute.
She is currently employed at Powertech IST in Pretoria as an Asset
management consultant.
Marcela Izabela Ciopa graduated the Faculty of Physics and the Faculty of
Economic Sciences, with a master in business projects. At present she is
professor, in the technologies department of the College “V. Madgearu” of
Bucharest and she attends doctoral courses at the Management Department
of the Academy of Economic Studies of Bucharest, from Romania.
Zama Dlamini studied both her undergraduate and honours in Computer
Science, from University of Zululand, South Africa. She is currently pursuing
her MSc in Network Forensics with the University of Pretoria; and also work
xiv

for CSIR-DPSS (Cyber Defence Research Group) as Cyber Security
Specialist and Researcher, since 2008 to date.
Dr. James Graham is Chair of Electrical and Computer Engineering at the
University of Louisville. He received his Bachelor’s Degree from the Rose-
Hulman Institute of Technology, and the M.S. and Ph.D. in Electrical
Engineering from Purdue University. His research interests involve
information security, algorithms for computational science, intelligent
systems, computer simulation, and intelligent energy systems.
Tim Grant is the Professor in Operational ICT & Communications at the
Netherlands Defence Academy. Tim has a BSc in Aeronautical Engineering
(Bristol University), a Masters-level Defence Fellowship (Brunel University),
and a PhD in Artificial Intelligence (Maastricht University). Tim's research
spans the interplay between operational needs and ICT capabilities in
network-enabled Command & Control systems.
Virginia Greiman is an Assistant Professor at Boston University in
international law, cybercrime and regulation and project management and an
affiliated faculty member at the Harvard Kennedy School in cybertrafficking.
She has more than 20 years of experience in international development and
legal reform and has held high level appointments with the U.S. Department
of Justice.
Dwight Haworth received his B.S. degree from the United States, Air Force
Academy, CO, in 1963. He retired from the United States Air Force in 1981.
He received his Ph.D. in Management Information Systems from Texas Tech
University, Lubbock, TX, in 1990. His research interests are information
assurance and systems development and performance.
Jeffrey Hieb, Ph.D. is an Assistant Professor with the Department of
Engineering Fundamentals. Dr. Hieb teaches Engineering Analysis and
Introduction to Engineering. His research interests include: computer
security, cyber-security for industrial control systems, microkernel based
operating systems and the use of technology in engineering education.
Keisuke Iwai completed the doctoral program in Department of C.S., Keio
University in 1998 and fulfilled credit requirement in 2001. He holds a D.Eng.
degree. He is now a research associate in the Department of C.S., National
Defense Academy of Japan. He is engaged in research on automatic parallel
compilers and multi-processor systems.
Abiud Jimenez is a senior RF engineer with Dynetics, Inc,, focusing on
wireless communications attacks as a developing world adversary. This
includes designing and building small portable RF jammers, amplifiers and
xv

antennas, using commercial components to defeat R&D systems. Mr.
Jimenez holds a bachelor degree in EE and a master of science in systems
engineering.
Takakazu Kurokawa received his B.S. degree from the Department of E.E,
Keio University, in 1983 and completed the doctoral program in 1988. He
holds a D.Eng. Degree. He is now a professor in the Department of C.S.,
National Defense Academy of Japan. He is engaged in research on
dedicated computers, cryptography.
Michael Kraft, CSC, Inc. Joint Information Operations Warfare Center
(JIOWC). For the last ten years Mr. Kraft has been deeply involved with
network security stemming from his time working as an analyst at the Air
Force Computer Emergency Response Team (AFCERT). Mr. Kraft is a
Certified Information Systems Security Professional (CISSP).
Captain Robert Larkin, USAF, has a BS Computer Science and BS
Computer Engineering Technology from Central Washington University. He is
working towards a Masters in Cyber Operations at the Air Force Institute of
Technology. His research examines the effects of deploying a Host-Based
IDS to a Fuels Management SCADA system.
Chun-Jung Lee received the B.S. degree in information engineering and
computer science from Feng Chia University, Taiwan in 2010. He is currently
working toward the M.S. degree from the Department of Information
Engineering and Computer Science. He current research interests include
CAPTCHA, cryptography, digital watermark, e-commerce security, and
network security.
Shirin Manafi got her bachelor’s in biomedical engineering. Also she has
studied in medicine and textile engineering for some years. Her primary
specialization is biometrics and security measures using human
characteristics. Additionally, her secondary specialization is in image
processing methods both in bioelectrics and biomechanics. Now she is
working as a R&D specialist for 2 renowned medical equipment companies in
Iran.
Sayonnha Mandal is from Kolkata, India. She has completed her Bachelors
in Electronics and Communications from B.P. Poddar Institute of
Management and Technology in India. She is currently pursuing her Masters
degree in Telecommunication Engineering at the University of Oklahoma. Her
research topic is the field of Quantum cryptography and Quantum Key
Distribution.
xvi

John McCarthy PhD, B.Sc. (hons) MBCS. John is the founder of LeadSure.
John is highly entrepreneurial in nature and runs several IT companies. His
background is in Internet Technology. He has spoken at major IT conferences
around the world on the opportunities e-business can present to SME's..
Dr. Jeffrey "Todd" McDonald is an Assistant Professor of Computer
Science in the School of Information Sciences at the University of Alabama.
He received his Ph.D. in computer science from Florida State University,
Tallahassee, FL, 2006. He served over 21 years as a communicationsinformation/cyberspace
operations officer in the U.S. Air Force specializing in
cyber systems defense, research, and education.
Dr. Robert Mills is an Associate Professor of Electrical Engineering and
member of the Center for Cyberspace Research at the Air Force Institute of
Technology, Wright-Patterson AFB OH. He teaches and conducts research in
network security, electronic warfare, cyberspace operations and warfare, and
systems engineering.
Srinivas Mukkamala is a senior research scientist with ICASA (Institute for
Complex Additive Systems Analysis), Adjunct Faculty of the Computer
Science Department of New Mexico Tech, and a co-founder and managing
partner of CAaNES LLC. He has over 100 peer reviewed publications and is
a frequent speaker on information assurance in conferences and tutorials.
Thuy Nguyen is a senior researcher of Computer Science at the Naval
Postgraduate School. She has 25+ years of experience in multilevel security
(MLS) research and development. Her research interests include high
assurance software and systems, secure collaborative applications, cloud
computing security, security evaluation and certification, and information
systems security engineering.
Naoki Nishikawa received his Master degree from the Department of C.S.,
National Defense Academy of Japan, in 2010. From 2010 to 2011, he was
affiliated with the Technical Research & Development Institute. He is now a
Ph.D student at National Defense Academy. He is interested in GPGPU and
its application, cryptography, and SIMD processing.
Dr. Christopher Paul is a Social Scientist at RAND. Prior to joining RAND
full-time in July of 2002, he worked at RAND as adjunct staff for six years.
Chris received his Ph.D. in sociology from UCLA in 2001. Current research
interests include strategic communication, information operations, and
counterinsurgency.
Teresa Pereira is currently an assistant lecturer at the School of Business
Studies of Polytechnic Institute of Viana do Castelo. She is also a Ph.D
xvii

student at University of Minho. Teresa research interests include Semantic
Web, Information Security Management and Ontologies.
Christopher Perr is currently a PhD student at Auburn University, and a
research assistant for the Cyber Research Center. He is studying Industrial
and Systems Engineering, his current research topics include intelligent
decision making and secure systems design for small UAVs, as well as
information security and digital forensics. B.S. in Computer Science from the
U.S. Air Force Academy, and a M.S. in Software Engineering for Auburn
University.
Kaja Prislan is a post-graduate student at University of Maribor, Faculty of
criminal justice and security, Slovenia. She is specializing in a field of
information security and analyzing modern cyber threats, such as cyber
terrorism and information warfare.
David Rohret, CSC, Inc. Joint Information Operations Warfare Center
(JIOWC). He has pursued network security interests to include developing
and vetting exploits for use on established red teams and adversarial
research. He holds degrees in CS from the University of Iowa and La Salle
University. David is a member of IEEE Computer Society and is currently a
Senior Principal Engineer for CSC, Inc.
Henrique Santos received his first degree in Electric and Electronic
Engineering, by the University of Coimbra, Portugal, in 1984. In 1996 he got
his PhD in Computer Engineering, at the University of the Minho, Portugal.
Currently he is an Associate Professor at the University of Minho. He can be
contacted at: hsantos@dsi.uminho.pt.
Harrison Schramm, Commander, U.S. Navy, is a military instructor in the
Operations Research Department of the Naval Postgraduate School. His
previous assignments include duty as an analyst at the Navy’s risk
assessment division. His research interests include military applications of
Operations Research, and the intersection of OR and Cyber issues.
Dino Schweitzer currently serves as the Director of the Academy Center for
Cyberspace Research at the United States Air Force Academy. He is a longtime
Computer Science educator and researcher whose interests include
computer graphics, visualization, computer science education, and computer
security. He resides in the mountains of Colorado.
Prof. George Stein, joined the faculty of the Air War College in 1991 and is
currently with the USAF Center for Strategy & Technology at Air University.
Dr. Stein writes and teaches courses on Information Operations and Info-
War, Classic Chinese Strategic Thought, and future strategies.
xviii

Renier van Heerden is a senior researcher at Council for Scientific and
Industrial Research (CSIR) in Pretoria, South Africa in the field of Information
Warfare and Cyber Defence. Prior to joining the CSIR he worked as a
software engineer in advanced optics applications for South African based
Denel Optronics and as a Lecturer at the University of Pretoria.Holds a
degree in Electronic Engineering and a Masters in Computer Engi
Joey Jansen van Vuuren is the Research Group Leader for Cyber Defence
at the CSIR, South Africa. This research group is mainly involved in research
for the SANDF and Government sectors. Her research is focused around
national security and the analysis of Cyber threads using non quantitative
modelling techniques. She is also actively involved in facilitating Cyber
awareness programs in South Africa
Nagadivya Veldanda. Is from Andhra Pradesh, India. Nagadivya completed
their Bachelors in Electronics and Communications Engineering from
Jawaharlal Nehru Technological Universityin India. Currently, they are doing
their Masters degree in Telecommunications Engineering at the University of
Oklahoma. Research in Long Term Evolution (LTE) area.
Avinash Vijayarangan is a student at BVM Global @ Bollineni in Chennai,
India. He participated in the National Maths Talent event 2010-11 organised
by the Tamilnadu Science Foundation whereh he developed an innovative
concept of a longest Mathematical flag.
Justin Willmann is an RF engineer with the JIOWC Vulnerability
Assessment Team, focusing on communications analysis and attacks using a
developing-world adversarial approach. This involves testing, evaluating, and
adapting wireless systems via modeling, experiments, and field exercises.
Justin has a bachelorette of science degree in EE and is pursuing a master of
science in EE.
Dr Jannie Zaaiman is the Deputy Vice Chancellor: Operations of the
University of Venda in the Limpopo Province, South Africa.. He is a change
management consultant and has delivered many peer reviewed papers
internationally and is a regular guest lecturer in Zambia and in Russia. His
area of research is cyber security awareness especially in rural areas of
South Africa.
xix

Detecting Hidden Logic Bombs in Critical Infrastructure
Software
Hira Agrawal 1 , James Alberi 1 , Lisa Bahler 1 , Josephine Micallef 1 ,
Alexandr Virodov 1 , Mark Magenheimer 2 , Shane Snyder 2 , Vidroha
Debroy 3 and Eric Wong 3
1
Telcordia Technologies, Piscataway, USA
2
US Army CERDEC, Information Assurance Division, Aberdeen
Prooving Ground, USA
3
The University of Texas at Dallas, Department of Computer Science,
Richardson, USA
Abstract: Malicious developers can easily add undocumented “features”
including logic bombs, backdoors, and Trojan horses to the software they
create. These hidden features may then be exploited for malicious purposes
after the system is deployed in the field. Presence of such deliberately
inserted malicious code in critical infrastructure software poses great risks to
their security and integrity. Current malware detection tools and techniques,
however, fail to address this serious threat. In this paper, we present a
program analysis centered testing and inspection technique and an
accompanying tool for detection and remediation of such attacks before their
host applications are deployed in the field.
Keywords: insider malware threats, logic bombs, backdoors, Trojan horses,
white-box testing, coverage analysis
The Development of IO / IW Curriculums in the United States: A
Review of Current Efforts and a Case Study From Norwich
University
Edwin Leigh Armistead
Edith Cowen University, Perth, Australia
Abstract: The development of Information Warfare (IW) and Information
Operations (IO) courses and curriculums in the United States over the last 20
years, has been uneven at best. While the four military services and
Department of Defense institutes have all stood up a variety of classes,
progress in civilian universities has been more sporadic. In this paper, the
authors will trace the history of IW / IO training and education as well the
some of the current classes that are available. While the military forces are
growing a cadre of Information and Cyber Warriors, the same cannot be said
of commercial industry. Many of the offensive portions of these warfare areas,
are considered criminal offenses if conducted against industrial activities. So
1

while there is definitely a huge emphasis, and rightly so, on the defensive
side of IW and IO, many colleges and universities are obviously reluctant to
advocate or teach actions which could tread the legal boundary of proprietary
actions. Likewise, as far as developing an academic theory for IO and IW, the
author also strived to examine possible options, yet the standard has been
set, and the benchmark is high, for these new views of information flow must
be understood and respected. In fact, the percentage of overall access and
connectivity to the internet are on the verge of exploding as the combination
of cellular technology and cheaper interface devices proliferate. The
traditional central concepts of power in the form of national resources, and
the need to convert those resources into power and instruments of power, are
solely but surely a key point of the last few pages as different academics
have added and changed the common views of power. In addition, since IW
as an academic study area crosses many issue lines, the development of
suitable theoretical constructs has not always been easy with respect to
power and information. A case study of the efforts at Norwich University to
develop a minor in IO is addressed in this paper, as well as the call for
standardization in the curriculum of IW classes in the United States. The
paper ends with recommendations for a way forward and a conclusion.
Keywords: information warfare, information operations, education, training,
curriculum
Establishing Cyberspace Sovereignty
Kris Barcomb, Dennis Krill, Robert Mills and Michael Saville
Air Force Institute of Technology, Wright-Patterson AFB, USA
Abstract: International norms governing appropriate conduct in cyberspace
are immature, leaving politicians, diplomats, and military authorities to grapple
with the challenges of defending against and executing hostilities in
cyberspace. Cyberspace is unlike the traditional physical domains where
actions occur at specific geographic places and times. Rules governing
conduct in the traditional domains emerged over centuries and share a
common understanding of sovereignty that helps establish and justify the use
of force. In cyberspace, sovereignty is a more abstract notion because the
geographic boundaries are often difficult to define as data and applications
increasingly reside in a virtual, global “cloud.” This paper proposes a
construct for establishing sovereignty in cyberspace by studying similarities
between space and cyberspace. The characteristics of the space domain
challenged traditional notions of sovereignty based on geography. As nations
deployed space-based capabilities, the concept of sovereignty needed to
mature to deal with the physical realities of space. Sovereignty is defined, and
2

general requirements for claiming sovereignty are presented. The evolution of
sovereignty in space is then discussed, followed by a construct for how
sovereignty could be defined in cyberspace. The paper concludes with a brief
discussion on how military doctrine offers useful insights into how nations
may choose to assert sovereignty within these domains.
Keywords: cyberspace, space, sovereignty, critical infrastructure
Study of the Perception of Cyber Threats and the Fear of
Cybercrime
Igor Bernik and Gorazd Mesko
Faculty of Criminal Justice and Security, University of Maribor,
Ljubljana, Slovenia
Abstract: The Slovenian perspective on the comprehension and public
attitudes towards cyber threats and cybercrime is presented. Considering that
access to information technology and the Internet is ubiquitous, cyberspace
has become a wide area which can be exploited through various criminal
activities. As the number of users grows, so do the incidences of cybercrime.
Regrettably, users of information technology and the Internet know too little
about the dangers in cyberspace and protective measures to maximize
security as well as about legislation about cybercrime. In order to accurately
gauge the knowledge of the average internet user, we conducted a survey
which was posted on the Internet in spring 2011, is the basis for an
examination of the perception of cybercrime and an attempt to make sense of
the fear of it.The results of the survey are described.The statistical analysis of
the questionnaire results show, how users perceive cybercrime. We can see
that respondents are relative well informed about cybercrime, but
predominantly about incidences exposed in the media. As we know, cyber
threats under the media spotlight are not necessarily examples of the
greatest threats to users, but they do increase their fear of cybercrime. On the
basis of theory and the results of our research, we present the main
guidelines that can, if adhered to, minimize security risks in cyberspace.
These guidelines can help increase awareness of cyber threats and are a
source of information on how to safely interact in cyberspace. Users who are
more aware of the risks in cyberspace and know how to deal with them are
less afraid of becoming victims of cybercrime. The insights acquired in our
research are useful for all cyberspace users and have practical value as they
can be used for further study of cybercrime.
Keywords: cybercrime, cyber threats, legal issues, internet study, Slovenia
3

Effectively Teaching Cyber Warfare to a Non-Technical
Audience
David Bibighaus, David Gibson, Martin Carlisle, David Merritt, Jeff
Boleng and James Maher
United States Air Force Academy, Colorado Springs, USA
Abstract: This paper describes the Air Force Academy’s Basic Cyber training
program introduced in the summer of 2011. What makes this course unique is
that it is specifically designed to provide a motivational hands-on introduction
to cyber warfare to rising sophomores of any major. In addition, this course
was designed to be taught by student instructors with faculty oversight. It was
designed for a 60 contact-hour laboratory format to students who had only a
basic understanding of computers. This course was then given to 83 students
in 6 offerings from May through July of 2011. We outline the development of
this course, including the topics covered and the resources necessary,for
accomplishment. We discuss the student leader background, training, and
performance in the classroom. We also examine the results of the course by
looking at student feedback and their performance in a capstone scenario.
Finally, we outline the lessons learned from this first offering and how we
intend to improve the course for future offerings.
Keywords: education, training, cyberspace, warfare, information
Decision-Making by Effective C2I System
Martin Blaha and Kateřina Brabcová
University of Defence, Brno, Czech Republic
Abstract: The Czech Republic, as a member of international organizations
(NATO, EU, UNO), with respect to current global security environment,
employs the units of the army both at its own state territory and outside the
Czech Republic in multinational forces operations. The article focuses on
decision-making process of future Automated Command, Control, and
Information system (C2I) in conditions of the Army of the Czech Republic.
The issue of automated command, control, and information systems is of high
importance in the solving of asymmetrical operations tasks today and in the
upcoming future. Define the basic resources for creation of future
sophisticated Automated Artillery Fire Support Control System of NATO
standards in Network Enabled Capabilities (NEC) conditions. The authors
define ground for designing a new and by the Army of the Czech Republic
required sophisticated Automated Fire Support Control System of Artillery
meeting NATO standards in Network Enabled Capabilities (NEC) conditions.
4

SWOT analysis, based on critical review of C2I currently used in the Army of
the Czech Republic, is used as a scientific method to define both strong and
weakly sides, and opportunities and threats of the issues connected with
automation of that decision-making process. Final assessment of the
particular requirements is determined by multi-criteria analysis. It contains
derivation, definition and reasoning of data which are essential for the
effective artillery fire. The article represents section of a huge defensive
research project of Ministry of Defence of the Czech Republic and the Army
of the Czech Republic solved by leading scientists of the University of
Defence in Brno.
Keywords: decision-making process; command, control, and information
system; C2I; artillery
Virtual NonState Actors as Clausewitzian Centers of Gravity:
An Examination for Sensemaking, Elaboration and Discussion
Larisa Breton
The University of the District of Columbia, Washington, D.C., USA
Abstract: Against traditional interpretations of Clausewitzian centers of
gravity, we seek to examine the characteristics and behaviors of NonState
Actors (NSAs) who operate in the virtual realm. These NSAs, such as leakeddocuments
repository Wikileaks, hacker group Anonymous, public-statements
platform Twitter, and multinational corporations such as Google, create
centers of gravity in cyberspace that may affect the entire political spectrum
from diplomacy to kinetic warfare. Their aims may be disparate, but ‘virtual
NSAs’ (VNSAs) increasingly affect the geopolitical battlespace. More
specifically, we seek to examine the ways in which these VNSAs create
spheres of influence, manipulate the public and the public sector, and are
forming a hardened constraints-set for strategic and operational planning.
Famously, many VNSAs are unaligned with geopolitical entities. How, then,
may they be considered? What are some functional categories that may be
applied to the creation of taxonomy when examining VNSAs? This paper is a
qualitative examination, which is to say that it is not the examination of the
less-tangible characteristics of a dataset in a Cartesian analysis. This paper
attempts to examine the qualities of VNSAs themselves so that Center of
Gravity (COG) analysis, when it is relevant, may be accurately applied.
Keywords: clausewitz, virtual nonstate actors, nonstate actors, wikileaks,
twitter, google, nonkinetic warfare, cyber, cyberwar, net-enabled warfare,
center of gravity, qualitative analysis
5

BioONT: Improving Knowledge Organization and
Representation in the Domain of Biometric Authentication
Stephen Buerle
Computer and Information Science Department, State University of New
York at Albany, USA
Abstract: This paper explores some of the fundamental challenges facing the
information assurance community as it relates to knowledge categorization,
organization and representation within the field of information security and
more specifically within the domain of biometric authentication. BioONT, a
biometric authentication ontology prototype, explores the use of automated
ontological engineering, corpus analysis and natural language processes
techniques in the development of this ontological framework. One of the
primary objectives for this research is to establish an empirically derived
ontological prototype which promotes continued research into the domain by
aiding the information assurance community in understanding the
fundamental ontological structure of the field of biometric authentication. In
doing so this research intends to improve our understanding of underlying
concepts, attributes and inter-dependencies within the domain, integrate
disparate biometric authentication theories and clarify theoretical and
conceptual inconsistencies within the domain. This research may in turn
improve reasoning, the systems design process and improve risk
management practices in the deployment and integration of such
technologies in both industry and the government.
Keywords: biometrics, biometric authentication, ontology engineering,
natural language processing, knowledge organization and representation
Fairness of Trust Based Mobile ad hoc Network Protocols
Ivan Daniel Burke 1 and Martin Olivier 2
1 Defence, Peace, Safety and Security, Council for Scientific and
Industrial Research, Pretoria, South Africa
2 Information and Computer Security Architecture Research Group,
Computer Science Department, University of Pretoria, South Africa
Abstract: A Mobile Ad hoc Network (MANET) consists out of a collection of
mobile nodes capable of sending and/or receiving wireless communications.
MANETs are generally unstructured networks with no centralized
administration. MANETs use routing algorithms to establish routes among
nodes. This unstructured nature presents the opportunity for misbehaviour
among nodes. Trust based MANET routing protocols have been developed to
6

counteract malicious behaviour, in an effort to establish fair node behaviour.
Recent research has shown that the trust protocols themselves introduce
unfair behaviour among nodes. In this paper we look at the current advances
in attempts to improve fairness of e-trading trust systems, to improve the fair
judgement of e-traders. We then aim to illustrate the similarities among the
weakness of e-trading algorithms with those proposed for trust based MANET
protocols. Finally we propose an improvement of the current Trust based Ad
hoc On-demand Distance Vector routing algorithm (TAODV) protocol to factor
in all the lessons learned from e-trading algorithms. The newly proposed
algorithm will be compared to the existing trust algorithms in three very
simplistic scenarios specifically setup to evaluate fair node behaviour. In this
paper we specifically do not address the viability of cryptography as a means
to insure trust within the network, due to the high computational constraint of
encryption and the constraints imposed by relying on a third party certificate
body.
Keywords: mobile ad hoc networks; trust; fairness; e-trade
Attribution of Drive-by Downloads Involved in Osama’s Death
Malware Campaign
Manoj Cherukuri 1 and Srinivas Mukkamala 2
1 Institute for Complex Additive Systems and Analysis (ICASA), New
Mexico Institute of Mining and Technology, Socorro, New Mexico, USA
2 Computational Analysis and Network Enterprise Solutions (CAaNES
LLC), New Mexico Institute of Mining and Technology, Socorro, New
Mexico, USA
Abstract: Adversaries host drive-by downloads on the legitimate websites by
taking advantage of the vulnerabilities in web servers and web applications.
In this paper, we analyze the spread of malware based on an event with huge
crowd attention, the news of Osama Bin Laden’s death. We performed
similarity analysis on the malware samples collected in the campaign of the
Osama Bin Laden’s death, known most lethal malware, and widely known
banking Trojans to analyze the relationship of these samples. We performed
meta-searches to access the websites related to the targeted event and
identified the malicious websites by validating using the Google Safe
Browsing. We performed web crawling, link analysis and link visualization
using geo location tools on the identified malicious webpages to assess the
characteristics of the cyber-incident. We correlated the geographical location
of the hosted malicious webpages with the number of tweets originated from
a geographical location to identify the trends that the attackers follow in
targeting the legitimate websites. We crawled all the malicious webpages
7

eported in the month of May, 2011 and performed dynamic content
extraction. We performed topic modeling on the extracted content and
depicted the topics that the attackers targeted during May, 2011. In this
paper, we present the attack vectors chosen by the attackers for targeting the
legitimate websites and the malware that spread based on the campaign of
the Osama Bin Laden’s death were similar to the previously known malwares.
Keywords: attribution, malicious websites, malware topic trends, topic based
attacks
SCADA Systems in South Africa and Their Vulnerabilities
Grace Chileshe and Renier van Heerden
University Of Pretoria, South Africa
Abstract: Presented in this paper are several examples of Supervisory
Control and Data Acquisition (SCADA) systems in use in South Africa and
their vulnerabilities. These systems control and monitor critical infrastructure
such as transportation, power plants and water treatment amongst
others.They are however prone to several vulnerabilities that an intruder can
exploit. An attack on these systems could lead to a devastating catastrophe
such as a nationwide power blackout or a supply of water that is not properly
treated. South Africa is no exception to these vulnerabilities. The probability
of an attack on the SCADA systems in South Africa is immensely increased
by the potential effect that affirmative action might have on employees being
replaced by this policy. Hence the security and vulnerabilities of these
systems needs to be addressed and investigated further.
Keywords: SCADA systems, vulnerabilities, threats, South Africa, cyber
attacks, terrorists
Cyber Security Awareness Initiatives in South Africa: A
Synergy Approach
Zama Dlamini and Mapule Modise
Command and Control and Information Warfare, DPSS and CSIR,
Pretoria, South Africa
Abstract: Technological advances have changed the manner in which
ordinary citizens conduct their daily activities. Many of these activities are
carried out over the Internet. These include filling tax returns, online banking,
job searching and general socialising. Increased bandwidth and proliferation
of mobile phones with access to Internet in South Africa imply increased
8

access to Internet by the South African population. Such massive increased
in access to Internet increases vulnerabilities to cyber crime and attacks and
threatens the national security. As a result, South Africa remains one of top
three countries that are targeted by phishing attacks, the other two are the US
and the UK (RSA, 2011). As a response, various entities engage in cyber
security awareness initiatieves and trainings with the aim to create cyber
security awareness (CSA) among the citizens of South Africa. In the absence
of a national cyber security policy, however, these awareness initiatives and
programmes are delivered through a variety of independent mechanisms.
Various entities engage in cyber security awareness training each with its
specific objectives and focus areas. It is argued in this paper that cyber
security is complex and multi-faceted. No single solution can effectively
address it. While the current means to create cyber security awareness does
make impact, the fragmented and uncoordinated nature thereof have a
potential to create its own dynamics. The focus of organisations to deliver on
their own objectives translates to some extent into the optimisation of the
behaviour of individual entities as opposed to the optimisation of the national
cyber security awareness as a whole. This paper evaluates the extent to
which the current cyber security awareness initiatives address the cyber
security threats and risks. The assessment is based on the initiatives
objectives, alignment of the programme to the cyber threats, and the target
audience.
Keywords: national security, cyber security awareness, cyber fraud,
cybercrime, cyber threats
Comparing Models of Offensive Cyber Operations
Tim Grant 1 , Ivan Burke 2 and Renier van Heerden 2
1
Faculty of Military Sciences, Netherlands Defence Academy (NLDA),
Breda, The Netherlands
2
Defence Peace Safety and Security department, Council for Scientific
and Industrial Research (CSIR), Pretoria, South Africa
Abstract: Cyber operations denote the response of governments and
organisations to cyber crime, terrorism, and warfare. To date, cyber
operations have been primarily defensive, with the attackers seemingly
having the initiative. Over the past three years, several nations (e.g. USA,
UK, France, The Netherlands) and NATO have published cyber security
strategies emphasising national and international collaboration. Many
strategies call for the establishment of a Cyber Security Operations Centre,
as well as for a better understanding of attacks. In the scientific literature, Lin
(2009) and Denning and Denning (2010) have argued that offensive cyber
9

operations deserve a more open discussion than they have received to date.
Research into cyber attacks would improve the scientific understanding of
how attackers work, why they choose particular targets, and what tools and
technologies they employ. This improved understanding could then be used
to implement better defences. Moreover, research would enable governments
and other organizations to take offensive action where justified against
adversaries, whether these be criminals, terrorists, or enemies. This could
include responding to an (impending) attack by counter-attacking or by
proactively neutralizing the source of an impending attack. A good starting
point to improving understanding would be to model the offensive cyber
operations process. The purpose of this paper is to find, formalise, and
compare models of the offensive cyber operations process available in the
open scientific literature. Seven models were sufficiently well described for
formalisation using Structured Analysis and Design Technique (SADT)
notation. Finally, a canonical model has been constructed by rational
reconstruction. Although the model has not yet been tested, it has been
reviewed by subject matter experts. The paper describes the search
methodology, the SADT analysis, the shortcomings of each model, rational
reconstruction, and the canonical model. Further work will include elaborating
the canonical model to identify the resources needed to set up a Cyber
Security Operations Centre with offensive capabilities and to cross-compare
the model with the literature on attack ontologies.
Keywords: offensive cyber operations; process model; rational
reconstruction; canonical model; formalisation; SADT
Protecting Health Information Privacy and Safety on the
Internet: United States eHealth Systems and Legal
Perspectives
Virginia Greiman, Tanya Zlateva, and Lou Chitkushev
Boston University, Boston, USA
Abstract: This paper focuses on the emerging security issues in the United
States under the new 2009 Health Information Technology for Economic and
Clinical Health (HITECH) Act. To develop a reliable security model, privacy
rights and security for eHealth must be integrated into a comprehensive legal
and security framework that addresses the rights and obligations of the
healthcare provider, including physicians, hospitals and healthcare
enterprises, the patient, medical and cybersecurity researchers, and Internet
service providers. Both Congress and the Executive Branch are aware of the
need to integrate privacy into cybersecurity policy. Further collaborative
research across federal and state government agencies, industry and
10

academia is crucial to the development of security models that will not only
protect individual rights, but will meet the future challenges essential to the
delivery of exceptional medical and healthcare treatment. This paper
provides: (1) an overview of the legal environment of eHealth; (2) the main
mechanisms used for data protection; and (3) a comparative analysis of their
advantages and limitations for implementation in distributed healthcare IT
systems.
Keywords: healthcare laws, healthcare regulations, patient privacy, patient
safety, genetic databases, electronic medical records, healthcare IT
Security Preprocessor for Industrial Control Networks
Jeffrey Hieb, James Graham, Jacob Schreiver and Kyle Moss
Intelligent Systems Research Laboratory, University of Louisville, USA
Abstract: Much of our industrial infrastructure remains vulnerable to
electronic intrusions from cybercriminals, hactivists and nation states, despite
increased awareness and efforts to improve cyber-security for these
resources. In the chemical and water sectors, this problem is exacerbated by
the prevalence of legacy systems, some of which are twenty to thirty years
old. This paper presents an overview of a security preprocessor architecture,
which can be used in an add-on mode to enforce security constraints in front
of the field devices controlling physical actuators. A prototype of this device
has been implemented, and initial testing indicates minimal impact on the
operations of control system in chemical and water treatment applications.
Keywords: critical infrastructure, industrial control systems, cyber-security,
SCADA
The Influence of Cyber Security Levels of South African
Citizens on National Security
Joey Jansen van Vuuren 1 , Marthie Grobler 1 and Jannie Zaaiman 2
1 Council for Scientific and Industrial Research, South Africa
2 University of Venda, South Africa
Abstract: In South Africa, cyber security has been identified as a critical
component contributing towards National Security. More rural communities
are becoming integrated into the global village due to increased hardware
and software corporate donations, the proliferation of mobile Internet devices
and government programs aimed at bridging the digital divide through major
broadband expansion projects. These measures facilitate the rapid growth of
11

South African Internet citizens, both through desktop or laptop computers,
iPads and mobile phones. Comprehensive research conducted by the
authors show that many of the new Internet users are not aptly trained to
protect themselves against online threats, leaving them vulnerable to online
exploits and inherently exposing the national system to potential international
cyber attacks. It is estimated that mobile phone penetration in South Africa is
about 98%. In addition, it is suggested that 39% of urban and 27% of rural
South Africans are browsing the Internet from their mobile phones Mobile
phone penetration statistics are used in correlation with the economic
development and exposure to technological advances of South Africans to
classify participants in the survey in three groups: urban netizens, semi-rural
netizens and rural netizens. South African citizens from areas within the
Gauteng, Limpopo and Mpumalanga provinces participated in this study. This
article works towards the identification of any correlation between the
economic development and mobile use propensity of Internet users with
regard to National Security. The classification is based on availability of digital
amenities, availability of and access to the Internet, the number of users per
computer and the level of computer maintenance. Separate from these
criteria, the availability of and access to the Internet via mobile phones has
also been taken into consideration. The article uses the results from the
surveys to identify direct and indirect links between the factors in question.
These results are then used to extrapolate the potential threat factor to
National Security based on South Africans’ cyber security awareness levels.
As part of a larger research study, the participants completed surveys
regarding their exposure to technology and their responses to presented
cyber scenarios.
Keywords: cyber security, awareness, security threat analysis rural
communities, South Africa, national security, broadband access
A Targeted Wireless Denial of Service Attack: Deauth or not to
Deauth, That is the Question
Michael Kraft and Jonathan Holston
Joint Information Operations Warfare Center (JIOWC) Texas, USA
Abstract: When one thinks of a denial of service attack (DoS), images of
botnets and millions of TCP/IP packets from rouge computers enter the mind.
When trying to attack a wireless user, expensive jammers or saturating the
airwaves with radio frequency (RF) noise may also be expected. The reality is
hackers and cyber criminals routinely target a specific individual and not an
entire subnet or wireless frequency. Their objectives are not to disrupt, but
rather create an effect or illusion meeting their specific mission or agenda.
12

This paper will demonstrate how anyone can accomplish a DoS attack
against a targeted wireless user using free open source tools and why this is
preferable to standard DoS methods. Specifically, the authors will
demonstrate how using one particular tool can deny service either on one or
many wireless users to create a variety of effects. This paper will describe
various reasons as to why someone may want to take this approach and its
benefits as well as the limitations of the tool. Technical examples of distance,
obstructions, attenuation, antenna power, etc., will support the authors'
assertions and theories. Lastly, the authors will demonstrate how they
performed a DoS against an individual target and how this attack can thwart
detection by a high grade direction finding system. This paper will include
case studies and mitigations associated with this type attack.
Keywords: wireless protocol standard, wireless network, denial of service,
802.11-a/b/g/i/n/w
A Novel Friendly Image-Based CAPTCHA With Auto-Generation
of Test Data
Chun-Jung Lee 1 , Wei-Bin Lee 1 , Chin-Sheng Liu 1 , Kevin Ho 2 and Chyi-
Ren Dow 1
1 Department of Information Engineering and Computer Science, Feng
Chia University, Taichung, Taiwan, R.O.C
2 Computer Science and Communication Engineering, Providence
University, Taichung, Taiwan, R.O.C
Abstract: To prevent resource expenditure and several security issues, a
website or a web application system should be able to tell that an access is
launched by a person, instead of an automated program. A challengeresponse
test called CAPTCHA is commonly selected for this purpose,
especially major portal service websites such as Google, Yahoo and Hotmail.
The process of a CAPTCHA involves a server requiring users to respond
challenges and checking the correctness of the responses. Challenges
should be properly chosen so as to make the responses can be done easily
by persons, but hard by automated programs. CAPTCHAs can be classified
as three categories, audio-based, text-based and image-based. An audiobased
CAPTCHA generates an audio clip of text being read with background
noise and asks users to respond by typing in the text. A text-based
CAPTCHA renders a picture of distorted text at user’s screen and asks user
to re-type the text in a text field as a response. The verification ability can be
strengthened by increasing the distortion. But, it will make humans hard to
recognize too. Image-based CAPTCHA is an alternative for text-based
CAPTCHA. The test that an image-based CAPTCHA asks users to complete
13

is related to the feature of one or more images, such as labeling the major
object in an underlying image. All the image-based CAPTCHAs have several
common problems, including the size of challenge database, the variety of
challenge images, and the update frequency. To make a CAPTCHA robust,
the challenge database must contain large number of images in different
categories and update frequently. Otherwise, an automated program can be
trained by all the challenges. But, human intervention in maintaining such a
database makes it almost impossible since labeling images must be done by
humans. In this article, we propose a CAPTCHA to solve these problems.
The images in our system are either in training or verification statuses.
Images with verification status are used to ensure that responses are from
persons. Each newly added image is with training status. The proposed
system asks a user to answer a question related to the features of rendered
verification images and also to give a label for a training image. Then, the
system collects all the labels for a training image which are selected by
verified users. Based on the collected labels, the system deduces the label
for a training image based on a given statistic rule and changes the status of
the image from training to verification. Therefore, the proposed system can
maintain the challenge database without human intervention.
Keywords: automated programs, CAPTCHA, text-based, image-based
Using Attack Trees to Assess Security Controls for
Supervisory Control and Data Acquisition Systems (SCADA)
Juan Lopez Jr. 1 , Jason Nielsen 2 , Jeffrey Hemmes 1 , and Jeffrey
Humphries 1
1 Center for Cyberspace Research, Department of Electrical and
Computer Engineering, Air Force Institute of Technology, Wright
Patterson AFB, Dayton, Ohio, USA
2 Air Force Intelligence, Surveillance and Reconnaissance Agency,
Lackland AFB, San Antonio, Texas, USA
Abstract: The recent trend to interconnect industrial control systems with a
corporate LAN has dramatically expanded the threat of remote cyber attack.
Indeed, adversaries are targeting these systems with increasing frequency
and sophistication. Cyber defense options for security decision makers are
subsequently increasing in variety and complexity. Determining which set of
security controls are most effective against cyber attacks is primarily a risk
management and resource constraint problem. This research takes an
exploratory approach to apply attack tree modeling to assess which group of
security controls can potentially mitigate cyber attacks against industrial
control systems. The research methodology combined probabilities of
14

adversary success with impact assessments from control system experts.
Subsequent data analysis identified 14 of 30 security controls that are
strongly associated with mitigating cyber attacks on an ICS.
Keywords: Attack tree, security controls, SCADA, risk assessment
Measures to Abate Evil Twin Attacks in 802.11
Sayonnha Mandal and Nagadivya Veldanda
Telecommunication Engineering, University of Oklahoma, Tulsa, USA
Abstract: Mobile wireless connectivity and Wi-Fi accessibility are
geographically expanding at an increasingly rapid rate. Thus, the various
threats associated with Wi-Fi spots will likely affect an increasing number of
users. These threats are especially noticeable in the most populated areas
like airports, cafes, bookstores, etc. Such networks are easy to deploy
because of the non-requirement of any out-of-band key exchange or prior
trust relationships between users and the access points (APs). This paper
gives a new insight into the multi-AP environment scenario and presents
several methods to validate access points to users even in the first
transaction itself, thereby decreasing the risks of connecting to an unknown
AP which might be a rogue one. To address this problem, we propose to use
the ElGamal digital signature scheme to generate and compare digital
signatures in order to authenticate the users to new access points. Also,
utilizing networking concepts, we propose to use the assignment of IP
addressing to access points to verify their identity to new users.
Keywords: evil twin attacks, ElGamal, IP addressing, multi-AP environment
Securing America Against Cyber war
Jayson McCune and Dwight Haworth
University of Nebraska at Omaha, USA
Abstract: This paper expands on one aspect of Clarke and Knake’s (2010)
recommendation for defending the United States’ Internet infrastructure from
external attack. First it summarizes the threat that has been demonstrated in
the recent past. Included are a number of data compromises that have been
traced to servers in China. Also identified are potential physical attacks
against facilities that employ supervisory control networks, with the Stuxnet
virus being a recent example. Lastly, the fact that malware has been planted
on computers in the electric power grid for later use makes an ability to block
the command messages or the remote login sequence an absolute necessity.
The paper identifies the 12 entry points into the United States’ Internet and,
15

following Clarke and Knake’s (2010: 160) suggestion, specifies a firewall
platform for those entry points. The total one-time cost for this defensive effort
is estimated and found to be feasible. Finally, limitations of this approach are
considered.
Keywords: cyber warfare, malware, packet inspection, internet protection
Examining Trade Offs for Hardware-Based Intellectual Property
Protection
Jeffrey Todd McDonald 1 and Yong Kim 2
1 University of South Alabama, Mobile, USA
2 Air Force Institute of Technology, Wright Patterson AFB, USA
Abstract: The ability to protect critical cyber infrastructure remains a multifaceted
problem facing both the commercial sector and the federal
government. Hardware intellectual property (IP) embedded within applicationspecific
integrated circuits and programmable logic devices are subject to
adversarial analysis in the form of subversion, piracy, and reverse
engineering. We consider the effect of transforming the programmatic logic or
net list definitions for such environments so that malicious adversaries are
hindered or prevented from recovering original, higher level abstractions of
combinational logic design. In this paper, we provide observations on
obfuscating algorithms that use random and deterministic techniques to
transform logic-level definitions into alternative, functionally equivalent forms.
We define the trade off space for both types of techniques and show how
limitations have driven research methods.
Keywords: circuit protection, malicious reverse engineering, obfuscation,
security research methodologies
An Approach for Cross-Domain Intrusion Detection
Thuy Nguyen, Mark Gondree, Jean Khosalim, David Shifflett, Timothy
Levin and Cynthia Irvine
Naval Postgraduate School, Monterey, California, USA
Abstract: Network-based monitoring and intrusion detection has grown into
an essential component of enterprise security management. Monitoring
potentially malicious activities across a set of networks classified at different
security levels, however, presents subtle and complicated challenges.
Analysis of intrusion alerts collected on an individual network only reveals
malicious attempts to compromise that particular network, not the overall
16

attack patterns across the enterprise. Development of a comprehensive
perspective for intrusion analysis of all networks in a multilevel secure (MLS)
environment requires care to ensure that the enforcement of information flow
control policies is preserved. We describe an approach to cross-domain
network-based intrusion detection. Leveraging the Monterey Security
Architecture (MYSEA) high-assurance MLS federated computing framework,
we developed an MLS policy-constrained network-based CD-IDS prototype
using untrusted single-level components and multilevel (trusted) components,
supported by open source software (i.e., BASE, snort, PostgreSQL and
pgpool-II). Our prototype enables an analyst to view and manipulate network
trace data collected from multiple networks, while enforcing mandatory
access control policies to constrain the analyst to only those resources her
session level dominates.
Keywords: cross-domain services, multilevel security, intrusion detection,
quality of security service
Perceptions Towards eBanking Security: An Empirical
Investigation of a Developing Country`s Banking Sector, how
Secure is eBanking?
Bongani Ngwenya
Solusi University, Zimbabwe, NWU-Mafeking, South Africa
Abstract: The increase in computer crime has led to scepticism about the
move made by the banks to introduce eBanking. Some view this as a noble
move which has made the banking system more efficient, reliable and secure,
while others view it as a risky and insecure way of banking. The aim of this
study was to assess whether eBanking in the developing countries is secure
or not. The researcher chose a descriptive-quantitative research design. Data
was collected using a self constructed questionnaire. Convenience sampling
and stratified random sampling techniques were used to select the main
subjects of the study. The responses of management and non-management
bank personnel were concentrated on the positive side where they at least
agreed that most of the items were implemented. On capital investment,
logical access controls, security of network services, behavioural security and
human resources competence, management ranked their perceptions
significantly higher than those of non-management bank personnel. However,
when it came to security policy and the organisational structure of Information
Systems department, non-management personnel ranked their perceptions
significantly higher than management personnel. Generally on average there
was no significant difference between the perceptions of management bank
personnel and non-management bank personnel on the security of eBanking.
17

The study recommends further future studies on the security of eBanking in
developing countries based on the perceptions of the customers themselves,
who are using eBanking services, the Common Criteria for Information
Technology Security and also a study of the latent dimensions of eBanking
security as extracted by factor analysis, how they differ from elements of
information security as derived from the theoretical framework and literature.
Keywords: eBanking; eBanking security; information security; network
services; banking system
Implementation of Symmetric Block Ciphers Using GPGPU
Naoki Nishikawa, Keisuke Iwai and Takakazu Kurokawa
Department of Computer Science, National Defence Academy of Japan,
Yokosuka, Japan
Abstract: Battlefield systems have been shifting to Network-Centric Warfare
since the Gulf War (1991). In such systems, computers are connected via
encrypted networks, which require communications with such detailed data
as video, sound, pictures, and other images in real time. However, current
CPUs will be bottlenecked by encryption processing speed during heavy
processing. Unfortunately, the performance increase of CPUs has been slow
recently. Therefore, we have continuing in our development of a new cipher
system using General Purpose computation on a Graphics Processing Unit
(GPGPU). GPUs have evolved in recent years into powerful parallel
computing devices, with a high cost–performance ratio. However, many
factors affect GPU performance. In earlier work to gain higher AES
performance using GPGPU in various ways, we obtained two technical
viewpoints: (1) 16 Byte/Thread is the best granularity (2) Extended key and
substitution table stored in shared memory is the best memory allocation
style. This study was undertaken to test the hypothesis that these two
findings are applicable to implementation of other symmetric block ciphers on
two generations of GPU. In this study, we targeted five 128-bit symmetric
block ciphers, AES, Camellia, CIPHERUNICORN-A, Hierocrypt-3, and
SC2000, from an e-Government Recommended Ciphers List through
Cryptography Research and Evaluation Committees (CRYPTREC) in Japan.
We evaluated the performance of this system on each GPU using three
methods: (A) throughput without data transfer, (B) throughput with data
transfer and overlapping encryption processing on GPU, (C) throughput with
data transfer and non-overlapping encryption processing on GPU. Results
demonstrate that the throughput of implementation of SC2000 in method (A)
on Tesla C2050 achieved extremely high 73.3 Gbps. Additionally, the
throughput obtained using methods (B) and (C) deteriorated to 28.1 Gbps
18

and 17.7 Gbps, respectively. Method (B) showed effective throughput with an
approximately 31.1-fold higher speed compared to that obtained when using
a one-core CPU.
Keywords: GPGPU, symmetric block cipher, acceleration
Trolling Online for Real World Identities
Christopher Perr, Daniel Compton and John Hamilton
Auburn University, Auburn Al, USA
Abstract: Anonymity on social networks can be an excellent tool. Given the
recent events with Arab Spring it is difficult to argue that anonymity on social
networks has not been proven as a tool for social change. Unfortunately,
anonymity can also lead to the celebration of depraved acts, such as animal
abuse. In these cases anonymity is being abused. Username reuse has been
identified as a potential tool to profile individuals using social networks.
Context clues are used to develop a likelihood of identification across social
networking sites, and to gather further information about the person behind
the screen name. In order to gain a higher level of verification this paper
proposes that trolling, as explained at Defcon 19, can be used as the means
to verification of username reuse and individual identification in the medium of
social networking.
Keywords: username traceability, digital forensics, crowd-sourcing, social
networking
From Traditional Local to Global Cyberspace – Slovenian
Perspectives on Information Warfare
Kaja Prislan and Igor Bernik
Faculty of Criminal Justice and Security, University of Maribor,
Ljubljana, Slovenia
Abstract: We wish to draw attention to information warfare in Slovenia and
the cyber threats that are a risk to information systems in Slovenian
organizations. Sophisticated modern information and communication
technology gives new dimensions to information warfare motivated by
military, political, economic and ideological interests. Many states are still
relatively oblivious of these dangers. Because of anonymity, the possibility of
remote access, and concealment of the point of attack, perpetrators can now
easily achieve their goals, and do this more swiftly than before the arrival of
information technology and the Internet. Technological development has
19

enabled the spread and transfer of information warfare to various areas of
society. Since the methods of information warfare are becoming similar to
classic computer crime, the problem is now even more complex. By delving
into the current Slovenian legislation, we wished to shed light on the
inadequacy of the normative basis for the actions of law enforcement
agencies. Our legislation maintains conditions, which make it easier to
commit information warfare than prosecute it. Based on the uncovered
weaknesses, we proposed specific improvements. Our main finding is that
information warfare, as a classic form of obtaining certain goals, has, in step
with technological development, spread to all areas of society, and changed
its methods of attack. To perpetrators of information warfare cyberspace is an
environment without limits, thus the rise of the new transnational/global threat
to states and organizations. The economy, critical infrastructure, political
relations and world peace are the areas most compromised by information
warfare. The current normative control of information warfare mirrors a lack of
political will, obliviousness and complacency, which are the attitudes enabling
the spread of information warfare. World superpowers and certain
international organizations know the benefits of information warfare, so they
help maintain the normative disorder. The original value of this paper is in the
presentation of the nature of information warfare based on specific cases,
and in the analysis of the current legislation.
Keywords: information warfare, cyberspace, information communication
technology, legislation, Slovenia
Convergence of Electronic Warfare and Computer Network
Exploitation/Attacks Within the Radio Frequency Spectrum
David Rohret 1 and Abiud Jimenez 2
1 Computer Sciences Corporation, Inc. Joint Information Operations
Warfare Center/Vulnerability Assessment Team, San Antonio, Texas,
USA
2 Dynetics, Inc. Joint Information Operations Warfare
Center/Vulnerability Assessment Team, San Antonio, Texas, USA
Abstract: Radio frequency (RF) and Computer Network Exploitation and
Attacks (CNE/CNA) can no longer be viewed as separate activities or actions
within the Radio Frequency (RF) spectrum for military or commercial
operations. Integration of Internet Protocol (IP) capabilities allowing for node
addressing, data transfer, and communications between systems once
considered only Electronic Warfare (EW)-centric, may provide nation-state
and non-nation-state adversaries and opportunistic malicious hackers the
ability to exploit systems previously considered autonomous. Furthermore,
20

network operations can be affected from wireless and remotely-operating RF
systems associated to, or trusted with, operational networks. Basic RF
jamming techniques provide an adversary the ability to affect blue force IP
over radio communications and data transmissions with little or no risk to
themselves by obfuscating their efforts as an Open Systems Interconnection
(OSI) layer 2-6 attack rather than a layer 1 attack. The Joint Information
Operations Warfare Center (JIOWC) Vulnerability Assessment Team (JVAT)
performs adversarial red team tactics against developmental Joint Capability
Technology Demonstrations (JCTDs), to include CNE/CNA and RF system of
systems. The evolution of ‘smart’ weapons technologies, to include most
information operations (IO) capabilities, now represents the norm in systems
development. Command and control (C ) and common operational pictures
(COPs) with integrated IP over radio, provide multiple attack vectors and
unique opportunities for adversaries. Organizations that manage and develop
EW and/or wireless networks must adapt policies and organizational
processes to meet the changing environment and to deal with an increasingly
savvy adversary who only requires open-source tools and technologies to
successfully attack sophisticated RF networked systems. In this paper the
authors identify adversarial tactics used against developmental systems with
integrated EW and CNO capabilities; using only open-source and publically
available equipment, data, and technologies. The authors will also discuss
adversarial techniques from three case studies based on actual red teaming
assessments on developmental systems.
Keywords: radio frequency, CNA/CNE, intelligent jamming, OSI Layers 2-6,
red teaming, assessments
Supply Chain Attacks: Basic Input Output Systems (BIOS), Mux
Multiplexers and Field Programmable Gate Arrays (FPGA)
David Rohret 1 , 3 and Justin Willmann 2 , 3
1
Computer Sciences Corporation, Inc. USA
2
Dynetics, Inc., USA
3
Information Operations Warfare Center/Vulnerability Assessment
Team, San Antonio, Texas, USA
Abstract: Cyber crimes and cyber warfare are problematic for commercial
and government entities as new exploits and methods of system compromise
emerge daily. Fortunately, hundreds of cyber security organizations
collaborate to develop security patches and mitigations for most exploits as
quickly as they are identified. One method of compromising and controlling
victim machines, with little or no risk of being identified or mitigated, is the
supply chain attack; specifically, altering the basic input and output system
21

(BIOS) code to reprogram Field Programmable Gate Array (FPGA) chips to
run covert operating systems and provide undetectable communications for
data exfiltration. Not only are the main board's BIOS and circuitry a target for
malicious technology insertion, but more powerful graphics cards with
independent processing and memory can also provide a safe haven for
malicious logic. This paper identifies and demonstrates BIOS and FPGA
attacks that can be implemented during the production process, allowing the
developer (or attacker) to accomplish persistent covert communications and
system control. The authors also discuss the results of a remote BIOS attack
and the risks associated with attempting one. Lastly, efforts to identify and
mitigate BIOS supply-chain attacks, are outlined to include the
implementation of the Trusted Platform Module (TPM) standard, which
supports hardware-based BIOS integrity checking, and changes required for
production methods and processes that will enhance information assurance
for critical assets.
Keywords: BIOS, POST, supply chain attack, field programmable gate
arrays, covert communications, data exfiltration, Trusted Platform Module
(TPM)
Attribution: Accountability in Cyber Incidents
Daniel Ryan 1 and Julie Ryan 2
1 iCollege of the National Defense University, Washington, DC
2 Engineering Management & Systems Engineering Department, School
of Engineering & Applied Science, the George Washington University,
Washington, DC
Abstract~: There can be no accountability without attribution. However, the
worldwide system of networks that comprises cyberspace was not developed
with attribution in mind, and so attribution has become a major problem in
cyber incident response. This paper explores requirements for attribution in
criminal and civil situations, in espionage, in cases where military tribunals
are used to try terrorists, and in information warfare, and proposes a possible
solution to the problem of attribution to nation-states.
Keywords: Civil Litigation, Cyberspace
22

A Game Theoretic Model of Strategic Conflict in Cyberspace
Harrison Schramm, David Alderson, Matthew Carlyle and Nedialko
Dimitrov, Naval Postgraduate School, Monterey California, USA
Abstract: We study cyber conflict as a two-person zero-sum game in discrete
time, where each player discovers new exploits according to an independent
random process. Upon discovery, the player must decide if and when to
exercise a munition based on that exploit. The payoff from using the munition
is a function of time that is (generally) increasing. These factors create a
basic tension: the longer a player waits to exercise a munition, the greater his
payoff because the munition is more mature, but also the greater the chance
that the opponent will also discover the exploit and nullify the munition.
Assuming perfect knowledge and under mild restrictions on the timedependent
payoff function for a munition, we derive optimal exercise
strategies and quantify the value of engaging in cyber conflict. Our analysis
also leads to high level insights on cyber conflict strategy.
Keywords: cyber conflict, Markov game, deterrence, game theory
Visualization in Information Security
Dino Schweitzer and Steven Fulton
United States Air Force Academy, USA
Abstract: Information security is a data-rich discipline. Security analysts can
be overwhelmed with the amount of data available, whether it is network
traffic, audit logs, or IDS alarms. Security monitoring applications need to
quickly process this data as they require rapid responses to real-time events.
An effective way of dealing with large quantities of data is to take advantage
of the human visual system and employ data visualization techniques. Data
visualization has a long history in scientific computing and medical
applications as well as newer areas such as data mining. Techniques for
effective data visualization have significantly evolved over the past several
years due to increases in processing power, enhanced display devices,
massive data storage capability, and faster transmission speeds. One
hardware advance that has strongly impacted real-time visualization is the
Graphical Processing Unit (GPU). GPU’s are small special-purpose
processing devices that are packaged hundreds or thousands of units per
chip. This allows parallel processing of vast quantities of data to produce
high-quality images in real time. As a result of these advances, experts are
extending the traditional fields of visualization to a broad range of new
applications. For example, many researchers are now experimenting with
23

innovative ways of applying visualization principles to security applications,
and many security products incorporate some type of visualization capability.
Dedicated books, articles, workshops, and blogs provide information and
forums for interested security professionals to learn about visualization and
how to effectively apply it to the security domain. This paper reviews the
history and principles of visualization focusing on how it is currently used in
the security arena. The paper also discusses current trends in information
security visualization research by analyzing and discussing ongoing
published visualization projects. These projects focus on techniques such as
file visualization, network visualization, log (firewall and intrusion detection)
visualization, as well as vulnerability identification and exploits. In addition to
a survey of current research efforts, the paper looks at possible future
directions for security visualization research and applications.
Keywords: visualization, information security
A Novel Biometric System Based on Tongueprint Images
Mohammad Reza Shahriari 1 , Shirin Manafi 2 and Sepehr Sadeghian 3
1
Department of Management, Islamic Azad University UAE Branch,
Dubai, UAE, 2 Department of biomedical Engineering, Science &
Research Branch, Islamic Azad University, Tehran, I.R.Iran
3
Department of mechanical engineering, IRAN University of Science &
Technology, Tehran, I.R.Iran
Abstract. Biometrics based identity-verification is regarded as an effective
method for automatically recognizing, with a high confidence, a person’s
identity. This paper presents a new biometric approach to identity verification
based on the tongue-print technology by means of a novel feature extraction
method since tongue can be stuck out of mouth for inspection, and it is
otherwise well protected in the mouth and is difficult to forge; this organ could
be considered as a biometric factor. The tongue presents both geometric
shape information and physiological texture information which are potentially
useful in personal identification applications. Despite these obvious
advantages for biometrics, little work has hitherto been done on this topic;
nevertheless, the feasibility of tongue biometrics has been proved. Our
tongueprint identification system employs tongueprint images and by means
of feature extraction from wavelet coefficients achieves effective personal
identification. The suggested system consists of two parts: preprocessing of
acquired tongue images, and a feature extraction method to achieve each
person’s unique parameters. In order to have an experimental image
database, digital pictures were acquired from 10 different people’s tongues in
prespecified time intervals. These people were chosen randomly both in
24

gender and age although specifically from different age groups. Resolution of
images and their acquisition conditions were uniform in all cases. By
clustering different people’s data and specifying the cluster centre, any new
dataset would be compared to the claimed centre and his/her identity could
be verified. Comparison of different mother wavelet transforms’ results
demonstrate the optimum framework. The experimental results have been
verified at the end. The results from suggested procedure show that using
texture factor for the tongue verification produces an efficient and reliable
result. When the FAR is equal to 3.1%, we get the Genuine Accept Rate of
70%. These results once again demonstrate that the tongue biometric is
feasible. Additionally it was observed that at the threshold of 182, the
suggested procedure would have equal error rate. Final verification results
depict close match with previous studies. Furthermore it was shown that
application of tongue’s texture - solely as a biometric factor considering
possible interfering of tongue shape complications resulted by its probable
and perhaps voluntary changes -could be regarded certainly efficient and
even more reliable with high recognition rate.
Keywords: biometrics, tongueprint identification, texture analysis, wavelet
transform
Intelligence and Influence Potential in Virtual Worlds
George Stein
USAF Center for Strategy and Technology, Spaatz Academic Centers,
Air University, USA
Abstract: The current and rapidly developing “virtual worlds” existing in
cyberspace and the relationship between activities in these virtual worlds and
the “real” world represent an emerging area of concern for the conduct of
strategic communications, influence operations, and, in general, various
military and intelligence missions and operations in cyberspace. In the next
few years, the availability and distribution of the so-called “$100 laptop”
throughout Asia, Latin America, Africa, and other areas-of-concern for the
“long war” will link millions not only to the World Wide Web but, additionally,
to the cyber-based virtual worlds. In general, government information
operations, intelligence and cyberspace communities are well behind the
power curve in virtual world cyberspace and, currently, largely unprepared for
operations in these cyber-based virtual worlds. We must address “two-world
warfare.”
Keywords: virtual worlds, MMORPG, second life, terrorists, intelligence,
surveillance
25

Classifying Network Attack Scenarios Using an Ontology
Renier Pelser van Heerden 1 , 2, Barry Irwin 2 and Ivan Burke 1
1 CSIR, Pretoria, South Africa
2 Rhodes University, Grahamstown, South Africa
Abstract: This paper presents a methodology using network attack ontology
to classify computer-based attacks. Computer network attacks differ in
motivation, execution and end result. Because attacks are diverse, no
standard classification exists. If an attack could be classified, it could be
mitigated accordingly. A taxonomy of computer network attacks forms the
basis of the ontology. Most published taxonomies present an attack from
either the attacker's or defender's point of view. This taxonomy presents both
views. The main taxonomy classes are: Actor, Actor Location, Aggressor,
Attack Goal, Attack Mechanism, Attack Scenario, Automation Level, Effects,
Motivation, Phase, Scope and Target. The "Actor" class is the entity
executing the attack. The "Actor Location" class is the Actor’s country of
origin. The "Aggressor" class is the group instigating an attack. The "Attack
Goal" class specifies the attacker’s goal. The "Attack Mechanism" class
defines the attack methodology. The "Automation Level" class indicates the
level of human interaction. The "Effects" class describes the consequences of
an attack. The "Motivation" class specifies incentives for an attack. The
"Scope" class describes the size and utility of the target. The "Target" class is
the physical device or entity targeted by an attack. The "Vulnerability" class
describes a target vulnerability used by the attacker. The "Phase" class
represents an attack model that subdivides an attack into different phases.
The ontology was developed using an "Attack Scenario" class, which draws
from other classes and can be used to characterize and classify computer
network attacks. An "Attack Scenario" consists of phases, has a scope and is
attributed to an actor and aggressor which have a goal. The "Attack Scenario"
thus represents different classes of attacks. High profile computer network
attacks such as Stuxnet and the Estonia attacks can now be been classified
through the “Attack Scenario” class.
Keywords: network attack, taxonomy, ontology, attack scenario
26

A Practical Method for Minimization of Attack Surfaces in
Information Warfare
Hence that general is skilful in attack whose opponent does
not know what to defend; And he is skilful in defense whose
opponent does not know what to attack. Sun Tzu, 496 BC
Charles Wilson 1 and Bradley Wilkerson 2
1
Center for Cyber Security and Intelligence Studies, University of Detroit
Mercy, Detroit, Michigan, USA
2
Eastern Michigan University, Ypsilanti, Michigan, USA
Abstract: This paper provides a specific approach to building a robust
defense against asymmetric attacks. It centers on the restriction of the attack
surfaces across an organization’s systems. It suggests practical method for
creating and enforcing limitations to the attack surface of the organization.
This method is based around target and attack enabler identification and
limitation of access rights through the enabling channels. The specific aim of
the approach is to only allow access at a limited number of well defended
interface points, through a well defined and highly restricted system
perimeter. It is implicit that if the limitation process is correctly executed the
defender will be able to provide a robust defense in depth at each of the
designed points of access.
Keywords: attack surface; asymmetric warfare, defense in depth; system
administration.
Simulated e-Bomb Effects on Electronically Equipped Targets
Enes Yurtoğlu
Turkish Air Force War College, Istanbul, Turkey
Abstract: Like High Altitude Electromagnetic Pulse (HEMP), high power
microwaves (HPM) produce intense energies, which may overload or damage
various electrical system components such as microcircuits. This work
theoretically investigates possible effects of a hypothetically designed HEMPlike
weapon, an “e-bomb,” on electronically equipped target systems whether
it can overload, upset or damage any part of the targeted system. The
procedure to determine these possible effects is, quantitatively, to estimate
the electromagnetic coupling from first principles and simulations using a
coupling model program, pursuing a feasible geometry of attack, practical
antennas, best coupling approximations of ground conductivity and
27

permittivity, a reasonable system of interest representation from
specifications, threat waveshape and operating frequency. The analysis
procedure investigates the role each of these factors contributes to the ebomb
coupling scenario and the end-to-end process is described as follows:
A simple topographical system of interest transmission-line coupling model is
created as a target that consists of some mission-essential distributed
equipment nodes, which include electronic device components. A range,
which turns out to be the detonation altitude over the target, is selected based
on the desired frequency span, antenna diameter, and the geometry for the
deployment platform source. This altitude, in-turn, is used to establish the
intensity level for illumination of the topographical model. A basic approach is
employed to define the geometry and to calculate the detonation altitude to
ensure the radius of the whole target system area is e-bomb illuminated. The
hypothetical e-bomb created transient pulse used to interact with the modeled
system is defined from first principles. The pulse is developed and formatted
as the expected amplitude, waveshape and frequency content of an e-bomb
as a function of ‘range.’ A MATLAB program is used to define the e-bomb
weapon E-field intensity as a function of range. After defining the threat field,
an electromagnetic coupling and interaction program using the threat
waveshape and models of the target system is employed to analyze terminal
currents throughout the model. These system currents are then converted to
their node voltage, delivered power, or energy, at the various representative
distributed system nodes throughout the model. Those possible e-bomb
effect results are then compared to a published and experimentally created
threshold level table to determine whether any upset or damage is formed on
the target system and satisfying results are achieved. Based on this
comparison, the results are evaluated with respect to the factors that caused
them to exceed, or not exceed, the threshold levels. Overall, those results
and comparisons provide an idea of how to best use such a weapon against
electronically equipped targets.
Keywords: electromagnetic pulse weapon, high power microwaves,
electromagnetic coupling, e-bomb, e-field
28

PhD
Papers
29

Cyberpower: Learning From the Rich, Historical Experience of
War
Ernest Lincoln Bonner, USAF, Air University, Maxwell, USA
Abstract: Developing cyberpower theory and doctrine is challenging because
heretofore cyberpower has fallen under the nearly exclusive purview of
technical experts, not warfighters. Consequently, much of the work on
cyberpower theory has eschewed traditional military concepts in favor of a
lexicon more familiar to network administrators, computer scientists, and
engineers. This state of affairs stunts military strategic thinking on
cyberpower, and hinders cyberpower integration into joint warfighting.
Therefore, this paper attempts to advance the beginnings of a cyberpower
theory rooted in the lessons of war from the traditional operational domains –
land, sea, and air. By examining cyberpower through the lens of fundamental
concepts like orientation, initiative, terrain, speed and mobility, similarities to
military power in the other operational domains emerge. These similarities let
cyberpower theory harvest lessons from the military theories of those like Carl
von Clausewitz, Sir Julian Corbett, Sir John Slessor and John Boyd, and the
rich, historical experience of war.
Keywords: cyber, cyberpower, military, cyber warfare, theory
Reducing False Positives in an Anomaly-Based NIDS
Saeide Hatamikhah and Mohammad Laali
Department of Computer Engineering, Tarbiat Moallem University,
Tehran, Iran
Abstract: Internet and computer networks are facing an increasing number of
security threats. With new types of attacks that appear continuously, the
development of flexible and adaptive security is a serious challenge. In this
field, approaches of network-based intrusion detection are ideal techniques to
protect target systems and networks from destructive actions. Depending on
the analytical model, this technique is divided into signature-based and
anomaly-based models. Signature-based model focuses on known attacks or
their obvious features by matching patterns of behavior with a predefined byte
string. The biggest problem with this model is that it is not able to detect new
attacks if the software does not have their signatures defined in the database.
Anomaly-based model specifies normal behavior of the traffic and computes
unusual degree of one packet on base of its deviance measure from normal
behavior. Even then if diversion is discovered, the system would generate
alarms indicating a series of intrusion events that have occurred. Despite the
31

ability of this system to detect new attacks, it generates a high rate of false
alarms. Shimamura and Kono (2006) in order to reduce false alarms rate in
the signature-based IDS proposed a system called TrueAlarm. Although this
proposed system can be considered as a new system of network-based
intrusion detection due to its benefits than basic NIDS, it is important to note
that TrueAlarm still cannot identify unknown suspicious messages as the
signature-based NIDS, and this is its biggest weakness due to the large
volume of network attacks in today’s world that include many zero-day
attacks. In this article whilst we want to introduce intrusion detection system
as a powerful tool in the field of network security, and also a variety of
analysis techniques and models, using a basic system namely TrueAlarm, we
present a new architecture namely Integrated TrueAlarm to improve the false
alarm problem of anomaly-based analysis model.
Keywords: Network-based intrusion detection system, false alarms,
signature-based analysis, anomaly-based analysis, Integrated TrueAlarm
An Ontological Approach to Information Security Management
Teresa Pereira 1 and Henrique Santos 2
1 Informatics Department, School of Business Studies, Polytechnic
Institute of Viana do Castelo, Valença, Portugal, 2 Information Systems
Department, School of Engineering, University of Minho, Guimarães,
Portugal
Abstract: Nowadays organizations strongly rely on technology, in particular
on the performance of their information systems, and therefore they become
more exposed to security risks inherent to these technologies. Adequate
security procedures to manage information security are obviously required
and organizations need to carefully evaluate their security policies. In this
context information security risk management should be performed as part of
information security management activity. Its objectives are to identify,
address, and mitigate risks before they become serious threats. The definition
of an ontology, which contains a hierarchical representation and description
of security concepts, defined according to the ISO/IEC_JTC1 standards, can
assist organizations to classify attacks, identify the critical assets and mitigate
their vulnerabilities and threats. With this information organizations are able to
identify the level of risk exposition. This paper proposes a method based on
an ontological approach to structure and organize security information within
an organization.
Keywords: information security management; risk analysis; security risk
management; information security; ontology
32

Non Academic
Papers
33

The Crawl, Walk, run Progression for Strategic Communication
Christopher Paul
RAND Corporation, Pittsburgh, USA
Abstract: Strategic communication suffers from ambiguity in both discussion
and in practice. Recommendations for the improvement of strategic
communication and public diplomacy abound. In these recommendations
there are significant areas of consensus, but broad differences remain in
terms of the priorities for and the details of the various things recommended.
The author argues that, while some of these differences stem from real
disagreement about definition or direction, many come from diverse focal
emphases and a failure to consider desired capabilities as part of a logical
progression. Consider, for example, that for some, strategic communication
focuses on just getting to a minimal level of deconfliction between our
different modes of broadcast and avoiding information fratricide. For others,
the emphasis is on long-term partnerships and engagements, and the
necessary enabling cultural and contextual knowledge. For others still,
strategic communication should emphasize leveraging the private sector for a
variety of resources and capabilities that are not organic to the government.
The proposed solution is simple: the development of strategic communication
should follow a crawl, walk, run progression. This is a metaphor often used in
military training and is fairly transparent logically: Before you can walk, crawl;
before you can run, walk. Some things have to come before other things,
either because they are logically prior, or just easier to develop from the
current existing baseline. The paper elaborates this argument and
preliminarily discusses and assigns each of the host of advocated strategic
communication developments or capabilities to the crawl level, the walk,
level, or the run level.
Keywords: strategic communication, public diplomacy, war of ideas,
influence campaigns, civil-military relations
35

Work in
Progress
Papers
37

Cyber Fratricide: A Literature Review
Norah Abokhodair and Aaron Alva
Information School, University of Washington, Seattle, USA
Abstract: In 2010, the Symantec Internet Security threat report encountered
more than 286 million unique variations of malware threats(Symantec, 2011).
Moreover, it recorded 6,253 new vulnerabilities, more than in any previous
year since report’s inception. Threats to cyber systems in the form of Trojans,
Worms, Viruses, etc. are increasing at a rate that is overwhelming the ability
of security practitioners to keep up. Efforts to address an avalanche of threats
is introducing errors and decisions that may be adversely affecting the
security of the system the security practitioners are trying to protect. To date,
little research has focusedon an important aspect of security effectiveness,
the cyber equivalent of “Friendly Fire”. This paper reviews case studies and
available research on Cyber Friendly Fire. The Webster’s Ninth New
Collegiate Dictionary defines fratricide as “one who murders or kills his own
brother or sister.” Cyber Friendly Fire, the equivalent of cyber fratricide, is
defined as “intentional offensive or defensive cyber/electronic actions
intended to protect cyber systems against enemy forces or to attack enemy
cyber systems, which unintentionally harms the mission effectiveness of
friendly or neutral forces” (Greitzer et al., 2009). Recent high-profile incidents
illustrate how organizations have failed to understand the risks of Cyber
friendly fire. Furthermore, the use of multiple cyber security tools may have
the perverse effect of damaging system security. The Open Source
Vulnerability Database shows at least 1,200 listings where security software
has been the cause of a system breaking (Geer Jr, 2010). In these cases,
friendly fire has brought down the defenses of the enterprise and exposed the
systems to the dangerous threat landscape. The purpose of this reviewis to
clarify the factors leading to or causing cyber fratricide, identify gaps in this
emerging area of research, and suggest avenues of research that will lead to
increased awareness and improved enterprise systems security.
Keywords: cyber fratricide, cyber friendly-fire, cyber threats, enterprise
systems, cyber security
39

Behavioral-Based Method for Detecting SCADA Malware
Henry Bushey, Juan Lopez and Jonathan Butts
Air Force Institute of Technology, Wright-Patterson Air Force Base, USA
Abstract: Supervisory Control and Data Acquisition (SCADA) systems
control and monitor services for the nation’s critical infrastructure. Recent
events (e.g., Stuxnet) highlight the increasing threat to these systems.
Indeed, attacks vary from denial of service to espionage; however, Stuxnet
provides an example of a targeted, covert attack resulting in physical
damage. Of particular note is the manner in which Stuxnet exploited the trust
relationship between the human machine interface (HMI) and the
programmable logic controllers (PLCs). PLCs are critical components of
SCADA systems that provide real-time physical control and monitoring of
end-devices (e.g., pumps, switches and sensors). Current methods of
validating the operational parameters of PLCs primarily consider the message
exchange and network communications protocols, generally observed at the
HMI. Although sufficient at the macro level, this method does not provide
detection of malware embedded in the PLC, as demonstrated by Stuxnet.
This work in progress proposes a novel method to analyze the behavior of the
input and output parameters of a PLC. Direct analysis of PLC input and
output provides the true state of SCADA end-devices. Our research provides
a series of inputs to the PLC while monitoring true system outputs. The initial
and transition states characterize the baseline behavior of the PLC program.
Once the baseline is established, modifications are made to emulate a PLC
infected with malware. The enumerated versions of the programs are
reevaluated to observe the modified output behavior. The results are then
analyzed to identify the presence of malicious code and to determine the
degree of modification. The focus of this work is to increase the resilient
posture of SCADA systems. By analyzing true system outputs, a model can
be derived that identifies malware embedded in PLCs attempting to alter
system operations. The results can be extracted to develop resiliency metrics
that evaluate how a system is expected to operate in the face of adversity.
The research will be expanded to incorporate automated behavioral-based
analysis integrated with the PLC.
Keywords: behavioral-based security, assurance, resilience, SCADA
security
40

Modelling Organizational Management by Strengthening the
Information Protection Requirements in Innovative
Organizations
Marcela Izabela Ciopa and Cristian Silviu Banacu
Management Department, Efficiency Economic Char, The Academy of
Economic Sciences, Romania
Abstract: Starting from the identification of human resources as one of the
essential components of information security and following heated debates on
forums about the lack of accountability regarding the utilization of IT
resources (mainly by users more or less trained in this respect), we found the
need to address managerial issues and to identify solutions for the
implementation of rules and procedures. Objective is to implement a model
that is focused on: -changing internal regulations as a starting point and; -
including behavioural elements into employees’ evaluations. Behavioural
elements shall be included in order to evaluate how information content in
databases of innovative organizations is used and to reward or sanction
respectively. Changing internal rules, job descriptions and evaluation criteria
will affect the rights and obligations of internal and external users of
databases and will create the conditions for better maintaining the
confidentiality and integrity of data.
Keywords: human resource, internal regulations in innovative companies,
job description, evaluation's criteria, information security.
Evaluation of Traditional Security Solutions in the SCADA
Environment
Robert Larkin, Juan Lopez and Jonathan Butts
Air Force Institute of Technology, Wright-Patterson AFB, Ohio, USA
Abstract: Supervisory control and data acquisition (SCADA) systems control
and monitor the electric power grid, water treatment facilities, oil and gas
pipelines, railways and other critical infrastructures. In recent years,
organizations that own and operate these systems have increasingly
interconnected them with their enterprise network to take advantage of cost
savings and operational benefits. This trend, however, has introduced myriad
vulnerabilities associated with the networking environment. As a result, the
once isolated systems are now susceptible to a wide range of threats that
previously did not exist. To help address the associated risks, security
professionals seek to incorporate mitigation solutions designed for traditional
networking and information technology (IT) systems. Unfortunately, the
operating parameters and security principles associated with traditional IT
41

systems do not readily translate to the SCADA environment; security
solutions for IT systems focus primarily on protecting the confidentiality of
system and user data. Alternatively, SCADA systems must adhere to strict
safety and reliability requirements and rely extensively on system availability.
Indeed, mitigation strategies designed for traditional IT systems must be
evaluated for the SCADA environment prior to employment to safeguard
against adverse operational impacts. This work in progress presents ongoing
research that analyzes a traditional host-based intrusion detection system in
the SCADA environment. Specifically, we evaluate the Department of
Defense (DoD) Host Based Security System (HBSS) employed on a fuels
management SCADA system. The preliminary investigation examines
whether the increased processing time associated with the HBSS security
agent negatively impacts system availability and operations. The research
methodology consists of both measurement and simulation evaluations and
leverages an operational U.S. Air Force fuels management system and
configuration. If findings indicate that the impact to operations is negligible,
then the HBSS network defense tool can be employed in the AF fuels
management SCADA environment. If successful, HBSS can be extended to
other AF and DoD SCADA networks to provide security protections against
network-based attacks.
Keywords: critical infrastructure protection, SCADA security, host-based IDS
Hackers at the State Service: Cyberwars Against Estonia and
Georgia
Volodymyr Lysenko and Barbara Endicott-Popovsky
University of Washington, Seattle, USA
Abstract: In this research we investigate, what role the Russian “patriotic
hackers” played in the 2007 and 2008 cyberattacks against Estonia and
Georgia, what role the state played, and how the experience of withstanding
the “Russian-type” attacks, experienced in 2007 in Estonia, helped in
repelling rather similar attacks in 2008 against Georgia much faster. Fluency
in the Russian language of one of the co-authors helps in identifying those
issues which were previously hidden from earlier, mostly Western,
researchers investigating these cases. Based on our analysis we will provide
some new insights into withstanding state-sponsored cyberwars, and develop
related recommendations for cyberdefense policy makers.
Keywords: cyberattacks in modern conflicts; patriotic hackers; Russia;
Estonia; Georgia; case studies; cybersecurity education
42

Presentation
Only
43

ICT Security In The Modern Airport – Can Organic Growth Ever
be Secure?
John McCarthy 1 , Bryan Mills 2 and Don Milne 1
1 Bucks New University, UK
2 ServiceTec, England
Abstract: Demand for air travel from the expanding world leisure market and
the rapid development of some Asian, Eastern European and South
American economies has also fuelled a demand for greater air travel. In
recent years Airlines have responded with greater competition and the
evolution of low cost airlines. This has combined to create a major impact on
passenger numbers. In addition to normal market expansion major terrorist
events such as 9/11 have created increased security measures and
procedures in passenger air travel. This has resulted in a step change on how
airport security is managed. This has resulted in airports facing increasing
numbers and ever more complex, time consuming and cumbersome security
procedures. The increase in passenger numbers coupled with a rapid
expansion of airport infrastructure to accommodate the new security
procedures has resulted in adhoc ICT systems in airports that have grown
and developed organically. These ICT systems may not be as secure as they
could be due to the disparate nature of their development and possible
duplication of services. Communication in airports for passenger handling is
also evolving.
There is a move towards adopting TCP/IP protocols and moving away from
older forms of technology such as X25 relays. This in itself whilst presenting
cost savings and efficiency benefits creates new security issues and threats.
Airports are often managed by several bodies such as airlines, baggage
handlers companies, security and immigration and border control. Airports
and airport regulations are governed by individual countries. This leaves open
the possibility of differing security and working practices and ICT
implementations across international boundaries. This could have an impact
on airport security as a whole.
To address these issues this exploratory paper seeks to map out the ICT
systems in a modern Tier 2 regional airport. This will be achieved through
case study analysis of a major Tier 2 airport and coupled with empirical data
collection and analysis. The resulting ICT map will allow an objective and
neutral analysis of ICT provision in airports and determine if this provision is
secure. Best practice models could also be developed to benchmark the use
and security of ICT within airports.
45

The outcomes may offer new insights into the management of ICT systems
airports and offer new methods of deploying ICT to better effect within the
airport environment. This may enable ICT providers within airports to offer a
more secure and efficient service that offers enhanced safety for passenger
travel.
Keywords: airport security passenger handling
A Progress Report on the IW Ops Manual
Eneken Tikk Ringas
Toronto University Munk School of International Affairs, Canada
Cyber incidents of the past years as well as the continuous speculation
around potential future cyber catastrophes and cyber wars have repeatedly
emphasized the need for a revised interpretation of existing law. Jus ad
bellum (international law governing the use of force) and jus in
bello(international humanitarian law) were not developed, having regard to
contemporary security threats, including advanced cyber capabilities.
Therefore, it is evident that a great need exists for a professional
interpretation of the conventions and treaties of the previous centuries in
order to demonstrate if and how they can be applied to the modern cyber
conflict. An international group of lawyers has begun to develop
an authoritative reference on the international law applicable to cyber conflict.
The Manual is meant to address all legal issues deriving from the jus ad
bellum and the jus in bello. In addition, it examines related issues such as
sovereignty, state responsibility and neutrality. Dr. Tikk will describe the
progress being made in developing the Tallinn Manual
46