6th European Conference - Academic Conferences Limited
6th European Conference - Academic Conferences Limited
6th European Conference - Academic Conferences Limited
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Proceedings<br />
of the<br />
7th International<br />
<strong>Conference</strong> on Information<br />
Warfare and Security<br />
Center for Information Assurance<br />
and Cybersecurity<br />
University of Washington<br />
Seattle<br />
USA<br />
22-23 March 2012<br />
Edited by<br />
Dr. Volodymyr Lysenko<br />
Center for Information Assurance<br />
and Cybersecurity<br />
University of Washington<br />
Seattle<br />
USA
Copyright The Authors, 2012. All Rights Reserved.<br />
No reproduction, copy or transmission may be made without written<br />
permission from the individual authors.<br />
Papers have been double-blind peer reviewed before final submission to the<br />
conference. Initially, paper abstracts were read and selected by the<br />
conference panel for submission as possible papers for the conference.<br />
Many thanks to the reviewers who helped ensure the quality of the full<br />
papers.<br />
These <strong>Conference</strong> Proceeding have been submitted to the Thomson ISI for<br />
indexing.<br />
Further copies of this book can be purchased from<br />
http://academic-conferences.org/2-proceedings.htm<br />
CD version ISBN: 978-1-908272-30-0<br />
CD version ISSN: 2048-9897<br />
Book version ISBN: 978-1-908272-29-4<br />
Book Version ISSN: 2048-9870<br />
Published by <strong>Academic</strong> Publishing <strong>Limited</strong><br />
Reading<br />
UK<br />
44-118-972-4148<br />
www.academic-publishing.org
Contents<br />
Paper Title Author(s) Guide<br />
Page<br />
i<br />
Page<br />
No.<br />
Preface vi iv<br />
Biographies of <strong>Conference</strong><br />
Chairs, Programme Chair,<br />
Keynote Speaker and Minitrack<br />
Chairs<br />
Biographies of contributing<br />
authors<br />
Detecting Hidden Logic<br />
Bombs in Critical<br />
Infrastructure Software<br />
The Development of IO / IW<br />
Curriculums in the United<br />
States: A Review of Current<br />
Efforts and a Case Study<br />
From Norwich University<br />
Establishing Cyberspace<br />
Sovereignty<br />
Study of the Perception of<br />
Cyber Threats and the Fear<br />
of Cybercrime<br />
Effectively Teaching Cyber<br />
Warfare to a Non-Technical<br />
Audience<br />
Decision-Making by Effective<br />
C2I System<br />
Virtual NonState Actors as<br />
Clausewitzian Centers of<br />
Gravity: An Examination for<br />
Sensemaking, Elaboration<br />
and Discussion<br />
Hira Agrawal, James Alberi,<br />
Lisa Bahler , Josephine<br />
Micallef, Alexandr Virodov,<br />
Mark Magenheimer, Shane<br />
Snyder, Vidroha Debroy<br />
and Eric Wong<br />
x vii<br />
xiii ix<br />
1 1<br />
Edwin Leigh Armistead 1 12<br />
Kris Barcomb, Dennis Krill,<br />
Robert Mills and Michael<br />
Saville<br />
Igor Bernik and Gorazd<br />
Mesko<br />
David Bibighaus, David<br />
Gibson, Martin Carlisle,<br />
David Merritt, Jeff Boleng<br />
and James Maher<br />
Martin Blaha and Kateřina<br />
Brabcová<br />
2 19<br />
3 27<br />
4 36<br />
4 44<br />
Larisa Breton 5 51
Paper Title Author(s) Guide<br />
Page<br />
BioONT: Improving<br />
Knowledge Organization and<br />
Representation in the<br />
Domain of Biometric<br />
Authentication<br />
Fairness of Trust Based<br />
Mobile ad hoc Network<br />
Protocols<br />
Attribution of Drive-by<br />
Downloads Involved in<br />
Osama’s Death Malware<br />
Campaign<br />
SCADA Systems in South<br />
Africa and Their<br />
Vulnerabilities<br />
Cyber Security Awareness<br />
Initiatives in South Africa: A<br />
Synergy Approach<br />
Comparing Models of<br />
Offensive Cyber Operations<br />
Protecting Health<br />
Information Privacy and<br />
Safety on the Internet:<br />
United States eHealth<br />
Systems and Legal<br />
Perspectives<br />
Security Preprocessor for<br />
Industrial Control Networks<br />
The Influence of Cyber<br />
Security Levels of South<br />
African Citizens on National<br />
Security<br />
A Targeted Wireless Denial<br />
of Service Attack: Deauth or<br />
not to Deauth, That is the<br />
Question<br />
ii<br />
Page<br />
No.<br />
Stephen Buerle 6 56<br />
Ivan Daniel Burke and<br />
Martin Olivier<br />
Manoj Cherukuri and<br />
Srinivas Mukkamala<br />
Grace Chileshe and Renier<br />
van Heerden<br />
Zama Dlamini and Mapule<br />
Modise<br />
Tim Grant Ivan Burke and<br />
Renier van Heerden<br />
Virginia Greiman, Tanya<br />
Zlateva, and Lou<br />
Chitkushev<br />
Jeffrey Hieb, James<br />
Graham, Jacob Schreiver<br />
and Kyle Moss<br />
Joey Jansen van Vuuren,<br />
Marthie Grobler and Jannie<br />
Zaaiman<br />
Michael Kraft and Jonathan<br />
Holston<br />
6 67<br />
7 82<br />
8 90<br />
8 98<br />
9 108<br />
10 122<br />
11 130<br />
11 138<br />
12 148
Paper Title Author(s) Guide<br />
Page<br />
A Novel Friendly Image-<br />
Based CAPTCHA With Auto-<br />
Generation of Test Data<br />
Using Attack Trees to<br />
Assess Security Controls for<br />
Supervisory Control and<br />
Data Acquisition Systems<br />
(SCADA)<br />
Measures to Abate Evil Twin<br />
Attacks in 802.11<br />
Securing America Against<br />
Cyber war<br />
Examining Trade Offs for<br />
Hardware-Based Intellectual<br />
Property Protection<br />
An Approach for Cross-<br />
Domain Intrusion Detection<br />
Perceptions Towards<br />
eBanking Security: An<br />
Empirical Investigation of a<br />
Developing Country`s<br />
Banking Sector, how Secure<br />
is eBanking?<br />
Implementation of<br />
Symmetric Block Ciphers<br />
Using GPGPU<br />
Trolling Online for Real<br />
World Identities<br />
From Traditional Local to<br />
Global Cyberspace –<br />
Slovenian Perspectives on<br />
Information Warfare<br />
Chun-Jung Lee, Wei-Bin<br />
Lee, Chin-Sheng Liu, Kevin<br />
Ho and Chyi-Ren Dow<br />
Juan Lopez Jr., Jason<br />
Nielsen, Jeffrey Hemmes<br />
and Jeffrey Humphries<br />
Sayonnha Mandal and<br />
Nagadivya Veldanda<br />
Jayson McCune and<br />
Dwight Haworth<br />
Jeffrey Todd McDonald and<br />
Yong Kim<br />
Thuy Nguyen, Mark<br />
Gondree, Jean Khosalim,<br />
David Shifflett, Timothy<br />
Levin and Cynthia Irvine<br />
iii<br />
Page<br />
No.<br />
13 158<br />
14 166<br />
15 178<br />
15 185<br />
16 192<br />
16 203<br />
Bongani Ngwenya 17 213<br />
Naoki Nishikawa, Keisuke<br />
Iwai and Takakazu<br />
Kurokawa<br />
Christopher Perr, Daniel<br />
Compton and John<br />
Hamilton<br />
Kaja Prislan and Igor<br />
Bernik<br />
18 222<br />
19 233<br />
19 237
Paper Title Author(s) Guide<br />
Page<br />
Convergence of Electronic<br />
Warfare and Computer<br />
Network Exploitation/Attacks<br />
Within the Radio Frequency<br />
Spectrum<br />
Supply Chain Attacks: Basic<br />
Input Output Systems<br />
(BIOS), Mux Multiplexers<br />
and Field Programmable<br />
Gate Arrays (FPGA)<br />
Attribution: Accountability in<br />
Cyber Incidents<br />
A Game Theoretic Model of<br />
Strategic Conflict in<br />
Cyberspace<br />
Visualization in Information<br />
Security<br />
A Novel Biometric System<br />
Based on Tongueprint<br />
Images<br />
Intelligence and Influence<br />
Potential in Virtual Worlds<br />
Classifying Network Attack<br />
Scenarios Using an<br />
Ontology<br />
A Practical Method for<br />
Minimization of Attack<br />
Surfaces in Information<br />
Warfare<br />
Simulated e-Bomb Effects<br />
on Electronically Equipped<br />
Targets<br />
David Rohret and Abiud<br />
Jimenez<br />
David Rohret and Justin<br />
Willmann<br />
iv<br />
Page<br />
No.<br />
20 245<br />
21 254<br />
Daniel Ryan and Julie Ryan 22 265<br />
Harrison Schramm, David<br />
Alderson, Matthew Carlyle<br />
and Nedialko Dimitrov<br />
Dino Schweitzer and<br />
Steven Fulton<br />
Mohammad Reza<br />
Shahriari, Shirin Manafi and<br />
Sepehr Sadeghian<br />
23 272<br />
23 288<br />
24 297<br />
George Stein 25 304<br />
Renier Pelser van Heerden ,<br />
Barry Irwin and Ivan Burke<br />
Charles Wilson and Bradley<br />
Wilkerson<br />
26 311<br />
27 325<br />
Enes Yurtoğlu 28 330<br />
PhD Papers 29 349<br />
Cyberpower: Learning From<br />
the Rich, Historical<br />
Experience of War<br />
Ernest Lincoln Bonner 31 351
Paper Title Author(s) Guide<br />
Page<br />
Reducing False Positives in<br />
an Anomaly-Based NIDS<br />
An Ontological Approach to<br />
Information Security<br />
Management<br />
Saeide Hatamikhah and<br />
Mohammad Laali<br />
Teresa Pereira and<br />
Henrique Santos<br />
v<br />
Page<br />
No.<br />
31 358<br />
32 368<br />
Non <strong>Academic</strong> paper 33 377<br />
The Crawl, Walk, run<br />
Progression for Strategic<br />
Communication<br />
Christopher Paul 35 379<br />
Work In Progress papers 37 387<br />
Cyber Fratricide: A Literature<br />
Review<br />
Behavioral-Based Method<br />
for Detecting SCADA<br />
Malware<br />
Modelling Organizational<br />
Management by<br />
Strengthening the<br />
Information Protection<br />
Requirements in Innovative<br />
Organizations<br />
Evaluation of Traditional<br />
Security Solutions in the<br />
SCADA Environment<br />
Hackers at the State<br />
Service: Cyberwars Against<br />
Estonia and Georgia<br />
Norah Abokhodair and<br />
Aaron Alva<br />
Henry Bushey, Juan Lopez<br />
and Jonathan Butts<br />
Marcela Izabela Ciopa<br />
Stiuca and Cristian Silviu<br />
Banacu<br />
Robert Larkin, Juan Lopez<br />
and Jonathan Butts<br />
Volodymyr Lysenko and<br />
Barbara Endicott-Popovsky<br />
Presentation only 43<br />
ICT Security In The Modern<br />
Airport – Can Organic<br />
Growth Ever be Secure?<br />
A Progress Report on the IW<br />
Ops Manual<br />
John McCarthy, Bryan Mills<br />
and Don Milne<br />
39 389<br />
40 392<br />
41 395<br />
41 399<br />
42 404<br />
45<br />
Eneken Tikk Ringas 46
Preface<br />
These Proceedings are the work of researchers contributing to the 7th<br />
International <strong>Conference</strong> on Information Warfare and Security (ICIW 2012),<br />
hosted this year by the Center for Information Assurance and Cybersecurity,<br />
University of Washington University, Seattle, USA. The <strong>Conference</strong> Chair is<br />
Dr. Barbara Endicott-Popovsky, and the Programme Chair is Dr. Volodymyr<br />
Lysenko, both from the Center for Information Assurance and Cybersecurity.<br />
The opening keynote address this year is given by Kirk Bailey, from CISO,<br />
University of Washington, Seattle, USA,. The second day will be opened by<br />
Dr. Eneken Tikk-Ringas, from the University of Toronto, Munk School of<br />
International Affairs, Toronto, Canada.<br />
An important benefit of attending this conference is the ability to share ideas<br />
and meet the people who hold them. The range of papers will ensure an<br />
interesting and enlightened discussion over the full two day schedule. The<br />
topics covered by the papers this year illustrate the depth of the information<br />
operations’ research area, with the subject matter ranging from the highly<br />
technical to the more strategic visions of the use and influence of information.<br />
With an initial submission of 76 abstracts, after the double blind, peer review<br />
process there are 46 papers published in these <strong>Conference</strong> Proceedings,<br />
including contributions from Czech Republic, India, Iran, Japan, Netherlands,<br />
Nigeria, Portugal, Romania, Slovenia, South Africa, Taiwan, Turkey, United<br />
Kingdom, USA and Zimbabwe.<br />
I wish you a most enjoyable conference.<br />
March 2012<br />
Volodymyr Lysenko<br />
Washington University<br />
Programme Chair<br />
vi
<strong>Conference</strong> Committee<br />
<strong>Conference</strong> Executive<br />
Barbara Endicott-Popovsky, Center for Information Assurance and<br />
Cybersecurity, University of Washington, Seattle, USA<br />
Volodymyr Lysenko, Center for Information Assurance and Cybersecurity,<br />
University of Washington, Seattle, USA<br />
Daniel T Kuehl, National Defense University, Washington, DC, USA<br />
Leigh Armistead, Peregrine Technical Solutions LLC, USA<br />
Andy Jones, Security Research Centre, BT, UK and and Khalifa University,<br />
UAE<br />
William Mahoney The Peter Kiewit Institute, University of Nebraska Omaha,<br />
Omaha, USA<br />
Mini Track Chairs<br />
Natarajan Vijayarangan, Tata Consultancy Services, India<br />
Daniel J. Ryan, National Defense University, Washington, DC, USA<br />
Juan Lopez Jr., Center for Cyberspace Research at the Air Force Institute of<br />
Technology (AFIT), Dayton, Ohio, USA<br />
Dan Shoemaker, Center for Cybersecurity and Intelligence Studies (CCSIS),<br />
at the University of Detroit Mercy, Michigan, USA<br />
Ronald C. Dodge, Information and Educational Technology at the United<br />
States Military Academy (USMA), West Point, USA<br />
Committee Members<br />
The conference programme committee consists of key people in the<br />
information systems, information warfare and information security<br />
communities around the world. The following people have confirmed their<br />
participation:<br />
Olalekan Babatunde Adeleye (University of Ado Ekiti, Nigeria); Gail-joon Ahn<br />
(University of North Carolina at Charlotte, USA); Jim Alves-Foss (University of<br />
Idaho, USA); Todd Andel (Air Force Institute of Technology, USA); Leigh<br />
Armistead (Edith Cowan University, Australia); Johnnes Arreymbi (University<br />
of East London, UK); Rusty Baldwin (Air Force Institute of Technology, USA);<br />
Richard Baskerville (Georgia State University, USA); Alexander Bligh (College<br />
of Judea and Samaria, Ariel, Israel); Svet Braynov (University of Illinois,<br />
Springfield, USA); Susan Brenner, University of Dayton, Ohio, USA); Acma<br />
Bulent (Anadolu University, Eskisehir, Turkey); Jonathan Butts (AFIT, USA);<br />
Blaine Burnham (University of Nebraska, Omaha, USA); Roy Campbell<br />
(University of Ilinois at Urbana and Champaign, USA); Catharina Candolin<br />
(Defence Command Finland, Finland); Marco Carvalho (Institute for Human<br />
and Machine Cognition (IHMC), USA); Joobin Choobineh (Texas A&M<br />
University, USA); Nathan Clarke (University of Plymouth, UK); Ronen Cohen<br />
(Ariel University Centre, Israel); Earl Crane (George Washington University,<br />
vii
USA); Geoffrey Darnton (Requirements Analytics, UK); Dipankar Dasgupta<br />
(Intelligent Security Systems Research Lab, University of Memphis, USA);<br />
Evan Dembskey (UNISA, Pretoria, South Africa); Dorothy Denning (Naval<br />
Post Graduate School, USA); Glenn Dietrich (University of Texas, Antonio,<br />
USA); Prokopios Drogkaris (University of the Aegean, Greece); David<br />
Fahrenkrug (379 EOSS/CC, USAF, Qatar); Larry Fleurantin (Larry R.<br />
Fleurantin & Associates, P.A., USA); Xinwen Fu (Dakota State University,<br />
USA); Kenneth Geers (Cooperative Cyber Defence Centre of Excellence,<br />
USA); Kevin Gleason (KMG Consulting, MA, USA); Sanjay Goel (University<br />
of Albany, SUNY, USA); Virginia Greiman (Boston University, USA); Michael<br />
Grimaila (Air Force Institute of Technology, USA); Daniel Grosu (Wayne State<br />
University, Detroit, USA, USA); Drew Hamilton (Auburn University, Alabama,<br />
USA); Joel Harding (IO Institute, Association of Old Crows, USA); Dwight<br />
Haworth (University of Nebraska at Omaha, USA); Philip Hippensteel (Penn<br />
State University, Middletown, USA); Bill Hutchinson (Edith Cowan University,<br />
Australia); Jeffrey Humphries (Air Force Institute of Technology, USA); Berg<br />
Hyacinthe (Assas School of Law, Universite Paris II/CERSA-CNRS, France);<br />
Cynthia Irvine (Naval Post Graduate School, USA); Andy Jones (BT, UK);<br />
James Joshi (University of Pittsburgh, USA); Leonard Kabeya Mukeba<br />
(ESU/ISTA-Kin & Ecole Doctorale de l'UPN, Kinshasa, Democratic Republic<br />
of the Congo); Prashant Krishnamurthy (University of Pittsburgh, USA); Dan<br />
Kuehl (National Defense University, USA); Takakazu Kurokawa (The National<br />
Defense Academy, Japan); Rauno Kuusisto (Finish Defence Force, Finland);<br />
Tuija Kuusisto (Internal Security ICT Agency HALTIK, Finland); Arun Lakhotia<br />
(University of Louisiana Lafayertte, USA); Michael Lavine (John Hopkins<br />
University's Information Security Institute, USA); Louise Leenan (CSIR,<br />
Pretoria, South Africa); Tara Leweling (Naval Postgraduate School, Pacific<br />
Grove, USA); Sam Liles (Purdue University Calumet, USA); Juan Lopez (Air<br />
Force Institute of Technology, USA); Cherie Long (Clayton State University,<br />
USA); Bin Lu (West Chester University of PA, USA); Brian Lopez (Lawrence<br />
Livermore National Laboratory, USA); Bill Mahoney (University of Nebraska,<br />
Omaha, USA); Billy Maloney (UAHuntsville and Dynetics Inc., Huntsville,<br />
USA); John McCarthy (Buckinghamshire and Chiltern University College,<br />
USA); Todd McDonald (Air Force Institute of Technology, USA); Robert Miller<br />
(National defense University, USA); yaich Mohamed Reda (École nationale<br />
supérieure des mines , France); Evangelos Moustakos (Middlesex University,<br />
UK); Srinivas Mukkamala (New Mexico Tech, Socorro, USA); Barry Mullins<br />
(Air Force Institute of Technology, USA); Muhammad Naveed (University of<br />
Engineering and Technology, Peshawar, Pakistan); Rain Ottis (Cooperative<br />
Cyber Defence Centre of Excellence, Estonia); Andrea Perego (Università<br />
degli Studi dell’Insubria, Italy); Gilbert Peterson (Air Force Institute of<br />
Technology, USA); Andy Pettigrew (George Washington University, USA);<br />
Jackie Phahlamohlaka (Council for Scientific and Industrial Research,<br />
Petoria, South Africa); Engur Pisirici (govermental-independent, Turkey); Rick<br />
Raines (Air Force Institute of Technology, USA); Ken Revett (British University<br />
viii
in Egypt, Egypt ); Neil Rowe (US Naval Postgraduate School, Monterey,<br />
USA); Sankardas Roy (University of Memphis, USA); Julie Ryan (George<br />
Washington University, USA); Daniel Ryan (National Defence University,<br />
Washington DC, USA); Corey Schou (Idaho State University, USA); Frederick<br />
Shelton (Oak Ridge National Labratory One, USA); Dan Shoemaker<br />
(University of Detroit Mercy, Detroit, USA); Ma Shuangge (Yale University,<br />
USA); Risby Sohaimi (National Defence University of Malaysia); William<br />
Sousan (University Nebraska, Omaha, USA); Dennis Strouble (Air Force<br />
Institute of Technology, USA); Kevin Streff (Dakota State University, USA);<br />
Peter Thermos (Columbia Univeristy/Palindrome Technologies, Red Bank);<br />
Bhavani Thuraisingham (University of Texas at Dallas, USA); Eric Trias (Air<br />
Force Institute of Technology, USA); Doug Twitchell (Illinois State University,<br />
USA); Renier van Heerden (CSIR, Pretoria, South Africa); Kumar Vijaya (High<br />
Court of Andhra Pradesh, India); Natarajan Vijayarangan (Tata Consultancy<br />
Services Ltd, India); Stylianos Vidalis (Newport Business School, Newport,<br />
UK); Kenneth Webb (Edith Cowan University, Australia); Fahad Waseem<br />
(University of Northumbria, UK); Takahiro Yonekawa (HUB Networks, Inc.,<br />
Tokyo, Japan); Zehai Zhou (University of Houston-Downtown, USA);<br />
Shambhu Upadhyaya (University at Buffalo, USA,); Saripalli Ramanamurthy<br />
(Pragati Engineering College, India,); William Acosta (University of Toledo,<br />
United States, United States); Ernest Robinson (US Marine Corps / Air War<br />
College, USA,); Tanya Zlateva (Boston University, USA)<br />
ix
Biographies of <strong>Conference</strong> Chairs, Programme Chairs and<br />
Keynote Speakers<br />
<strong>Conference</strong> Chair<br />
Barbara Endicott-Popovsky holds the post of Director for<br />
the Center of Information Assurance and Cybersecurity at<br />
the University of Washington, an NSA/DHS Center for<br />
<strong>Academic</strong> Excellence in Information Assurance Education<br />
and Research, <strong>Academic</strong> Director for the Masters in<br />
Infrastructure Planning and Management in the Urban<br />
Planning/School of Built Environments and holds an<br />
appointment as Research Associate Professor with the Information School.<br />
Her academic career follows a 20-year career in industry marked by<br />
executive and consulting positions in IT architecture and project<br />
management. Barbara earned her Ph.D. in Computer Science/Computer<br />
Security from the University of Idaho (2007), and holds a Masters of Science<br />
in Information Systems Engineering from Seattle Pacific University (1987), a<br />
Masters in Business Administration from the University of Washington (1985).<br />
Programme Chair<br />
Volodymyr Lysenko is a graduate of the Ph.D. program<br />
in Information Science at the Information School of the<br />
University of Washington, Seattle. He also has a degree<br />
in Physics. Volodymyr’s research interests are in the area<br />
of political cyberprotests and cyberwars in the<br />
international context."<br />
Keynote Speakers<br />
Kirk Bailey prior to his appointment as the first CISO for<br />
the University of Washington in 2005, Mr. Bailey served as<br />
the first ever CISO for the City of Seattle. His long career as<br />
an information assurance professional has included<br />
accountability for cyber-security programs in healthcare,<br />
banking, financial services, local government and higher<br />
education. In response to growing concerns by<br />
professionals in the field regarding the troubling challenges posed by<br />
emerging technologies, Mr. Bailey founded “The Agora” in November of 1995.<br />
The Agora is a successful strategic association of information systems<br />
security professionals, technical experts, researchers, and officials from the<br />
public and private sectors.<br />
x
Eneken Tikk-Ringas recently joined Toronto University<br />
Munk School of International Affairs as a research fellow.<br />
2006-2011 she worked as the legal adviser and later the<br />
head of the legal and policy branch for the NATO<br />
Cooperative Cyber Defence Centre of Excellence in Tallinn.<br />
She has practiced IT&Law as an attorney and as a legal<br />
adviser for several Estonian authorities and lectured in the<br />
field of international law and law of armed conflict, IT&Law and cyber security<br />
law at universities and colleges in Estonia, Sweden and the United States.<br />
She holds her PhD from Tartu University.<br />
Mini Track Chairs<br />
Col Ronald C Dodge has served for over 23 years as an<br />
Aviation officer and is a member of the Army Acquisition<br />
Corps in the United States Army. Currently he is an Associate<br />
Professor permanently stationed at the United States Military<br />
Academy and the Associate Dean for Information and<br />
Education Technology. His military assignments range from<br />
duties in an attack helicopter battalion during Operation Just Cause in the<br />
Republic of Panama to the United States Military Academy. Ron received his<br />
Ph.D. from George Mason University, Fairfax, Virginia in Computer Science.<br />
His current research focuses are information warfare, network deception,<br />
security protocols, internet technologies, and performance planning and<br />
capacity management. He is a frequent speaker at national and international<br />
IA conferences and has published many papers and articles on information<br />
assurance topics<br />
Juan Lopez Jr is a research engineer with the Center for<br />
Cyberspace Research at the Air Force Institute of<br />
Technology. He conducts research in Critical Infrastructure<br />
Protection, RFID, and EMI modeling of 4G wireless systems.<br />
Mr. Lopez is currently pursuing a Ph.D. in Computer Science<br />
at the Air Force Institute of Technology. His academic resume<br />
includes a Bachelor of Science from the University of Maryland, a Master of<br />
Science from Capitol College, and a Master of Science from the Air Force<br />
Institute of Technology. He has performed research and worked extensively<br />
with the Command and Control Systems School in Quantico, Virginia, SANS<br />
Institute, Joint Task Force 6 supporting Counter Drug Operations, the G-8<br />
Summit for President Clinton, and the Defense Information Systems Agency.<br />
xi
Prof Daniel Ryan teaches courses in cyberlaw and<br />
information assurance at the National Defense University.<br />
Before entering academia, he served in the public sector as<br />
Executive Assistant to the Director of Central Intelligence<br />
after earlier serving as Director of Information Systems<br />
Security for the Office of the Secretary of Defense. In the<br />
private sector, he has served as a Corporate Vice President of Science<br />
Applications International Corporation, and served in earlier executive roles at<br />
Booz Allen & Hamilton, Bolt Beranek & Newman, TRW, and Hughes Aircraft<br />
Company. He began his career as a cryptologic mathematician at the<br />
National Security Agency.<br />
Dr Dan Shoemaker is a professor and the Chair of the<br />
Department of Computer and Information Systems at the<br />
University of Detroit Mercy (UDM). He also oversees the<br />
Information Assurance Program, a National Security<br />
Agency (NSA) Center of <strong>Academic</strong> Excellence in<br />
Information Assurance Education at UDM. He also serves<br />
on the Assurance Business Case Working Group and the<br />
Workforce Education and Training Working Group. He founded the<br />
International Cybersecurity Education Coalition (ICSEC), connecting higher<br />
education institutions located in Michigan, Ohio, and Indiana. ICSEC’s<br />
mission is to exceed and support the teaching of standard information<br />
assurance curricula within the Midwest. Dan is currently Co-Chair of the<br />
Software Assurance Training and Education working group at DHS. His two<br />
books on cybersecurity are used in colleges across the country and he writes<br />
extensively about cybersecurity.<br />
Dr. Natarajan Vijayarangan is a senior scientist at Tata<br />
Consultancy Services. He obtained his Ph.D (Mathematics) in<br />
the year of 2001 at RIASM, University of Madras, India. He has<br />
received 'Best Research Paper Award' of Ramanujan<br />
Mathematical Society in 2000. He has published patents,<br />
papers and books in the fields of Information Security, Mobile<br />
computing and Applied Mathematics. He has participated in NIST SHA-3<br />
competition and received 'AIP Anchor Award' from TCS for his contribution on<br />
Academia Industry relationship. He also received Distinguished Lecture<br />
Award 2010 from Los Andes University, Venezuela and TCS Patent<br />
Champion 2010 award. He contributed to Record Holders Republic by<br />
showing 660 ft long Indian national flag with a concept of Real Number<br />
System. He is an active member of ICIW and ECIW.<br />
xii
Biographies of contributing authors (in alphabetical order)<br />
Norah Abokhodair is a PhD student in UW’s Information School. Her<br />
research interests focus on information security in regards to emerging<br />
technologies. Joined University of Washington (2009) from Saudi Arabis as a<br />
Fulbright scholar. Recently received Master degree in information<br />
management from the iSchool.<br />
Hira Agrawal is a senior scientist at Telcordia Technologies. He has over<br />
twenty years of R&D experience in software engineering and automation<br />
field. He is currently leading two U.S. Army CERDEC projects on detecting<br />
developer-inserted malicious code and automated malware abstraction<br />
analysis. He received his Ph.D. in computer science from Purdue University.<br />
Dr Leigh Armistead is the President of Peregrine Technical Solutions, which<br />
focuses on IO and IA opportunities. Master Faculty at the JFSC, he received<br />
his PhD from Edith Cowan University, serves as a Co-Editor for the Journal of<br />
International Warfare, and wrote nine books, 18 journal articles, and served<br />
as a Chairman for numerous conferences.<br />
Major Kris Barcomb is a student in the School of Advanced Air and Space<br />
Studies at Maxwell AFB. He is a Developmental Engineer and Operator for<br />
the US Air Force. His assignments span spacelift, satellite operations,<br />
systems acquisition, and R&D. He has an M.S. in Cyber Warfare from the Air<br />
Force Institute of Technology.<br />
Igor Bernik PhD.is an Assistant Professor of Information Sciences and the<br />
head of Information Security department at the Faculty of Criminal Justice<br />
and Security, University of Maribor, Slovenia. His research fields are<br />
information system, information security and growing requirement for<br />
information security awareness.<br />
Lt Col David Bibighaus is the Deputy Department Head for the Computer<br />
Science Department at the Air Force Academy. He holds a PhD in Computer<br />
Science from the Naval Post Graduate School. He has served as the Chief of<br />
the Cyber Defense Branch at AFRL and as a Crew Commander for the<br />
AFCERT.<br />
Martin Blaha . 1994 – 2001 Grammar school, branch of study: humane<br />
branch. 2001 - 2004 .Military College of Ground Forces in Vyškov (bachelor),<br />
branch of study: commander of artillery unit. 2004 – 2006, University of<br />
Defence (engineer), branch of study: commander of artillery unit. 2008 –<br />
2010, Police Academy in Prague (master), branch of study: safety laws and<br />
studies. 2006 – present University of defence (PhD.), Distance version:<br />
economics and management<br />
xiii
Major Lincoln Bonner is an airpower strategist in the Chief of Staff of the Air<br />
Force’s Strategic Studies Group. He is a graduate of M.I.T. and the School of<br />
Advanced Air and Space Studies. He is an Air University PhD candidate in<br />
Military Strategy, and his dissertation focuses on cyberpower in military and<br />
national strategy.<br />
Larisa Breton is a Strategic Communication practitioner and theoretician with<br />
COCOM, NATO, and other program experience. Her work has been<br />
published in The Small Wars Journal and Mountainrunner.us. She has Guest<br />
Lectured at the JFK School for Special Operations at Fort Bragg. She is<br />
adjunct faculty at the University of the District of Columbia.<br />
Stephen Buerle is an Assistant Professor in the School of Computer Science<br />
and Mathematics at Marist College where he teaches courses in information<br />
assurance, software engineering, and networking. Currently he is a PhD<br />
student at the State University of New York, Albany specializing in<br />
Information Assurance. In addition, Mr. Buerle maintains CISSP and CISM<br />
certifications.<br />
Ivan Burke is a Msc student in the department of Computer Science at the<br />
University of Pretoria, South Africa. He also works full time at the Council of<br />
Scientific and Industrial Research South Africa in the department of Defense<br />
Peace Safety and Security,where he works within the Command, Control and<br />
Information Warfare research group<br />
Henry Bushey received his B.S. in Electrical Engineering from the University<br />
of Texas, San Antonio, in 2007. Henry is an active duty officer of the United<br />
States Air Force and is pursuing a M.S. in Graduate Cyber Operations at the<br />
Air Force Institute of Technology in Ohio.<br />
Grace Chileshe holds a Bachelor of Engineering degree in Computer<br />
Engineering obtained from the University of Pretoria. She is currently<br />
pursuing an Honours degree in Software Engineering at the same institute.<br />
She is currently employed at Powertech IST in Pretoria as an Asset<br />
management consultant.<br />
Marcela Izabela Ciopa graduated the Faculty of Physics and the Faculty of<br />
Economic Sciences, with a master in business projects. At present she is<br />
professor, in the technologies department of the College “V. Madgearu” of<br />
Bucharest and she attends doctoral courses at the Management Department<br />
of the Academy of Economic Studies of Bucharest, from Romania.<br />
Zama Dlamini studied both her undergraduate and honours in Computer<br />
Science, from University of Zululand, South Africa. She is currently pursuing<br />
her MSc in Network Forensics with the University of Pretoria; and also work<br />
xiv
for CSIR-DPSS (Cyber Defence Research Group) as Cyber Security<br />
Specialist and Researcher, since 2008 to date.<br />
Dr. James Graham is Chair of Electrical and Computer Engineering at the<br />
University of Louisville. He received his Bachelor’s Degree from the Rose-<br />
Hulman Institute of Technology, and the M.S. and Ph.D. in Electrical<br />
Engineering from Purdue University. His research interests involve<br />
information security, algorithms for computational science, intelligent<br />
systems, computer simulation, and intelligent energy systems.<br />
Tim Grant is the Professor in Operational ICT & Communications at the<br />
Netherlands Defence Academy. Tim has a BSc in Aeronautical Engineering<br />
(Bristol University), a Masters-level Defence Fellowship (Brunel University),<br />
and a PhD in Artificial Intelligence (Maastricht University). Tim's research<br />
spans the interplay between operational needs and ICT capabilities in<br />
network-enabled Command & Control systems.<br />
Virginia Greiman is an Assistant Professor at Boston University in<br />
international law, cybercrime and regulation and project management and an<br />
affiliated faculty member at the Harvard Kennedy School in cybertrafficking.<br />
She has more than 20 years of experience in international development and<br />
legal reform and has held high level appointments with the U.S. Department<br />
of Justice.<br />
Dwight Haworth received his B.S. degree from the United States, Air Force<br />
Academy, CO, in 1963. He retired from the United States Air Force in 1981.<br />
He received his Ph.D. in Management Information Systems from Texas Tech<br />
University, Lubbock, TX, in 1990. His research interests are information<br />
assurance and systems development and performance.<br />
Jeffrey Hieb, Ph.D. is an Assistant Professor with the Department of<br />
Engineering Fundamentals. Dr. Hieb teaches Engineering Analysis and<br />
Introduction to Engineering. His research interests include: computer<br />
security, cyber-security for industrial control systems, microkernel based<br />
operating systems and the use of technology in engineering education.<br />
Keisuke Iwai completed the doctoral program in Department of C.S., Keio<br />
University in 1998 and fulfilled credit requirement in 2001. He holds a D.Eng.<br />
degree. He is now a research associate in the Department of C.S., National<br />
Defense Academy of Japan. He is engaged in research on automatic parallel<br />
compilers and multi-processor systems.<br />
Abiud Jimenez is a senior RF engineer with Dynetics, Inc,, focusing on<br />
wireless communications attacks as a developing world adversary. This<br />
includes designing and building small portable RF jammers, amplifiers and<br />
xv
antennas, using commercial components to defeat R&D systems. Mr.<br />
Jimenez holds a bachelor degree in EE and a master of science in systems<br />
engineering.<br />
Takakazu Kurokawa received his B.S. degree from the Department of E.E,<br />
Keio University, in 1983 and completed the doctoral program in 1988. He<br />
holds a D.Eng. Degree. He is now a professor in the Department of C.S.,<br />
National Defense Academy of Japan. He is engaged in research on<br />
dedicated computers, cryptography.<br />
Michael Kraft, CSC, Inc. Joint Information Operations Warfare Center<br />
(JIOWC). For the last ten years Mr. Kraft has been deeply involved with<br />
network security stemming from his time working as an analyst at the Air<br />
Force Computer Emergency Response Team (AFCERT). Mr. Kraft is a<br />
Certified Information Systems Security Professional (CISSP).<br />
Captain Robert Larkin, USAF, has a BS Computer Science and BS<br />
Computer Engineering Technology from Central Washington University. He is<br />
working towards a Masters in Cyber Operations at the Air Force Institute of<br />
Technology. His research examines the effects of deploying a Host-Based<br />
IDS to a Fuels Management SCADA system.<br />
Chun-Jung Lee received the B.S. degree in information engineering and<br />
computer science from Feng Chia University, Taiwan in 2010. He is currently<br />
working toward the M.S. degree from the Department of Information<br />
Engineering and Computer Science. He current research interests include<br />
CAPTCHA, cryptography, digital watermark, e-commerce security, and<br />
network security.<br />
Shirin Manafi got her bachelor’s in biomedical engineering. Also she has<br />
studied in medicine and textile engineering for some years. Her primary<br />
specialization is biometrics and security measures using human<br />
characteristics. Additionally, her secondary specialization is in image<br />
processing methods both in bioelectrics and biomechanics. Now she is<br />
working as a R&D specialist for 2 renowned medical equipment companies in<br />
Iran.<br />
Sayonnha Mandal is from Kolkata, India. She has completed her Bachelors<br />
in Electronics and Communications from B.P. Poddar Institute of<br />
Management and Technology in India. She is currently pursuing her Masters<br />
degree in Telecommunication Engineering at the University of Oklahoma. Her<br />
research topic is the field of Quantum cryptography and Quantum Key<br />
Distribution.<br />
xvi
John McCarthy PhD, B.Sc. (hons) MBCS. John is the founder of LeadSure.<br />
John is highly entrepreneurial in nature and runs several IT companies. His<br />
background is in Internet Technology. He has spoken at major IT conferences<br />
around the world on the opportunities e-business can present to SME's..<br />
Dr. Jeffrey "Todd" McDonald is an Assistant Professor of Computer<br />
Science in the School of Information Sciences at the University of Alabama.<br />
He received his Ph.D. in computer science from Florida State University,<br />
Tallahassee, FL, 2006. He served over 21 years as a communicationsinformation/cyberspace<br />
operations officer in the U.S. Air Force specializing in<br />
cyber systems defense, research, and education.<br />
Dr. Robert Mills is an Associate Professor of Electrical Engineering and<br />
member of the Center for Cyberspace Research at the Air Force Institute of<br />
Technology, Wright-Patterson AFB OH. He teaches and conducts research in<br />
network security, electronic warfare, cyberspace operations and warfare, and<br />
systems engineering.<br />
Srinivas Mukkamala is a senior research scientist with ICASA (Institute for<br />
Complex Additive Systems Analysis), Adjunct Faculty of the Computer<br />
Science Department of New Mexico Tech, and a co-founder and managing<br />
partner of CAaNES LLC. He has over 100 peer reviewed publications and is<br />
a frequent speaker on information assurance in conferences and tutorials.<br />
Thuy Nguyen is a senior researcher of Computer Science at the Naval<br />
Postgraduate School. She has 25+ years of experience in multilevel security<br />
(MLS) research and development. Her research interests include high<br />
assurance software and systems, secure collaborative applications, cloud<br />
computing security, security evaluation and certification, and information<br />
systems security engineering.<br />
Naoki Nishikawa received his Master degree from the Department of C.S.,<br />
National Defense Academy of Japan, in 2010. From 2010 to 2011, he was<br />
affiliated with the Technical Research & Development Institute. He is now a<br />
Ph.D student at National Defense Academy. He is interested in GPGPU and<br />
its application, cryptography, and SIMD processing.<br />
Dr. Christopher Paul is a Social Scientist at RAND. Prior to joining RAND<br />
full-time in July of 2002, he worked at RAND as adjunct staff for six years.<br />
Chris received his Ph.D. in sociology from UCLA in 2001. Current research<br />
interests include strategic communication, information operations, and<br />
counterinsurgency.<br />
Teresa Pereira is currently an assistant lecturer at the School of Business<br />
Studies of Polytechnic Institute of Viana do Castelo. She is also a Ph.D<br />
xvii
student at University of Minho. Teresa research interests include Semantic<br />
Web, Information Security Management and Ontologies.<br />
Christopher Perr is currently a PhD student at Auburn University, and a<br />
research assistant for the Cyber Research Center. He is studying Industrial<br />
and Systems Engineering, his current research topics include intelligent<br />
decision making and secure systems design for small UAVs, as well as<br />
information security and digital forensics. B.S. in Computer Science from the<br />
U.S. Air Force Academy, and a M.S. in Software Engineering for Auburn<br />
University.<br />
Kaja Prislan is a post-graduate student at University of Maribor, Faculty of<br />
criminal justice and security, Slovenia. She is specializing in a field of<br />
information security and analyzing modern cyber threats, such as cyber<br />
terrorism and information warfare.<br />
David Rohret, CSC, Inc. Joint Information Operations Warfare Center<br />
(JIOWC). He has pursued network security interests to include developing<br />
and vetting exploits for use on established red teams and adversarial<br />
research. He holds degrees in CS from the University of Iowa and La Salle<br />
University. David is a member of IEEE Computer Society and is currently a<br />
Senior Principal Engineer for CSC, Inc.<br />
Henrique Santos received his first degree in Electric and Electronic<br />
Engineering, by the University of Coimbra, Portugal, in 1984. In 1996 he got<br />
his PhD in Computer Engineering, at the University of the Minho, Portugal.<br />
Currently he is an Associate Professor at the University of Minho. He can be<br />
contacted at: hsantos@dsi.uminho.pt.<br />
Harrison Schramm, Commander, U.S. Navy, is a military instructor in the<br />
Operations Research Department of the Naval Postgraduate School. His<br />
previous assignments include duty as an analyst at the Navy’s risk<br />
assessment division. His research interests include military applications of<br />
Operations Research, and the intersection of OR and Cyber issues.<br />
Dino Schweitzer currently serves as the Director of the Academy Center for<br />
Cyberspace Research at the United States Air Force Academy. He is a longtime<br />
Computer Science educator and researcher whose interests include<br />
computer graphics, visualization, computer science education, and computer<br />
security. He resides in the mountains of Colorado.<br />
Prof. George Stein, joined the faculty of the Air War College in 1991 and is<br />
currently with the USAF Center for Strategy & Technology at Air University.<br />
Dr. Stein writes and teaches courses on Information Operations and Info-<br />
War, Classic Chinese Strategic Thought, and future strategies.<br />
xviii
Renier van Heerden is a senior researcher at Council for Scientific and<br />
Industrial Research (CSIR) in Pretoria, South Africa in the field of Information<br />
Warfare and Cyber Defence. Prior to joining the CSIR he worked as a<br />
software engineer in advanced optics applications for South African based<br />
Denel Optronics and as a Lecturer at the University of Pretoria.Holds a<br />
degree in Electronic Engineering and a Masters in Computer Engi<br />
Joey Jansen van Vuuren is the Research Group Leader for Cyber Defence<br />
at the CSIR, South Africa. This research group is mainly involved in research<br />
for the SANDF and Government sectors. Her research is focused around<br />
national security and the analysis of Cyber threads using non quantitative<br />
modelling techniques. She is also actively involved in facilitating Cyber<br />
awareness programs in South Africa<br />
Nagadivya Veldanda. Is from Andhra Pradesh, India. Nagadivya completed<br />
their Bachelors in Electronics and Communications Engineering from<br />
Jawaharlal Nehru Technological Universityin India. Currently, they are doing<br />
their Masters degree in Telecommunications Engineering at the University of<br />
Oklahoma. Research in Long Term Evolution (LTE) area.<br />
Avinash Vijayarangan is a student at BVM Global @ Bollineni in Chennai,<br />
India. He participated in the National Maths Talent event 2010-11 organised<br />
by the Tamilnadu Science Foundation whereh he developed an innovative<br />
concept of a longest Mathematical flag.<br />
Justin Willmann is an RF engineer with the JIOWC Vulnerability<br />
Assessment Team, focusing on communications analysis and attacks using a<br />
developing-world adversarial approach. This involves testing, evaluating, and<br />
adapting wireless systems via modeling, experiments, and field exercises.<br />
Justin has a bachelorette of science degree in EE and is pursuing a master of<br />
science in EE.<br />
Dr Jannie Zaaiman is the Deputy Vice Chancellor: Operations of the<br />
University of Venda in the Limpopo Province, South Africa.. He is a change<br />
management consultant and has delivered many peer reviewed papers<br />
internationally and is a regular guest lecturer in Zambia and in Russia. His<br />
area of research is cyber security awareness especially in rural areas of<br />
South Africa.<br />
xix
Detecting Hidden Logic Bombs in Critical Infrastructure<br />
Software<br />
Hira Agrawal 1 , James Alberi 1 , Lisa Bahler 1 , Josephine Micallef 1 ,<br />
Alexandr Virodov 1 , Mark Magenheimer 2 , Shane Snyder 2 , Vidroha<br />
Debroy 3 and Eric Wong 3<br />
1<br />
Telcordia Technologies, Piscataway, USA<br />
2<br />
US Army CERDEC, Information Assurance Division, Aberdeen<br />
Prooving Ground, USA<br />
3<br />
The University of Texas at Dallas, Department of Computer Science,<br />
Richardson, USA<br />
Abstract: Malicious developers can easily add undocumented “features”<br />
including logic bombs, backdoors, and Trojan horses to the software they<br />
create. These hidden features may then be exploited for malicious purposes<br />
after the system is deployed in the field. Presence of such deliberately<br />
inserted malicious code in critical infrastructure software poses great risks to<br />
their security and integrity. Current malware detection tools and techniques,<br />
however, fail to address this serious threat. In this paper, we present a<br />
program analysis centered testing and inspection technique and an<br />
accompanying tool for detection and remediation of such attacks before their<br />
host applications are deployed in the field.<br />
Keywords: insider malware threats, logic bombs, backdoors, Trojan horses,<br />
white-box testing, coverage analysis<br />
The Development of IO / IW Curriculums in the United States: A<br />
Review of Current Efforts and a Case Study From Norwich<br />
University<br />
Edwin Leigh Armistead<br />
Edith Cowen University, Perth, Australia<br />
Abstract: The development of Information Warfare (IW) and Information<br />
Operations (IO) courses and curriculums in the United States over the last 20<br />
years, has been uneven at best. While the four military services and<br />
Department of Defense institutes have all stood up a variety of classes,<br />
progress in civilian universities has been more sporadic. In this paper, the<br />
authors will trace the history of IW / IO training and education as well the<br />
some of the current classes that are available. While the military forces are<br />
growing a cadre of Information and Cyber Warriors, the same cannot be said<br />
of commercial industry. Many of the offensive portions of these warfare areas,<br />
are considered criminal offenses if conducted against industrial activities. So<br />
1
while there is definitely a huge emphasis, and rightly so, on the defensive<br />
side of IW and IO, many colleges and universities are obviously reluctant to<br />
advocate or teach actions which could tread the legal boundary of proprietary<br />
actions. Likewise, as far as developing an academic theory for IO and IW, the<br />
author also strived to examine possible options, yet the standard has been<br />
set, and the benchmark is high, for these new views of information flow must<br />
be understood and respected. In fact, the percentage of overall access and<br />
connectivity to the internet are on the verge of exploding as the combination<br />
of cellular technology and cheaper interface devices proliferate. The<br />
traditional central concepts of power in the form of national resources, and<br />
the need to convert those resources into power and instruments of power, are<br />
solely but surely a key point of the last few pages as different academics<br />
have added and changed the common views of power. In addition, since IW<br />
as an academic study area crosses many issue lines, the development of<br />
suitable theoretical constructs has not always been easy with respect to<br />
power and information. A case study of the efforts at Norwich University to<br />
develop a minor in IO is addressed in this paper, as well as the call for<br />
standardization in the curriculum of IW classes in the United States. The<br />
paper ends with recommendations for a way forward and a conclusion.<br />
Keywords: information warfare, information operations, education, training,<br />
curriculum<br />
Establishing Cyberspace Sovereignty<br />
Kris Barcomb, Dennis Krill, Robert Mills and Michael Saville<br />
Air Force Institute of Technology, Wright-Patterson AFB, USA<br />
Abstract: International norms governing appropriate conduct in cyberspace<br />
are immature, leaving politicians, diplomats, and military authorities to grapple<br />
with the challenges of defending against and executing hostilities in<br />
cyberspace. Cyberspace is unlike the traditional physical domains where<br />
actions occur at specific geographic places and times. Rules governing<br />
conduct in the traditional domains emerged over centuries and share a<br />
common understanding of sovereignty that helps establish and justify the use<br />
of force. In cyberspace, sovereignty is a more abstract notion because the<br />
geographic boundaries are often difficult to define as data and applications<br />
increasingly reside in a virtual, global “cloud.” This paper proposes a<br />
construct for establishing sovereignty in cyberspace by studying similarities<br />
between space and cyberspace. The characteristics of the space domain<br />
challenged traditional notions of sovereignty based on geography. As nations<br />
deployed space-based capabilities, the concept of sovereignty needed to<br />
mature to deal with the physical realities of space. Sovereignty is defined, and<br />
2
general requirements for claiming sovereignty are presented. The evolution of<br />
sovereignty in space is then discussed, followed by a construct for how<br />
sovereignty could be defined in cyberspace. The paper concludes with a brief<br />
discussion on how military doctrine offers useful insights into how nations<br />
may choose to assert sovereignty within these domains.<br />
Keywords: cyberspace, space, sovereignty, critical infrastructure<br />
Study of the Perception of Cyber Threats and the Fear of<br />
Cybercrime<br />
Igor Bernik and Gorazd Mesko<br />
Faculty of Criminal Justice and Security, University of Maribor,<br />
Ljubljana, Slovenia<br />
Abstract: The Slovenian perspective on the comprehension and public<br />
attitudes towards cyber threats and cybercrime is presented. Considering that<br />
access to information technology and the Internet is ubiquitous, cyberspace<br />
has become a wide area which can be exploited through various criminal<br />
activities. As the number of users grows, so do the incidences of cybercrime.<br />
Regrettably, users of information technology and the Internet know too little<br />
about the dangers in cyberspace and protective measures to maximize<br />
security as well as about legislation about cybercrime. In order to accurately<br />
gauge the knowledge of the average internet user, we conducted a survey<br />
which was posted on the Internet in spring 2011, is the basis for an<br />
examination of the perception of cybercrime and an attempt to make sense of<br />
the fear of it.The results of the survey are described.The statistical analysis of<br />
the questionnaire results show, how users perceive cybercrime. We can see<br />
that respondents are relative well informed about cybercrime, but<br />
predominantly about incidences exposed in the media. As we know, cyber<br />
threats under the media spotlight are not necessarily examples of the<br />
greatest threats to users, but they do increase their fear of cybercrime. On the<br />
basis of theory and the results of our research, we present the main<br />
guidelines that can, if adhered to, minimize security risks in cyberspace.<br />
These guidelines can help increase awareness of cyber threats and are a<br />
source of information on how to safely interact in cyberspace. Users who are<br />
more aware of the risks in cyberspace and know how to deal with them are<br />
less afraid of becoming victims of cybercrime. The insights acquired in our<br />
research are useful for all cyberspace users and have practical value as they<br />
can be used for further study of cybercrime.<br />
Keywords: cybercrime, cyber threats, legal issues, internet study, Slovenia<br />
3
Effectively Teaching Cyber Warfare to a Non-Technical<br />
Audience<br />
David Bibighaus, David Gibson, Martin Carlisle, David Merritt, Jeff<br />
Boleng and James Maher<br />
United States Air Force Academy, Colorado Springs, USA<br />
Abstract: This paper describes the Air Force Academy’s Basic Cyber training<br />
program introduced in the summer of 2011. What makes this course unique is<br />
that it is specifically designed to provide a motivational hands-on introduction<br />
to cyber warfare to rising sophomores of any major. In addition, this course<br />
was designed to be taught by student instructors with faculty oversight. It was<br />
designed for a 60 contact-hour laboratory format to students who had only a<br />
basic understanding of computers. This course was then given to 83 students<br />
in 6 offerings from May through July of 2011. We outline the development of<br />
this course, including the topics covered and the resources necessary,for<br />
accomplishment. We discuss the student leader background, training, and<br />
performance in the classroom. We also examine the results of the course by<br />
looking at student feedback and their performance in a capstone scenario.<br />
Finally, we outline the lessons learned from this first offering and how we<br />
intend to improve the course for future offerings.<br />
Keywords: education, training, cyberspace, warfare, information<br />
Decision-Making by Effective C2I System<br />
Martin Blaha and Kateřina Brabcová<br />
University of Defence, Brno, Czech Republic<br />
Abstract: The Czech Republic, as a member of international organizations<br />
(NATO, EU, UNO), with respect to current global security environment,<br />
employs the units of the army both at its own state territory and outside the<br />
Czech Republic in multinational forces operations. The article focuses on<br />
decision-making process of future Automated Command, Control, and<br />
Information system (C2I) in conditions of the Army of the Czech Republic.<br />
The issue of automated command, control, and information systems is of high<br />
importance in the solving of asymmetrical operations tasks today and in the<br />
upcoming future. Define the basic resources for creation of future<br />
sophisticated Automated Artillery Fire Support Control System of NATO<br />
standards in Network Enabled Capabilities (NEC) conditions. The authors<br />
define ground for designing a new and by the Army of the Czech Republic<br />
required sophisticated Automated Fire Support Control System of Artillery<br />
meeting NATO standards in Network Enabled Capabilities (NEC) conditions.<br />
4
SWOT analysis, based on critical review of C2I currently used in the Army of<br />
the Czech Republic, is used as a scientific method to define both strong and<br />
weakly sides, and opportunities and threats of the issues connected with<br />
automation of that decision-making process. Final assessment of the<br />
particular requirements is determined by multi-criteria analysis. It contains<br />
derivation, definition and reasoning of data which are essential for the<br />
effective artillery fire. The article represents section of a huge defensive<br />
research project of Ministry of Defence of the Czech Republic and the Army<br />
of the Czech Republic solved by leading scientists of the University of<br />
Defence in Brno.<br />
Keywords: decision-making process; command, control, and information<br />
system; C2I; artillery<br />
Virtual NonState Actors as Clausewitzian Centers of Gravity:<br />
An Examination for Sensemaking, Elaboration and Discussion<br />
Larisa Breton<br />
The University of the District of Columbia, Washington, D.C., USA<br />
Abstract: Against traditional interpretations of Clausewitzian centers of<br />
gravity, we seek to examine the characteristics and behaviors of NonState<br />
Actors (NSAs) who operate in the virtual realm. These NSAs, such as leakeddocuments<br />
repository Wikileaks, hacker group Anonymous, public-statements<br />
platform Twitter, and multinational corporations such as Google, create<br />
centers of gravity in cyberspace that may affect the entire political spectrum<br />
from diplomacy to kinetic warfare. Their aims may be disparate, but ‘virtual<br />
NSAs’ (VNSAs) increasingly affect the geopolitical battlespace. More<br />
specifically, we seek to examine the ways in which these VNSAs create<br />
spheres of influence, manipulate the public and the public sector, and are<br />
forming a hardened constraints-set for strategic and operational planning.<br />
Famously, many VNSAs are unaligned with geopolitical entities. How, then,<br />
may they be considered? What are some functional categories that may be<br />
applied to the creation of taxonomy when examining VNSAs? This paper is a<br />
qualitative examination, which is to say that it is not the examination of the<br />
less-tangible characteristics of a dataset in a Cartesian analysis. This paper<br />
attempts to examine the qualities of VNSAs themselves so that Center of<br />
Gravity (COG) analysis, when it is relevant, may be accurately applied.<br />
Keywords: clausewitz, virtual nonstate actors, nonstate actors, wikileaks,<br />
twitter, google, nonkinetic warfare, cyber, cyberwar, net-enabled warfare,<br />
center of gravity, qualitative analysis<br />
5
BioONT: Improving Knowledge Organization and<br />
Representation in the Domain of Biometric Authentication<br />
Stephen Buerle<br />
Computer and Information Science Department, State University of New<br />
York at Albany, USA<br />
Abstract: This paper explores some of the fundamental challenges facing the<br />
information assurance community as it relates to knowledge categorization,<br />
organization and representation within the field of information security and<br />
more specifically within the domain of biometric authentication. BioONT, a<br />
biometric authentication ontology prototype, explores the use of automated<br />
ontological engineering, corpus analysis and natural language processes<br />
techniques in the development of this ontological framework. One of the<br />
primary objectives for this research is to establish an empirically derived<br />
ontological prototype which promotes continued research into the domain by<br />
aiding the information assurance community in understanding the<br />
fundamental ontological structure of the field of biometric authentication. In<br />
doing so this research intends to improve our understanding of underlying<br />
concepts, attributes and inter-dependencies within the domain, integrate<br />
disparate biometric authentication theories and clarify theoretical and<br />
conceptual inconsistencies within the domain. This research may in turn<br />
improve reasoning, the systems design process and improve risk<br />
management practices in the deployment and integration of such<br />
technologies in both industry and the government.<br />
Keywords: biometrics, biometric authentication, ontology engineering,<br />
natural language processing, knowledge organization and representation<br />
Fairness of Trust Based Mobile ad hoc Network Protocols<br />
Ivan Daniel Burke 1 and Martin Olivier 2<br />
1 Defence, Peace, Safety and Security, Council for Scientific and<br />
Industrial Research, Pretoria, South Africa<br />
2 Information and Computer Security Architecture Research Group,<br />
Computer Science Department, University of Pretoria, South Africa<br />
Abstract: A Mobile Ad hoc Network (MANET) consists out of a collection of<br />
mobile nodes capable of sending and/or receiving wireless communications.<br />
MANETs are generally unstructured networks with no centralized<br />
administration. MANETs use routing algorithms to establish routes among<br />
nodes. This unstructured nature presents the opportunity for misbehaviour<br />
among nodes. Trust based MANET routing protocols have been developed to<br />
6
counteract malicious behaviour, in an effort to establish fair node behaviour.<br />
Recent research has shown that the trust protocols themselves introduce<br />
unfair behaviour among nodes. In this paper we look at the current advances<br />
in attempts to improve fairness of e-trading trust systems, to improve the fair<br />
judgement of e-traders. We then aim to illustrate the similarities among the<br />
weakness of e-trading algorithms with those proposed for trust based MANET<br />
protocols. Finally we propose an improvement of the current Trust based Ad<br />
hoc On-demand Distance Vector routing algorithm (TAODV) protocol to factor<br />
in all the lessons learned from e-trading algorithms. The newly proposed<br />
algorithm will be compared to the existing trust algorithms in three very<br />
simplistic scenarios specifically setup to evaluate fair node behaviour. In this<br />
paper we specifically do not address the viability of cryptography as a means<br />
to insure trust within the network, due to the high computational constraint of<br />
encryption and the constraints imposed by relying on a third party certificate<br />
body.<br />
Keywords: mobile ad hoc networks; trust; fairness; e-trade<br />
Attribution of Drive-by Downloads Involved in Osama’s Death<br />
Malware Campaign<br />
Manoj Cherukuri 1 and Srinivas Mukkamala 2<br />
1 Institute for Complex Additive Systems and Analysis (ICASA), New<br />
Mexico Institute of Mining and Technology, Socorro, New Mexico, USA<br />
2 Computational Analysis and Network Enterprise Solutions (CAaNES<br />
LLC), New Mexico Institute of Mining and Technology, Socorro, New<br />
Mexico, USA<br />
Abstract: Adversaries host drive-by downloads on the legitimate websites by<br />
taking advantage of the vulnerabilities in web servers and web applications.<br />
In this paper, we analyze the spread of malware based on an event with huge<br />
crowd attention, the news of Osama Bin Laden’s death. We performed<br />
similarity analysis on the malware samples collected in the campaign of the<br />
Osama Bin Laden’s death, known most lethal malware, and widely known<br />
banking Trojans to analyze the relationship of these samples. We performed<br />
meta-searches to access the websites related to the targeted event and<br />
identified the malicious websites by validating using the Google Safe<br />
Browsing. We performed web crawling, link analysis and link visualization<br />
using geo location tools on the identified malicious webpages to assess the<br />
characteristics of the cyber-incident. We correlated the geographical location<br />
of the hosted malicious webpages with the number of tweets originated from<br />
a geographical location to identify the trends that the attackers follow in<br />
targeting the legitimate websites. We crawled all the malicious webpages<br />
7
eported in the month of May, 2011 and performed dynamic content<br />
extraction. We performed topic modeling on the extracted content and<br />
depicted the topics that the attackers targeted during May, 2011. In this<br />
paper, we present the attack vectors chosen by the attackers for targeting the<br />
legitimate websites and the malware that spread based on the campaign of<br />
the Osama Bin Laden’s death were similar to the previously known malwares.<br />
Keywords: attribution, malicious websites, malware topic trends, topic based<br />
attacks<br />
SCADA Systems in South Africa and Their Vulnerabilities<br />
Grace Chileshe and Renier van Heerden<br />
University Of Pretoria, South Africa<br />
Abstract: Presented in this paper are several examples of Supervisory<br />
Control and Data Acquisition (SCADA) systems in use in South Africa and<br />
their vulnerabilities. These systems control and monitor critical infrastructure<br />
such as transportation, power plants and water treatment amongst<br />
others.They are however prone to several vulnerabilities that an intruder can<br />
exploit. An attack on these systems could lead to a devastating catastrophe<br />
such as a nationwide power blackout or a supply of water that is not properly<br />
treated. South Africa is no exception to these vulnerabilities. The probability<br />
of an attack on the SCADA systems in South Africa is immensely increased<br />
by the potential effect that affirmative action might have on employees being<br />
replaced by this policy. Hence the security and vulnerabilities of these<br />
systems needs to be addressed and investigated further.<br />
Keywords: SCADA systems, vulnerabilities, threats, South Africa, cyber<br />
attacks, terrorists<br />
Cyber Security Awareness Initiatives in South Africa: A<br />
Synergy Approach<br />
Zama Dlamini and Mapule Modise<br />
Command and Control and Information Warfare, DPSS and CSIR,<br />
Pretoria, South Africa<br />
Abstract: Technological advances have changed the manner in which<br />
ordinary citizens conduct their daily activities. Many of these activities are<br />
carried out over the Internet. These include filling tax returns, online banking,<br />
job searching and general socialising. Increased bandwidth and proliferation<br />
of mobile phones with access to Internet in South Africa imply increased<br />
8
access to Internet by the South African population. Such massive increased<br />
in access to Internet increases vulnerabilities to cyber crime and attacks and<br />
threatens the national security. As a result, South Africa remains one of top<br />
three countries that are targeted by phishing attacks, the other two are the US<br />
and the UK (RSA, 2011). As a response, various entities engage in cyber<br />
security awareness initiatieves and trainings with the aim to create cyber<br />
security awareness (CSA) among the citizens of South Africa. In the absence<br />
of a national cyber security policy, however, these awareness initiatives and<br />
programmes are delivered through a variety of independent mechanisms.<br />
Various entities engage in cyber security awareness training each with its<br />
specific objectives and focus areas. It is argued in this paper that cyber<br />
security is complex and multi-faceted. No single solution can effectively<br />
address it. While the current means to create cyber security awareness does<br />
make impact, the fragmented and uncoordinated nature thereof have a<br />
potential to create its own dynamics. The focus of organisations to deliver on<br />
their own objectives translates to some extent into the optimisation of the<br />
behaviour of individual entities as opposed to the optimisation of the national<br />
cyber security awareness as a whole. This paper evaluates the extent to<br />
which the current cyber security awareness initiatives address the cyber<br />
security threats and risks. The assessment is based on the initiatives<br />
objectives, alignment of the programme to the cyber threats, and the target<br />
audience.<br />
Keywords: national security, cyber security awareness, cyber fraud,<br />
cybercrime, cyber threats<br />
Comparing Models of Offensive Cyber Operations<br />
Tim Grant 1 , Ivan Burke 2 and Renier van Heerden 2<br />
1<br />
Faculty of Military Sciences, Netherlands Defence Academy (NLDA),<br />
Breda, The Netherlands<br />
2<br />
Defence Peace Safety and Security department, Council for Scientific<br />
and Industrial Research (CSIR), Pretoria, South Africa<br />
Abstract: Cyber operations denote the response of governments and<br />
organisations to cyber crime, terrorism, and warfare. To date, cyber<br />
operations have been primarily defensive, with the attackers seemingly<br />
having the initiative. Over the past three years, several nations (e.g. USA,<br />
UK, France, The Netherlands) and NATO have published cyber security<br />
strategies emphasising national and international collaboration. Many<br />
strategies call for the establishment of a Cyber Security Operations Centre,<br />
as well as for a better understanding of attacks. In the scientific literature, Lin<br />
(2009) and Denning and Denning (2010) have argued that offensive cyber<br />
9
operations deserve a more open discussion than they have received to date.<br />
Research into cyber attacks would improve the scientific understanding of<br />
how attackers work, why they choose particular targets, and what tools and<br />
technologies they employ. This improved understanding could then be used<br />
to implement better defences. Moreover, research would enable governments<br />
and other organizations to take offensive action where justified against<br />
adversaries, whether these be criminals, terrorists, or enemies. This could<br />
include responding to an (impending) attack by counter-attacking or by<br />
proactively neutralizing the source of an impending attack. A good starting<br />
point to improving understanding would be to model the offensive cyber<br />
operations process. The purpose of this paper is to find, formalise, and<br />
compare models of the offensive cyber operations process available in the<br />
open scientific literature. Seven models were sufficiently well described for<br />
formalisation using Structured Analysis and Design Technique (SADT)<br />
notation. Finally, a canonical model has been constructed by rational<br />
reconstruction. Although the model has not yet been tested, it has been<br />
reviewed by subject matter experts. The paper describes the search<br />
methodology, the SADT analysis, the shortcomings of each model, rational<br />
reconstruction, and the canonical model. Further work will include elaborating<br />
the canonical model to identify the resources needed to set up a Cyber<br />
Security Operations Centre with offensive capabilities and to cross-compare<br />
the model with the literature on attack ontologies.<br />
Keywords: offensive cyber operations; process model; rational<br />
reconstruction; canonical model; formalisation; SADT<br />
Protecting Health Information Privacy and Safety on the<br />
Internet: United States eHealth Systems and Legal<br />
Perspectives<br />
Virginia Greiman, Tanya Zlateva, and Lou Chitkushev<br />
Boston University, Boston, USA<br />
Abstract: This paper focuses on the emerging security issues in the United<br />
States under the new 2009 Health Information Technology for Economic and<br />
Clinical Health (HITECH) Act. To develop a reliable security model, privacy<br />
rights and security for eHealth must be integrated into a comprehensive legal<br />
and security framework that addresses the rights and obligations of the<br />
healthcare provider, including physicians, hospitals and healthcare<br />
enterprises, the patient, medical and cybersecurity researchers, and Internet<br />
service providers. Both Congress and the Executive Branch are aware of the<br />
need to integrate privacy into cybersecurity policy. Further collaborative<br />
research across federal and state government agencies, industry and<br />
10
academia is crucial to the development of security models that will not only<br />
protect individual rights, but will meet the future challenges essential to the<br />
delivery of exceptional medical and healthcare treatment. This paper<br />
provides: (1) an overview of the legal environment of eHealth; (2) the main<br />
mechanisms used for data protection; and (3) a comparative analysis of their<br />
advantages and limitations for implementation in distributed healthcare IT<br />
systems.<br />
Keywords: healthcare laws, healthcare regulations, patient privacy, patient<br />
safety, genetic databases, electronic medical records, healthcare IT<br />
Security Preprocessor for Industrial Control Networks<br />
Jeffrey Hieb, James Graham, Jacob Schreiver and Kyle Moss<br />
Intelligent Systems Research Laboratory, University of Louisville, USA<br />
Abstract: Much of our industrial infrastructure remains vulnerable to<br />
electronic intrusions from cybercriminals, hactivists and nation states, despite<br />
increased awareness and efforts to improve cyber-security for these<br />
resources. In the chemical and water sectors, this problem is exacerbated by<br />
the prevalence of legacy systems, some of which are twenty to thirty years<br />
old. This paper presents an overview of a security preprocessor architecture,<br />
which can be used in an add-on mode to enforce security constraints in front<br />
of the field devices controlling physical actuators. A prototype of this device<br />
has been implemented, and initial testing indicates minimal impact on the<br />
operations of control system in chemical and water treatment applications.<br />
Keywords: critical infrastructure, industrial control systems, cyber-security,<br />
SCADA<br />
The Influence of Cyber Security Levels of South African<br />
Citizens on National Security<br />
Joey Jansen van Vuuren 1 , Marthie Grobler 1 and Jannie Zaaiman 2<br />
1 Council for Scientific and Industrial Research, South Africa<br />
2 University of Venda, South Africa<br />
Abstract: In South Africa, cyber security has been identified as a critical<br />
component contributing towards National Security. More rural communities<br />
are becoming integrated into the global village due to increased hardware<br />
and software corporate donations, the proliferation of mobile Internet devices<br />
and government programs aimed at bridging the digital divide through major<br />
broadband expansion projects. These measures facilitate the rapid growth of<br />
11
South African Internet citizens, both through desktop or laptop computers,<br />
iPads and mobile phones. Comprehensive research conducted by the<br />
authors show that many of the new Internet users are not aptly trained to<br />
protect themselves against online threats, leaving them vulnerable to online<br />
exploits and inherently exposing the national system to potential international<br />
cyber attacks. It is estimated that mobile phone penetration in South Africa is<br />
about 98%. In addition, it is suggested that 39% of urban and 27% of rural<br />
South Africans are browsing the Internet from their mobile phones Mobile<br />
phone penetration statistics are used in correlation with the economic<br />
development and exposure to technological advances of South Africans to<br />
classify participants in the survey in three groups: urban netizens, semi-rural<br />
netizens and rural netizens. South African citizens from areas within the<br />
Gauteng, Limpopo and Mpumalanga provinces participated in this study. This<br />
article works towards the identification of any correlation between the<br />
economic development and mobile use propensity of Internet users with<br />
regard to National Security. The classification is based on availability of digital<br />
amenities, availability of and access to the Internet, the number of users per<br />
computer and the level of computer maintenance. Separate from these<br />
criteria, the availability of and access to the Internet via mobile phones has<br />
also been taken into consideration. The article uses the results from the<br />
surveys to identify direct and indirect links between the factors in question.<br />
These results are then used to extrapolate the potential threat factor to<br />
National Security based on South Africans’ cyber security awareness levels.<br />
As part of a larger research study, the participants completed surveys<br />
regarding their exposure to technology and their responses to presented<br />
cyber scenarios.<br />
Keywords: cyber security, awareness, security threat analysis rural<br />
communities, South Africa, national security, broadband access<br />
A Targeted Wireless Denial of Service Attack: Deauth or not to<br />
Deauth, That is the Question<br />
Michael Kraft and Jonathan Holston<br />
Joint Information Operations Warfare Center (JIOWC) Texas, USA<br />
Abstract: When one thinks of a denial of service attack (DoS), images of<br />
botnets and millions of TCP/IP packets from rouge computers enter the mind.<br />
When trying to attack a wireless user, expensive jammers or saturating the<br />
airwaves with radio frequency (RF) noise may also be expected. The reality is<br />
hackers and cyber criminals routinely target a specific individual and not an<br />
entire subnet or wireless frequency. Their objectives are not to disrupt, but<br />
rather create an effect or illusion meeting their specific mission or agenda.<br />
12
This paper will demonstrate how anyone can accomplish a DoS attack<br />
against a targeted wireless user using free open source tools and why this is<br />
preferable to standard DoS methods. Specifically, the authors will<br />
demonstrate how using one particular tool can deny service either on one or<br />
many wireless users to create a variety of effects. This paper will describe<br />
various reasons as to why someone may want to take this approach and its<br />
benefits as well as the limitations of the tool. Technical examples of distance,<br />
obstructions, attenuation, antenna power, etc., will support the authors'<br />
assertions and theories. Lastly, the authors will demonstrate how they<br />
performed a DoS against an individual target and how this attack can thwart<br />
detection by a high grade direction finding system. This paper will include<br />
case studies and mitigations associated with this type attack.<br />
Keywords: wireless protocol standard, wireless network, denial of service,<br />
802.11-a/b/g/i/n/w<br />
A Novel Friendly Image-Based CAPTCHA With Auto-Generation<br />
of Test Data<br />
Chun-Jung Lee 1 , Wei-Bin Lee 1 , Chin-Sheng Liu 1 , Kevin Ho 2 and Chyi-<br />
Ren Dow 1<br />
1 Department of Information Engineering and Computer Science, Feng<br />
Chia University, Taichung, Taiwan, R.O.C<br />
2 Computer Science and Communication Engineering, Providence<br />
University, Taichung, Taiwan, R.O.C<br />
Abstract: To prevent resource expenditure and several security issues, a<br />
website or a web application system should be able to tell that an access is<br />
launched by a person, instead of an automated program. A challengeresponse<br />
test called CAPTCHA is commonly selected for this purpose,<br />
especially major portal service websites such as Google, Yahoo and Hotmail.<br />
The process of a CAPTCHA involves a server requiring users to respond<br />
challenges and checking the correctness of the responses. Challenges<br />
should be properly chosen so as to make the responses can be done easily<br />
by persons, but hard by automated programs. CAPTCHAs can be classified<br />
as three categories, audio-based, text-based and image-based. An audiobased<br />
CAPTCHA generates an audio clip of text being read with background<br />
noise and asks users to respond by typing in the text. A text-based<br />
CAPTCHA renders a picture of distorted text at user’s screen and asks user<br />
to re-type the text in a text field as a response. The verification ability can be<br />
strengthened by increasing the distortion. But, it will make humans hard to<br />
recognize too. Image-based CAPTCHA is an alternative for text-based<br />
CAPTCHA. The test that an image-based CAPTCHA asks users to complete<br />
13
is related to the feature of one or more images, such as labeling the major<br />
object in an underlying image. All the image-based CAPTCHAs have several<br />
common problems, including the size of challenge database, the variety of<br />
challenge images, and the update frequency. To make a CAPTCHA robust,<br />
the challenge database must contain large number of images in different<br />
categories and update frequently. Otherwise, an automated program can be<br />
trained by all the challenges. But, human intervention in maintaining such a<br />
database makes it almost impossible since labeling images must be done by<br />
humans. In this article, we propose a CAPTCHA to solve these problems.<br />
The images in our system are either in training or verification statuses.<br />
Images with verification status are used to ensure that responses are from<br />
persons. Each newly added image is with training status. The proposed<br />
system asks a user to answer a question related to the features of rendered<br />
verification images and also to give a label for a training image. Then, the<br />
system collects all the labels for a training image which are selected by<br />
verified users. Based on the collected labels, the system deduces the label<br />
for a training image based on a given statistic rule and changes the status of<br />
the image from training to verification. Therefore, the proposed system can<br />
maintain the challenge database without human intervention.<br />
Keywords: automated programs, CAPTCHA, text-based, image-based<br />
Using Attack Trees to Assess Security Controls for<br />
Supervisory Control and Data Acquisition Systems (SCADA)<br />
Juan Lopez Jr. 1 , Jason Nielsen 2 , Jeffrey Hemmes 1 , and Jeffrey<br />
Humphries 1<br />
1 Center for Cyberspace Research, Department of Electrical and<br />
Computer Engineering, Air Force Institute of Technology, Wright<br />
Patterson AFB, Dayton, Ohio, USA<br />
2 Air Force Intelligence, Surveillance and Reconnaissance Agency,<br />
Lackland AFB, San Antonio, Texas, USA<br />
Abstract: The recent trend to interconnect industrial control systems with a<br />
corporate LAN has dramatically expanded the threat of remote cyber attack.<br />
Indeed, adversaries are targeting these systems with increasing frequency<br />
and sophistication. Cyber defense options for security decision makers are<br />
subsequently increasing in variety and complexity. Determining which set of<br />
security controls are most effective against cyber attacks is primarily a risk<br />
management and resource constraint problem. This research takes an<br />
exploratory approach to apply attack tree modeling to assess which group of<br />
security controls can potentially mitigate cyber attacks against industrial<br />
control systems. The research methodology combined probabilities of<br />
14
adversary success with impact assessments from control system experts.<br />
Subsequent data analysis identified 14 of 30 security controls that are<br />
strongly associated with mitigating cyber attacks on an ICS.<br />
Keywords: Attack tree, security controls, SCADA, risk assessment<br />
Measures to Abate Evil Twin Attacks in 802.11<br />
Sayonnha Mandal and Nagadivya Veldanda<br />
Telecommunication Engineering, University of Oklahoma, Tulsa, USA<br />
Abstract: Mobile wireless connectivity and Wi-Fi accessibility are<br />
geographically expanding at an increasingly rapid rate. Thus, the various<br />
threats associated with Wi-Fi spots will likely affect an increasing number of<br />
users. These threats are especially noticeable in the most populated areas<br />
like airports, cafes, bookstores, etc. Such networks are easy to deploy<br />
because of the non-requirement of any out-of-band key exchange or prior<br />
trust relationships between users and the access points (APs). This paper<br />
gives a new insight into the multi-AP environment scenario and presents<br />
several methods to validate access points to users even in the first<br />
transaction itself, thereby decreasing the risks of connecting to an unknown<br />
AP which might be a rogue one. To address this problem, we propose to use<br />
the ElGamal digital signature scheme to generate and compare digital<br />
signatures in order to authenticate the users to new access points. Also,<br />
utilizing networking concepts, we propose to use the assignment of IP<br />
addressing to access points to verify their identity to new users.<br />
Keywords: evil twin attacks, ElGamal, IP addressing, multi-AP environment<br />
Securing America Against Cyber war<br />
Jayson McCune and Dwight Haworth<br />
University of Nebraska at Omaha, USA<br />
Abstract: This paper expands on one aspect of Clarke and Knake’s (2010)<br />
recommendation for defending the United States’ Internet infrastructure from<br />
external attack. First it summarizes the threat that has been demonstrated in<br />
the recent past. Included are a number of data compromises that have been<br />
traced to servers in China. Also identified are potential physical attacks<br />
against facilities that employ supervisory control networks, with the Stuxnet<br />
virus being a recent example. Lastly, the fact that malware has been planted<br />
on computers in the electric power grid for later use makes an ability to block<br />
the command messages or the remote login sequence an absolute necessity.<br />
The paper identifies the 12 entry points into the United States’ Internet and,<br />
15
following Clarke and Knake’s (2010: 160) suggestion, specifies a firewall<br />
platform for those entry points. The total one-time cost for this defensive effort<br />
is estimated and found to be feasible. Finally, limitations of this approach are<br />
considered.<br />
Keywords: cyber warfare, malware, packet inspection, internet protection<br />
Examining Trade Offs for Hardware-Based Intellectual Property<br />
Protection<br />
Jeffrey Todd McDonald 1 and Yong Kim 2<br />
1 University of South Alabama, Mobile, USA<br />
2 Air Force Institute of Technology, Wright Patterson AFB, USA<br />
Abstract: The ability to protect critical cyber infrastructure remains a multifaceted<br />
problem facing both the commercial sector and the federal<br />
government. Hardware intellectual property (IP) embedded within applicationspecific<br />
integrated circuits and programmable logic devices are subject to<br />
adversarial analysis in the form of subversion, piracy, and reverse<br />
engineering. We consider the effect of transforming the programmatic logic or<br />
net list definitions for such environments so that malicious adversaries are<br />
hindered or prevented from recovering original, higher level abstractions of<br />
combinational logic design. In this paper, we provide observations on<br />
obfuscating algorithms that use random and deterministic techniques to<br />
transform logic-level definitions into alternative, functionally equivalent forms.<br />
We define the trade off space for both types of techniques and show how<br />
limitations have driven research methods.<br />
Keywords: circuit protection, malicious reverse engineering, obfuscation,<br />
security research methodologies<br />
An Approach for Cross-Domain Intrusion Detection<br />
Thuy Nguyen, Mark Gondree, Jean Khosalim, David Shifflett, Timothy<br />
Levin and Cynthia Irvine<br />
Naval Postgraduate School, Monterey, California, USA<br />
Abstract: Network-based monitoring and intrusion detection has grown into<br />
an essential component of enterprise security management. Monitoring<br />
potentially malicious activities across a set of networks classified at different<br />
security levels, however, presents subtle and complicated challenges.<br />
Analysis of intrusion alerts collected on an individual network only reveals<br />
malicious attempts to compromise that particular network, not the overall<br />
16
attack patterns across the enterprise. Development of a comprehensive<br />
perspective for intrusion analysis of all networks in a multilevel secure (MLS)<br />
environment requires care to ensure that the enforcement of information flow<br />
control policies is preserved. We describe an approach to cross-domain<br />
network-based intrusion detection. Leveraging the Monterey Security<br />
Architecture (MYSEA) high-assurance MLS federated computing framework,<br />
we developed an MLS policy-constrained network-based CD-IDS prototype<br />
using untrusted single-level components and multilevel (trusted) components,<br />
supported by open source software (i.e., BASE, snort, PostgreSQL and<br />
pgpool-II). Our prototype enables an analyst to view and manipulate network<br />
trace data collected from multiple networks, while enforcing mandatory<br />
access control policies to constrain the analyst to only those resources her<br />
session level dominates.<br />
Keywords: cross-domain services, multilevel security, intrusion detection,<br />
quality of security service<br />
Perceptions Towards eBanking Security: An Empirical<br />
Investigation of a Developing Country`s Banking Sector, how<br />
Secure is eBanking?<br />
Bongani Ngwenya<br />
Solusi University, Zimbabwe, NWU-Mafeking, South Africa<br />
Abstract: The increase in computer crime has led to scepticism about the<br />
move made by the banks to introduce eBanking. Some view this as a noble<br />
move which has made the banking system more efficient, reliable and secure,<br />
while others view it as a risky and insecure way of banking. The aim of this<br />
study was to assess whether eBanking in the developing countries is secure<br />
or not. The researcher chose a descriptive-quantitative research design. Data<br />
was collected using a self constructed questionnaire. Convenience sampling<br />
and stratified random sampling techniques were used to select the main<br />
subjects of the study. The responses of management and non-management<br />
bank personnel were concentrated on the positive side where they at least<br />
agreed that most of the items were implemented. On capital investment,<br />
logical access controls, security of network services, behavioural security and<br />
human resources competence, management ranked their perceptions<br />
significantly higher than those of non-management bank personnel. However,<br />
when it came to security policy and the organisational structure of Information<br />
Systems department, non-management personnel ranked their perceptions<br />
significantly higher than management personnel. Generally on average there<br />
was no significant difference between the perceptions of management bank<br />
personnel and non-management bank personnel on the security of eBanking.<br />
17
The study recommends further future studies on the security of eBanking in<br />
developing countries based on the perceptions of the customers themselves,<br />
who are using eBanking services, the Common Criteria for Information<br />
Technology Security and also a study of the latent dimensions of eBanking<br />
security as extracted by factor analysis, how they differ from elements of<br />
information security as derived from the theoretical framework and literature.<br />
Keywords: eBanking; eBanking security; information security; network<br />
services; banking system<br />
Implementation of Symmetric Block Ciphers Using GPGPU<br />
Naoki Nishikawa, Keisuke Iwai and Takakazu Kurokawa<br />
Department of Computer Science, National Defence Academy of Japan,<br />
Yokosuka, Japan<br />
Abstract: Battlefield systems have been shifting to Network-Centric Warfare<br />
since the Gulf War (1991). In such systems, computers are connected via<br />
encrypted networks, which require communications with such detailed data<br />
as video, sound, pictures, and other images in real time. However, current<br />
CPUs will be bottlenecked by encryption processing speed during heavy<br />
processing. Unfortunately, the performance increase of CPUs has been slow<br />
recently. Therefore, we have continuing in our development of a new cipher<br />
system using General Purpose computation on a Graphics Processing Unit<br />
(GPGPU). GPUs have evolved in recent years into powerful parallel<br />
computing devices, with a high cost–performance ratio. However, many<br />
factors affect GPU performance. In earlier work to gain higher AES<br />
performance using GPGPU in various ways, we obtained two technical<br />
viewpoints: (1) 16 Byte/Thread is the best granularity (2) Extended key and<br />
substitution table stored in shared memory is the best memory allocation<br />
style. This study was undertaken to test the hypothesis that these two<br />
findings are applicable to implementation of other symmetric block ciphers on<br />
two generations of GPU. In this study, we targeted five 128-bit symmetric<br />
block ciphers, AES, Camellia, CIPHERUNICORN-A, Hierocrypt-3, and<br />
SC2000, from an e-Government Recommended Ciphers List through<br />
Cryptography Research and Evaluation Committees (CRYPTREC) in Japan.<br />
We evaluated the performance of this system on each GPU using three<br />
methods: (A) throughput without data transfer, (B) throughput with data<br />
transfer and overlapping encryption processing on GPU, (C) throughput with<br />
data transfer and non-overlapping encryption processing on GPU. Results<br />
demonstrate that the throughput of implementation of SC2000 in method (A)<br />
on Tesla C2050 achieved extremely high 73.3 Gbps. Additionally, the<br />
throughput obtained using methods (B) and (C) deteriorated to 28.1 Gbps<br />
18
and 17.7 Gbps, respectively. Method (B) showed effective throughput with an<br />
approximately 31.1-fold higher speed compared to that obtained when using<br />
a one-core CPU.<br />
Keywords: GPGPU, symmetric block cipher, acceleration<br />
Trolling Online for Real World Identities<br />
Christopher Perr, Daniel Compton and John Hamilton<br />
Auburn University, Auburn Al, USA<br />
Abstract: Anonymity on social networks can be an excellent tool. Given the<br />
recent events with Arab Spring it is difficult to argue that anonymity on social<br />
networks has not been proven as a tool for social change. Unfortunately,<br />
anonymity can also lead to the celebration of depraved acts, such as animal<br />
abuse. In these cases anonymity is being abused. Username reuse has been<br />
identified as a potential tool to profile individuals using social networks.<br />
Context clues are used to develop a likelihood of identification across social<br />
networking sites, and to gather further information about the person behind<br />
the screen name. In order to gain a higher level of verification this paper<br />
proposes that trolling, as explained at Defcon 19, can be used as the means<br />
to verification of username reuse and individual identification in the medium of<br />
social networking.<br />
Keywords: username traceability, digital forensics, crowd-sourcing, social<br />
networking<br />
From Traditional Local to Global Cyberspace – Slovenian<br />
Perspectives on Information Warfare<br />
Kaja Prislan and Igor Bernik<br />
Faculty of Criminal Justice and Security, University of Maribor,<br />
Ljubljana, Slovenia<br />
Abstract: We wish to draw attention to information warfare in Slovenia and<br />
the cyber threats that are a risk to information systems in Slovenian<br />
organizations. Sophisticated modern information and communication<br />
technology gives new dimensions to information warfare motivated by<br />
military, political, economic and ideological interests. Many states are still<br />
relatively oblivious of these dangers. Because of anonymity, the possibility of<br />
remote access, and concealment of the point of attack, perpetrators can now<br />
easily achieve their goals, and do this more swiftly than before the arrival of<br />
information technology and the Internet. Technological development has<br />
19
enabled the spread and transfer of information warfare to various areas of<br />
society. Since the methods of information warfare are becoming similar to<br />
classic computer crime, the problem is now even more complex. By delving<br />
into the current Slovenian legislation, we wished to shed light on the<br />
inadequacy of the normative basis for the actions of law enforcement<br />
agencies. Our legislation maintains conditions, which make it easier to<br />
commit information warfare than prosecute it. Based on the uncovered<br />
weaknesses, we proposed specific improvements. Our main finding is that<br />
information warfare, as a classic form of obtaining certain goals, has, in step<br />
with technological development, spread to all areas of society, and changed<br />
its methods of attack. To perpetrators of information warfare cyberspace is an<br />
environment without limits, thus the rise of the new transnational/global threat<br />
to states and organizations. The economy, critical infrastructure, political<br />
relations and world peace are the areas most compromised by information<br />
warfare. The current normative control of information warfare mirrors a lack of<br />
political will, obliviousness and complacency, which are the attitudes enabling<br />
the spread of information warfare. World superpowers and certain<br />
international organizations know the benefits of information warfare, so they<br />
help maintain the normative disorder. The original value of this paper is in the<br />
presentation of the nature of information warfare based on specific cases,<br />
and in the analysis of the current legislation.<br />
Keywords: information warfare, cyberspace, information communication<br />
technology, legislation, Slovenia<br />
Convergence of Electronic Warfare and Computer Network<br />
Exploitation/Attacks Within the Radio Frequency Spectrum<br />
David Rohret 1 and Abiud Jimenez 2<br />
1 Computer Sciences Corporation, Inc. Joint Information Operations<br />
Warfare Center/Vulnerability Assessment Team, San Antonio, Texas,<br />
USA<br />
2 Dynetics, Inc. Joint Information Operations Warfare<br />
Center/Vulnerability Assessment Team, San Antonio, Texas, USA<br />
Abstract: Radio frequency (RF) and Computer Network Exploitation and<br />
Attacks (CNE/CNA) can no longer be viewed as separate activities or actions<br />
within the Radio Frequency (RF) spectrum for military or commercial<br />
operations. Integration of Internet Protocol (IP) capabilities allowing for node<br />
addressing, data transfer, and communications between systems once<br />
considered only Electronic Warfare (EW)-centric, may provide nation-state<br />
and non-nation-state adversaries and opportunistic malicious hackers the<br />
ability to exploit systems previously considered autonomous. Furthermore,<br />
20
network operations can be affected from wireless and remotely-operating RF<br />
systems associated to, or trusted with, operational networks. Basic RF<br />
jamming techniques provide an adversary the ability to affect blue force IP<br />
over radio communications and data transmissions with little or no risk to<br />
themselves by obfuscating their efforts as an Open Systems Interconnection<br />
(OSI) layer 2-6 attack rather than a layer 1 attack. The Joint Information<br />
Operations Warfare Center (JIOWC) Vulnerability Assessment Team (JVAT)<br />
performs adversarial red team tactics against developmental Joint Capability<br />
Technology Demonstrations (JCTDs), to include CNE/CNA and RF system of<br />
systems. The evolution of ‘smart’ weapons technologies, to include most<br />
information operations (IO) capabilities, now represents the norm in systems<br />
development. Command and control (C ) and common operational pictures<br />
(COPs) with integrated IP over radio, provide multiple attack vectors and<br />
unique opportunities for adversaries. Organizations that manage and develop<br />
EW and/or wireless networks must adapt policies and organizational<br />
processes to meet the changing environment and to deal with an increasingly<br />
savvy adversary who only requires open-source tools and technologies to<br />
successfully attack sophisticated RF networked systems. In this paper the<br />
authors identify adversarial tactics used against developmental systems with<br />
integrated EW and CNO capabilities; using only open-source and publically<br />
available equipment, data, and technologies. The authors will also discuss<br />
adversarial techniques from three case studies based on actual red teaming<br />
assessments on developmental systems.<br />
Keywords: radio frequency, CNA/CNE, intelligent jamming, OSI Layers 2-6,<br />
red teaming, assessments<br />
Supply Chain Attacks: Basic Input Output Systems (BIOS), Mux<br />
Multiplexers and Field Programmable Gate Arrays (FPGA)<br />
David Rohret 1 , 3 and Justin Willmann 2 , 3<br />
1<br />
Computer Sciences Corporation, Inc. USA<br />
2<br />
Dynetics, Inc., USA<br />
3<br />
Information Operations Warfare Center/Vulnerability Assessment<br />
Team, San Antonio, Texas, USA<br />
Abstract: Cyber crimes and cyber warfare are problematic for commercial<br />
and government entities as new exploits and methods of system compromise<br />
emerge daily. Fortunately, hundreds of cyber security organizations<br />
collaborate to develop security patches and mitigations for most exploits as<br />
quickly as they are identified. One method of compromising and controlling<br />
victim machines, with little or no risk of being identified or mitigated, is the<br />
supply chain attack; specifically, altering the basic input and output system<br />
21
(BIOS) code to reprogram Field Programmable Gate Array (FPGA) chips to<br />
run covert operating systems and provide undetectable communications for<br />
data exfiltration. Not only are the main board's BIOS and circuitry a target for<br />
malicious technology insertion, but more powerful graphics cards with<br />
independent processing and memory can also provide a safe haven for<br />
malicious logic. This paper identifies and demonstrates BIOS and FPGA<br />
attacks that can be implemented during the production process, allowing the<br />
developer (or attacker) to accomplish persistent covert communications and<br />
system control. The authors also discuss the results of a remote BIOS attack<br />
and the risks associated with attempting one. Lastly, efforts to identify and<br />
mitigate BIOS supply-chain attacks, are outlined to include the<br />
implementation of the Trusted Platform Module (TPM) standard, which<br />
supports hardware-based BIOS integrity checking, and changes required for<br />
production methods and processes that will enhance information assurance<br />
for critical assets.<br />
Keywords: BIOS, POST, supply chain attack, field programmable gate<br />
arrays, covert communications, data exfiltration, Trusted Platform Module<br />
(TPM)<br />
Attribution: Accountability in Cyber Incidents<br />
Daniel Ryan 1 and Julie Ryan 2<br />
1 iCollege of the National Defense University, Washington, DC<br />
2 Engineering Management & Systems Engineering Department, School<br />
of Engineering & Applied Science, the George Washington University,<br />
Washington, DC<br />
Abstract~: There can be no accountability without attribution. However, the<br />
worldwide system of networks that comprises cyberspace was not developed<br />
with attribution in mind, and so attribution has become a major problem in<br />
cyber incident response. This paper explores requirements for attribution in<br />
criminal and civil situations, in espionage, in cases where military tribunals<br />
are used to try terrorists, and in information warfare, and proposes a possible<br />
solution to the problem of attribution to nation-states.<br />
Keywords: Civil Litigation, Cyberspace<br />
22
A Game Theoretic Model of Strategic Conflict in Cyberspace<br />
Harrison Schramm, David Alderson, Matthew Carlyle and Nedialko<br />
Dimitrov, Naval Postgraduate School, Monterey California, USA<br />
Abstract: We study cyber conflict as a two-person zero-sum game in discrete<br />
time, where each player discovers new exploits according to an independent<br />
random process. Upon discovery, the player must decide if and when to<br />
exercise a munition based on that exploit. The payoff from using the munition<br />
is a function of time that is (generally) increasing. These factors create a<br />
basic tension: the longer a player waits to exercise a munition, the greater his<br />
payoff because the munition is more mature, but also the greater the chance<br />
that the opponent will also discover the exploit and nullify the munition.<br />
Assuming perfect knowledge and under mild restrictions on the timedependent<br />
payoff function for a munition, we derive optimal exercise<br />
strategies and quantify the value of engaging in cyber conflict. Our analysis<br />
also leads to high level insights on cyber conflict strategy.<br />
Keywords: cyber conflict, Markov game, deterrence, game theory<br />
Visualization in Information Security<br />
Dino Schweitzer and Steven Fulton<br />
United States Air Force Academy, USA<br />
Abstract: Information security is a data-rich discipline. Security analysts can<br />
be overwhelmed with the amount of data available, whether it is network<br />
traffic, audit logs, or IDS alarms. Security monitoring applications need to<br />
quickly process this data as they require rapid responses to real-time events.<br />
An effective way of dealing with large quantities of data is to take advantage<br />
of the human visual system and employ data visualization techniques. Data<br />
visualization has a long history in scientific computing and medical<br />
applications as well as newer areas such as data mining. Techniques for<br />
effective data visualization have significantly evolved over the past several<br />
years due to increases in processing power, enhanced display devices,<br />
massive data storage capability, and faster transmission speeds. One<br />
hardware advance that has strongly impacted real-time visualization is the<br />
Graphical Processing Unit (GPU). GPU’s are small special-purpose<br />
processing devices that are packaged hundreds or thousands of units per<br />
chip. This allows parallel processing of vast quantities of data to produce<br />
high-quality images in real time. As a result of these advances, experts are<br />
extending the traditional fields of visualization to a broad range of new<br />
applications. For example, many researchers are now experimenting with<br />
23
innovative ways of applying visualization principles to security applications,<br />
and many security products incorporate some type of visualization capability.<br />
Dedicated books, articles, workshops, and blogs provide information and<br />
forums for interested security professionals to learn about visualization and<br />
how to effectively apply it to the security domain. This paper reviews the<br />
history and principles of visualization focusing on how it is currently used in<br />
the security arena. The paper also discusses current trends in information<br />
security visualization research by analyzing and discussing ongoing<br />
published visualization projects. These projects focus on techniques such as<br />
file visualization, network visualization, log (firewall and intrusion detection)<br />
visualization, as well as vulnerability identification and exploits. In addition to<br />
a survey of current research efforts, the paper looks at possible future<br />
directions for security visualization research and applications.<br />
Keywords: visualization, information security<br />
A Novel Biometric System Based on Tongueprint Images<br />
Mohammad Reza Shahriari 1 , Shirin Manafi 2 and Sepehr Sadeghian 3<br />
1<br />
Department of Management, Islamic Azad University UAE Branch,<br />
Dubai, UAE, 2 Department of biomedical Engineering, Science &<br />
Research Branch, Islamic Azad University, Tehran, I.R.Iran<br />
3<br />
Department of mechanical engineering, IRAN University of Science &<br />
Technology, Tehran, I.R.Iran<br />
Abstract. Biometrics based identity-verification is regarded as an effective<br />
method for automatically recognizing, with a high confidence, a person’s<br />
identity. This paper presents a new biometric approach to identity verification<br />
based on the tongue-print technology by means of a novel feature extraction<br />
method since tongue can be stuck out of mouth for inspection, and it is<br />
otherwise well protected in the mouth and is difficult to forge; this organ could<br />
be considered as a biometric factor. The tongue presents both geometric<br />
shape information and physiological texture information which are potentially<br />
useful in personal identification applications. Despite these obvious<br />
advantages for biometrics, little work has hitherto been done on this topic;<br />
nevertheless, the feasibility of tongue biometrics has been proved. Our<br />
tongueprint identification system employs tongueprint images and by means<br />
of feature extraction from wavelet coefficients achieves effective personal<br />
identification. The suggested system consists of two parts: preprocessing of<br />
acquired tongue images, and a feature extraction method to achieve each<br />
person’s unique parameters. In order to have an experimental image<br />
database, digital pictures were acquired from 10 different people’s tongues in<br />
prespecified time intervals. These people were chosen randomly both in<br />
24
gender and age although specifically from different age groups. Resolution of<br />
images and their acquisition conditions were uniform in all cases. By<br />
clustering different people’s data and specifying the cluster centre, any new<br />
dataset would be compared to the claimed centre and his/her identity could<br />
be verified. Comparison of different mother wavelet transforms’ results<br />
demonstrate the optimum framework. The experimental results have been<br />
verified at the end. The results from suggested procedure show that using<br />
texture factor for the tongue verification produces an efficient and reliable<br />
result. When the FAR is equal to 3.1%, we get the Genuine Accept Rate of<br />
70%. These results once again demonstrate that the tongue biometric is<br />
feasible. Additionally it was observed that at the threshold of 182, the<br />
suggested procedure would have equal error rate. Final verification results<br />
depict close match with previous studies. Furthermore it was shown that<br />
application of tongue’s texture - solely as a biometric factor considering<br />
possible interfering of tongue shape complications resulted by its probable<br />
and perhaps voluntary changes -could be regarded certainly efficient and<br />
even more reliable with high recognition rate.<br />
Keywords: biometrics, tongueprint identification, texture analysis, wavelet<br />
transform<br />
Intelligence and Influence Potential in Virtual Worlds<br />
George Stein<br />
USAF Center for Strategy and Technology, Spaatz <strong>Academic</strong> Centers,<br />
Air University, USA<br />
Abstract: The current and rapidly developing “virtual worlds” existing in<br />
cyberspace and the relationship between activities in these virtual worlds and<br />
the “real” world represent an emerging area of concern for the conduct of<br />
strategic communications, influence operations, and, in general, various<br />
military and intelligence missions and operations in cyberspace. In the next<br />
few years, the availability and distribution of the so-called “$100 laptop”<br />
throughout Asia, Latin America, Africa, and other areas-of-concern for the<br />
“long war” will link millions not only to the World Wide Web but, additionally,<br />
to the cyber-based virtual worlds. In general, government information<br />
operations, intelligence and cyberspace communities are well behind the<br />
power curve in virtual world cyberspace and, currently, largely unprepared for<br />
operations in these cyber-based virtual worlds. We must address “two-world<br />
warfare.”<br />
Keywords: virtual worlds, MMORPG, second life, terrorists, intelligence,<br />
surveillance<br />
25
Classifying Network Attack Scenarios Using an Ontology<br />
Renier Pelser van Heerden 1 , 2, Barry Irwin 2 and Ivan Burke 1<br />
1 CSIR, Pretoria, South Africa<br />
2 Rhodes University, Grahamstown, South Africa<br />
Abstract: This paper presents a methodology using network attack ontology<br />
to classify computer-based attacks. Computer network attacks differ in<br />
motivation, execution and end result. Because attacks are diverse, no<br />
standard classification exists. If an attack could be classified, it could be<br />
mitigated accordingly. A taxonomy of computer network attacks forms the<br />
basis of the ontology. Most published taxonomies present an attack from<br />
either the attacker's or defender's point of view. This taxonomy presents both<br />
views. The main taxonomy classes are: Actor, Actor Location, Aggressor,<br />
Attack Goal, Attack Mechanism, Attack Scenario, Automation Level, Effects,<br />
Motivation, Phase, Scope and Target. The "Actor" class is the entity<br />
executing the attack. The "Actor Location" class is the Actor’s country of<br />
origin. The "Aggressor" class is the group instigating an attack. The "Attack<br />
Goal" class specifies the attacker’s goal. The "Attack Mechanism" class<br />
defines the attack methodology. The "Automation Level" class indicates the<br />
level of human interaction. The "Effects" class describes the consequences of<br />
an attack. The "Motivation" class specifies incentives for an attack. The<br />
"Scope" class describes the size and utility of the target. The "Target" class is<br />
the physical device or entity targeted by an attack. The "Vulnerability" class<br />
describes a target vulnerability used by the attacker. The "Phase" class<br />
represents an attack model that subdivides an attack into different phases.<br />
The ontology was developed using an "Attack Scenario" class, which draws<br />
from other classes and can be used to characterize and classify computer<br />
network attacks. An "Attack Scenario" consists of phases, has a scope and is<br />
attributed to an actor and aggressor which have a goal. The "Attack Scenario"<br />
thus represents different classes of attacks. High profile computer network<br />
attacks such as Stuxnet and the Estonia attacks can now be been classified<br />
through the “Attack Scenario” class.<br />
Keywords: network attack, taxonomy, ontology, attack scenario<br />
26
A Practical Method for Minimization of Attack Surfaces in<br />
Information Warfare<br />
Hence that general is skilful in attack whose opponent does<br />
not know what to defend; And he is skilful in defense whose<br />
opponent does not know what to attack. Sun Tzu, 496 BC<br />
Charles Wilson 1 and Bradley Wilkerson 2<br />
1<br />
Center for Cyber Security and Intelligence Studies, University of Detroit<br />
Mercy, Detroit, Michigan, USA<br />
2<br />
Eastern Michigan University, Ypsilanti, Michigan, USA<br />
Abstract: This paper provides a specific approach to building a robust<br />
defense against asymmetric attacks. It centers on the restriction of the attack<br />
surfaces across an organization’s systems. It suggests practical method for<br />
creating and enforcing limitations to the attack surface of the organization.<br />
This method is based around target and attack enabler identification and<br />
limitation of access rights through the enabling channels. The specific aim of<br />
the approach is to only allow access at a limited number of well defended<br />
interface points, through a well defined and highly restricted system<br />
perimeter. It is implicit that if the limitation process is correctly executed the<br />
defender will be able to provide a robust defense in depth at each of the<br />
designed points of access.<br />
Keywords: attack surface; asymmetric warfare, defense in depth; system<br />
administration.<br />
Simulated e-Bomb Effects on Electronically Equipped Targets<br />
Enes Yurtoğlu<br />
Turkish Air Force War College, Istanbul, Turkey<br />
Abstract: Like High Altitude Electromagnetic Pulse (HEMP), high power<br />
microwaves (HPM) produce intense energies, which may overload or damage<br />
various electrical system components such as microcircuits. This work<br />
theoretically investigates possible effects of a hypothetically designed HEMPlike<br />
weapon, an “e-bomb,” on electronically equipped target systems whether<br />
it can overload, upset or damage any part of the targeted system. The<br />
procedure to determine these possible effects is, quantitatively, to estimate<br />
the electromagnetic coupling from first principles and simulations using a<br />
coupling model program, pursuing a feasible geometry of attack, practical<br />
antennas, best coupling approximations of ground conductivity and<br />
27
permittivity, a reasonable system of interest representation from<br />
specifications, threat waveshape and operating frequency. The analysis<br />
procedure investigates the role each of these factors contributes to the ebomb<br />
coupling scenario and the end-to-end process is described as follows:<br />
A simple topographical system of interest transmission-line coupling model is<br />
created as a target that consists of some mission-essential distributed<br />
equipment nodes, which include electronic device components. A range,<br />
which turns out to be the detonation altitude over the target, is selected based<br />
on the desired frequency span, antenna diameter, and the geometry for the<br />
deployment platform source. This altitude, in-turn, is used to establish the<br />
intensity level for illumination of the topographical model. A basic approach is<br />
employed to define the geometry and to calculate the detonation altitude to<br />
ensure the radius of the whole target system area is e-bomb illuminated. The<br />
hypothetical e-bomb created transient pulse used to interact with the modeled<br />
system is defined from first principles. The pulse is developed and formatted<br />
as the expected amplitude, waveshape and frequency content of an e-bomb<br />
as a function of ‘range.’ A MATLAB program is used to define the e-bomb<br />
weapon E-field intensity as a function of range. After defining the threat field,<br />
an electromagnetic coupling and interaction program using the threat<br />
waveshape and models of the target system is employed to analyze terminal<br />
currents throughout the model. These system currents are then converted to<br />
their node voltage, delivered power, or energy, at the various representative<br />
distributed system nodes throughout the model. Those possible e-bomb<br />
effect results are then compared to a published and experimentally created<br />
threshold level table to determine whether any upset or damage is formed on<br />
the target system and satisfying results are achieved. Based on this<br />
comparison, the results are evaluated with respect to the factors that caused<br />
them to exceed, or not exceed, the threshold levels. Overall, those results<br />
and comparisons provide an idea of how to best use such a weapon against<br />
electronically equipped targets.<br />
Keywords: electromagnetic pulse weapon, high power microwaves,<br />
electromagnetic coupling, e-bomb, e-field<br />
28
PhD<br />
Papers<br />
29
Cyberpower: Learning From the Rich, Historical Experience of<br />
War<br />
Ernest Lincoln Bonner, USAF, Air University, Maxwell, USA<br />
Abstract: Developing cyberpower theory and doctrine is challenging because<br />
heretofore cyberpower has fallen under the nearly exclusive purview of<br />
technical experts, not warfighters. Consequently, much of the work on<br />
cyberpower theory has eschewed traditional military concepts in favor of a<br />
lexicon more familiar to network administrators, computer scientists, and<br />
engineers. This state of affairs stunts military strategic thinking on<br />
cyberpower, and hinders cyberpower integration into joint warfighting.<br />
Therefore, this paper attempts to advance the beginnings of a cyberpower<br />
theory rooted in the lessons of war from the traditional operational domains –<br />
land, sea, and air. By examining cyberpower through the lens of fundamental<br />
concepts like orientation, initiative, terrain, speed and mobility, similarities to<br />
military power in the other operational domains emerge. These similarities let<br />
cyberpower theory harvest lessons from the military theories of those like Carl<br />
von Clausewitz, Sir Julian Corbett, Sir John Slessor and John Boyd, and the<br />
rich, historical experience of war.<br />
Keywords: cyber, cyberpower, military, cyber warfare, theory<br />
Reducing False Positives in an Anomaly-Based NIDS<br />
Saeide Hatamikhah and Mohammad Laali<br />
Department of Computer Engineering, Tarbiat Moallem University,<br />
Tehran, Iran<br />
Abstract: Internet and computer networks are facing an increasing number of<br />
security threats. With new types of attacks that appear continuously, the<br />
development of flexible and adaptive security is a serious challenge. In this<br />
field, approaches of network-based intrusion detection are ideal techniques to<br />
protect target systems and networks from destructive actions. Depending on<br />
the analytical model, this technique is divided into signature-based and<br />
anomaly-based models. Signature-based model focuses on known attacks or<br />
their obvious features by matching patterns of behavior with a predefined byte<br />
string. The biggest problem with this model is that it is not able to detect new<br />
attacks if the software does not have their signatures defined in the database.<br />
Anomaly-based model specifies normal behavior of the traffic and computes<br />
unusual degree of one packet on base of its deviance measure from normal<br />
behavior. Even then if diversion is discovered, the system would generate<br />
alarms indicating a series of intrusion events that have occurred. Despite the<br />
31
ability of this system to detect new attacks, it generates a high rate of false<br />
alarms. Shimamura and Kono (2006) in order to reduce false alarms rate in<br />
the signature-based IDS proposed a system called TrueAlarm. Although this<br />
proposed system can be considered as a new system of network-based<br />
intrusion detection due to its benefits than basic NIDS, it is important to note<br />
that TrueAlarm still cannot identify unknown suspicious messages as the<br />
signature-based NIDS, and this is its biggest weakness due to the large<br />
volume of network attacks in today’s world that include many zero-day<br />
attacks. In this article whilst we want to introduce intrusion detection system<br />
as a powerful tool in the field of network security, and also a variety of<br />
analysis techniques and models, using a basic system namely TrueAlarm, we<br />
present a new architecture namely Integrated TrueAlarm to improve the false<br />
alarm problem of anomaly-based analysis model.<br />
Keywords: Network-based intrusion detection system, false alarms,<br />
signature-based analysis, anomaly-based analysis, Integrated TrueAlarm<br />
An Ontological Approach to Information Security Management<br />
Teresa Pereira 1 and Henrique Santos 2<br />
1 Informatics Department, School of Business Studies, Polytechnic<br />
Institute of Viana do Castelo, Valença, Portugal, 2 Information Systems<br />
Department, School of Engineering, University of Minho, Guimarães,<br />
Portugal<br />
Abstract: Nowadays organizations strongly rely on technology, in particular<br />
on the performance of their information systems, and therefore they become<br />
more exposed to security risks inherent to these technologies. Adequate<br />
security procedures to manage information security are obviously required<br />
and organizations need to carefully evaluate their security policies. In this<br />
context information security risk management should be performed as part of<br />
information security management activity. Its objectives are to identify,<br />
address, and mitigate risks before they become serious threats. The definition<br />
of an ontology, which contains a hierarchical representation and description<br />
of security concepts, defined according to the ISO/IEC_JTC1 standards, can<br />
assist organizations to classify attacks, identify the critical assets and mitigate<br />
their vulnerabilities and threats. With this information organizations are able to<br />
identify the level of risk exposition. This paper proposes a method based on<br />
an ontological approach to structure and organize security information within<br />
an organization.<br />
Keywords: information security management; risk analysis; security risk<br />
management; information security; ontology<br />
32
Non <strong>Academic</strong><br />
Papers<br />
33
The Crawl, Walk, run Progression for Strategic Communication<br />
Christopher Paul<br />
RAND Corporation, Pittsburgh, USA<br />
Abstract: Strategic communication suffers from ambiguity in both discussion<br />
and in practice. Recommendations for the improvement of strategic<br />
communication and public diplomacy abound. In these recommendations<br />
there are significant areas of consensus, but broad differences remain in<br />
terms of the priorities for and the details of the various things recommended.<br />
The author argues that, while some of these differences stem from real<br />
disagreement about definition or direction, many come from diverse focal<br />
emphases and a failure to consider desired capabilities as part of a logical<br />
progression. Consider, for example, that for some, strategic communication<br />
focuses on just getting to a minimal level of deconfliction between our<br />
different modes of broadcast and avoiding information fratricide. For others,<br />
the emphasis is on long-term partnerships and engagements, and the<br />
necessary enabling cultural and contextual knowledge. For others still,<br />
strategic communication should emphasize leveraging the private sector for a<br />
variety of resources and capabilities that are not organic to the government.<br />
The proposed solution is simple: the development of strategic communication<br />
should follow a crawl, walk, run progression. This is a metaphor often used in<br />
military training and is fairly transparent logically: Before you can walk, crawl;<br />
before you can run, walk. Some things have to come before other things,<br />
either because they are logically prior, or just easier to develop from the<br />
current existing baseline. The paper elaborates this argument and<br />
preliminarily discusses and assigns each of the host of advocated strategic<br />
communication developments or capabilities to the crawl level, the walk,<br />
level, or the run level.<br />
Keywords: strategic communication, public diplomacy, war of ideas,<br />
influence campaigns, civil-military relations<br />
35
Work in<br />
Progress<br />
Papers<br />
37
Cyber Fratricide: A Literature Review<br />
Norah Abokhodair and Aaron Alva<br />
Information School, University of Washington, Seattle, USA<br />
Abstract: In 2010, the Symantec Internet Security threat report encountered<br />
more than 286 million unique variations of malware threats(Symantec, 2011).<br />
Moreover, it recorded 6,253 new vulnerabilities, more than in any previous<br />
year since report’s inception. Threats to cyber systems in the form of Trojans,<br />
Worms, Viruses, etc. are increasing at a rate that is overwhelming the ability<br />
of security practitioners to keep up. Efforts to address an avalanche of threats<br />
is introducing errors and decisions that may be adversely affecting the<br />
security of the system the security practitioners are trying to protect. To date,<br />
little research has focusedon an important aspect of security effectiveness,<br />
the cyber equivalent of “Friendly Fire”. This paper reviews case studies and<br />
available research on Cyber Friendly Fire. The Webster’s Ninth New<br />
Collegiate Dictionary defines fratricide as “one who murders or kills his own<br />
brother or sister.” Cyber Friendly Fire, the equivalent of cyber fratricide, is<br />
defined as “intentional offensive or defensive cyber/electronic actions<br />
intended to protect cyber systems against enemy forces or to attack enemy<br />
cyber systems, which unintentionally harms the mission effectiveness of<br />
friendly or neutral forces” (Greitzer et al., 2009). Recent high-profile incidents<br />
illustrate how organizations have failed to understand the risks of Cyber<br />
friendly fire. Furthermore, the use of multiple cyber security tools may have<br />
the perverse effect of damaging system security. The Open Source<br />
Vulnerability Database shows at least 1,200 listings where security software<br />
has been the cause of a system breaking (Geer Jr, 2010). In these cases,<br />
friendly fire has brought down the defenses of the enterprise and exposed the<br />
systems to the dangerous threat landscape. The purpose of this reviewis to<br />
clarify the factors leading to or causing cyber fratricide, identify gaps in this<br />
emerging area of research, and suggest avenues of research that will lead to<br />
increased awareness and improved enterprise systems security.<br />
Keywords: cyber fratricide, cyber friendly-fire, cyber threats, enterprise<br />
systems, cyber security<br />
39
Behavioral-Based Method for Detecting SCADA Malware<br />
Henry Bushey, Juan Lopez and Jonathan Butts<br />
Air Force Institute of Technology, Wright-Patterson Air Force Base, USA<br />
Abstract: Supervisory Control and Data Acquisition (SCADA) systems<br />
control and monitor services for the nation’s critical infrastructure. Recent<br />
events (e.g., Stuxnet) highlight the increasing threat to these systems.<br />
Indeed, attacks vary from denial of service to espionage; however, Stuxnet<br />
provides an example of a targeted, covert attack resulting in physical<br />
damage. Of particular note is the manner in which Stuxnet exploited the trust<br />
relationship between the human machine interface (HMI) and the<br />
programmable logic controllers (PLCs). PLCs are critical components of<br />
SCADA systems that provide real-time physical control and monitoring of<br />
end-devices (e.g., pumps, switches and sensors). Current methods of<br />
validating the operational parameters of PLCs primarily consider the message<br />
exchange and network communications protocols, generally observed at the<br />
HMI. Although sufficient at the macro level, this method does not provide<br />
detection of malware embedded in the PLC, as demonstrated by Stuxnet.<br />
This work in progress proposes a novel method to analyze the behavior of the<br />
input and output parameters of a PLC. Direct analysis of PLC input and<br />
output provides the true state of SCADA end-devices. Our research provides<br />
a series of inputs to the PLC while monitoring true system outputs. The initial<br />
and transition states characterize the baseline behavior of the PLC program.<br />
Once the baseline is established, modifications are made to emulate a PLC<br />
infected with malware. The enumerated versions of the programs are<br />
reevaluated to observe the modified output behavior. The results are then<br />
analyzed to identify the presence of malicious code and to determine the<br />
degree of modification. The focus of this work is to increase the resilient<br />
posture of SCADA systems. By analyzing true system outputs, a model can<br />
be derived that identifies malware embedded in PLCs attempting to alter<br />
system operations. The results can be extracted to develop resiliency metrics<br />
that evaluate how a system is expected to operate in the face of adversity.<br />
The research will be expanded to incorporate automated behavioral-based<br />
analysis integrated with the PLC.<br />
Keywords: behavioral-based security, assurance, resilience, SCADA<br />
security<br />
40
Modelling Organizational Management by Strengthening the<br />
Information Protection Requirements in Innovative<br />
Organizations<br />
Marcela Izabela Ciopa and Cristian Silviu Banacu<br />
Management Department, Efficiency Economic Char, The Academy of<br />
Economic Sciences, Romania<br />
Abstract: Starting from the identification of human resources as one of the<br />
essential components of information security and following heated debates on<br />
forums about the lack of accountability regarding the utilization of IT<br />
resources (mainly by users more or less trained in this respect), we found the<br />
need to address managerial issues and to identify solutions for the<br />
implementation of rules and procedures. Objective is to implement a model<br />
that is focused on: -changing internal regulations as a starting point and; -<br />
including behavioural elements into employees’ evaluations. Behavioural<br />
elements shall be included in order to evaluate how information content in<br />
databases of innovative organizations is used and to reward or sanction<br />
respectively. Changing internal rules, job descriptions and evaluation criteria<br />
will affect the rights and obligations of internal and external users of<br />
databases and will create the conditions for better maintaining the<br />
confidentiality and integrity of data.<br />
Keywords: human resource, internal regulations in innovative companies,<br />
job description, evaluation's criteria, information security.<br />
Evaluation of Traditional Security Solutions in the SCADA<br />
Environment<br />
Robert Larkin, Juan Lopez and Jonathan Butts<br />
Air Force Institute of Technology, Wright-Patterson AFB, Ohio, USA<br />
Abstract: Supervisory control and data acquisition (SCADA) systems control<br />
and monitor the electric power grid, water treatment facilities, oil and gas<br />
pipelines, railways and other critical infrastructures. In recent years,<br />
organizations that own and operate these systems have increasingly<br />
interconnected them with their enterprise network to take advantage of cost<br />
savings and operational benefits. This trend, however, has introduced myriad<br />
vulnerabilities associated with the networking environment. As a result, the<br />
once isolated systems are now susceptible to a wide range of threats that<br />
previously did not exist. To help address the associated risks, security<br />
professionals seek to incorporate mitigation solutions designed for traditional<br />
networking and information technology (IT) systems. Unfortunately, the<br />
operating parameters and security principles associated with traditional IT<br />
41
systems do not readily translate to the SCADA environment; security<br />
solutions for IT systems focus primarily on protecting the confidentiality of<br />
system and user data. Alternatively, SCADA systems must adhere to strict<br />
safety and reliability requirements and rely extensively on system availability.<br />
Indeed, mitigation strategies designed for traditional IT systems must be<br />
evaluated for the SCADA environment prior to employment to safeguard<br />
against adverse operational impacts. This work in progress presents ongoing<br />
research that analyzes a traditional host-based intrusion detection system in<br />
the SCADA environment. Specifically, we evaluate the Department of<br />
Defense (DoD) Host Based Security System (HBSS) employed on a fuels<br />
management SCADA system. The preliminary investigation examines<br />
whether the increased processing time associated with the HBSS security<br />
agent negatively impacts system availability and operations. The research<br />
methodology consists of both measurement and simulation evaluations and<br />
leverages an operational U.S. Air Force fuels management system and<br />
configuration. If findings indicate that the impact to operations is negligible,<br />
then the HBSS network defense tool can be employed in the AF fuels<br />
management SCADA environment. If successful, HBSS can be extended to<br />
other AF and DoD SCADA networks to provide security protections against<br />
network-based attacks.<br />
Keywords: critical infrastructure protection, SCADA security, host-based IDS<br />
Hackers at the State Service: Cyberwars Against Estonia and<br />
Georgia<br />
Volodymyr Lysenko and Barbara Endicott-Popovsky<br />
University of Washington, Seattle, USA<br />
Abstract: In this research we investigate, what role the Russian “patriotic<br />
hackers” played in the 2007 and 2008 cyberattacks against Estonia and<br />
Georgia, what role the state played, and how the experience of withstanding<br />
the “Russian-type” attacks, experienced in 2007 in Estonia, helped in<br />
repelling rather similar attacks in 2008 against Georgia much faster. Fluency<br />
in the Russian language of one of the co-authors helps in identifying those<br />
issues which were previously hidden from earlier, mostly Western,<br />
researchers investigating these cases. Based on our analysis we will provide<br />
some new insights into withstanding state-sponsored cyberwars, and develop<br />
related recommendations for cyberdefense policy makers.<br />
Keywords: cyberattacks in modern conflicts; patriotic hackers; Russia;<br />
Estonia; Georgia; case studies; cybersecurity education<br />
42
Presentation<br />
Only<br />
43
ICT Security In The Modern Airport – Can Organic Growth Ever<br />
be Secure?<br />
John McCarthy 1 , Bryan Mills 2 and Don Milne 1<br />
1 Bucks New University, UK<br />
2 ServiceTec, England<br />
Abstract: Demand for air travel from the expanding world leisure market and<br />
the rapid development of some Asian, Eastern <strong>European</strong> and South<br />
American economies has also fuelled a demand for greater air travel. In<br />
recent years Airlines have responded with greater competition and the<br />
evolution of low cost airlines. This has combined to create a major impact on<br />
passenger numbers. In addition to normal market expansion major terrorist<br />
events such as 9/11 have created increased security measures and<br />
procedures in passenger air travel. This has resulted in a step change on how<br />
airport security is managed. This has resulted in airports facing increasing<br />
numbers and ever more complex, time consuming and cumbersome security<br />
procedures. The increase in passenger numbers coupled with a rapid<br />
expansion of airport infrastructure to accommodate the new security<br />
procedures has resulted in adhoc ICT systems in airports that have grown<br />
and developed organically. These ICT systems may not be as secure as they<br />
could be due to the disparate nature of their development and possible<br />
duplication of services. Communication in airports for passenger handling is<br />
also evolving.<br />
There is a move towards adopting TCP/IP protocols and moving away from<br />
older forms of technology such as X25 relays. This in itself whilst presenting<br />
cost savings and efficiency benefits creates new security issues and threats.<br />
Airports are often managed by several bodies such as airlines, baggage<br />
handlers companies, security and immigration and border control. Airports<br />
and airport regulations are governed by individual countries. This leaves open<br />
the possibility of differing security and working practices and ICT<br />
implementations across international boundaries. This could have an impact<br />
on airport security as a whole.<br />
To address these issues this exploratory paper seeks to map out the ICT<br />
systems in a modern Tier 2 regional airport. This will be achieved through<br />
case study analysis of a major Tier 2 airport and coupled with empirical data<br />
collection and analysis. The resulting ICT map will allow an objective and<br />
neutral analysis of ICT provision in airports and determine if this provision is<br />
secure. Best practice models could also be developed to benchmark the use<br />
and security of ICT within airports.<br />
45
The outcomes may offer new insights into the management of ICT systems<br />
airports and offer new methods of deploying ICT to better effect within the<br />
airport environment. This may enable ICT providers within airports to offer a<br />
more secure and efficient service that offers enhanced safety for passenger<br />
travel.<br />
Keywords: airport security passenger handling<br />
A Progress Report on the IW Ops Manual<br />
Eneken Tikk Ringas<br />
Toronto University Munk School of International Affairs, Canada<br />
Cyber incidents of the past years as well as the continuous speculation<br />
around potential future cyber catastrophes and cyber wars have repeatedly<br />
emphasized the need for a revised interpretation of existing law. Jus ad<br />
bellum (international law governing the use of force) and jus in<br />
bello(international humanitarian law) were not developed, having regard to<br />
contemporary security threats, including advanced cyber capabilities.<br />
Therefore, it is evident that a great need exists for a professional<br />
interpretation of the conventions and treaties of the previous centuries in<br />
order to demonstrate if and how they can be applied to the modern cyber<br />
conflict. An international group of lawyers has begun to develop<br />
an authoritative reference on the international law applicable to cyber conflict.<br />
The Manual is meant to address all legal issues deriving from the jus ad<br />
bellum and the jus in bello. In addition, it examines related issues such as<br />
sovereignty, state responsibility and neutrality. Dr. Tikk will describe the<br />
progress being made in developing the Tallinn Manual<br />
46