Global Security, Safety, and Sustainability (eBook)

Preface 5
Organization 6
Table of Contents 8
Question: Where Would You Go to Escape Detection If You Wanted to Do Something Illegal on the Internet? Hint: Shush! 10
Introduction 10
Computer Crime in Scottish Public Libraries 12
A Flexible Forensic Readiness Tool for Public Libraries 13
Discussion 15
Conclusions 16
References 17
A Security Audit Framework for Security Management in the Enterprise 18
Introduction 18
Related Work 19
Proposed Security Audit Framework 19
Security Policy 20
Audit Policy 20
Processes 22
Procedure 22
Regulatory Compliance 22
Things to Consider before an Audit 22
Types of Audit 23
Guarantee 23
Guidelines 24
Authority 24
Regulatory Compliance 24
Audit Trail Analysis 24
Data Analysers 25
Security Data Correlation 25
Penetration Testing 25
Discussion 26
References 26
Watermarking Spatial Data in Geographic Information Systems 27
Introduction 27
Need for Watermarking 28
Data Sharing in GIS Applications 28
Water Marking and Data Quality 29
Watermarking for GIS Applications 30
Watermarking Techniques 30
Watermarking the GIS Data 30
The Proposed Model 31
Model for Watermarking GIS Database 31
Model for Watermark Detection 32
Conclusions 33
References 34
Situation Awareness in Systems of Systems Ad-Hoc Environments 36
Introduction 36
Related Work 37
Methodology 39
Conclusion 42
References 42
The Georgia’s Cyberwar 44
Introduction 44
People’s War 45
Conclusions 51
References 51
The UK Government’s Critical National Infrastructure Policy for Emergency Services Communications Platforms: Vulnerabilities in the TETRA Architecture 52
Introduction 52
The TETRA Private Mobile Radio Network Architecture 54
Mobile Ad-Hoc Networks and Multi-hop Routing 56
Multi-hop Routing 57
Routing Protocols for MANET’s 58
Proactive Routing Protocol for MANETs 58
Destination Sequenced Distance-Vector Routing Protocol 59
The Cluster-Head Gateway Switch Routing Protocol 60
Conclusion 62
References 63
Analysing the Kerberos Timed Authentication Protocol Using CSP-Rank Functions 65
Introduction 65
Related Work 66
Work in Progress 68
The CSP Model of the Proposed Protcol 68
Discussions 71
Conclusions 71
References 72
Analyzing the Extent of Notice to Customer Attitude in the Organizational Structure of Vendors and Its Effect on e-Buyer’s Trust 73
Introduction 73
Background and Related Studies 75
Conceptual Development 78
Hypotheses 79
Methodology 80
Analysis and Results 81
The Measurement Model 81
Conclusion and Recommendations 82
References 83
A Systems Framework for Sustainability 85
Introduction 85
A Unified Systems Sustainability Concept 86
Sustainability Assurance: The Framework 87
Weighted Factors Analysis 88
The Framework 88
The Macro Concept of a Sustainable Architecture (G4.1) 93
The Micro Concept of a Sustainable System 93
A Top-Down Hierarchy of a Multi-level Sustainability Concept 97
Technological Sustainability Case Study – Information Systems Security 98
Network Security as a Business Issue 98
The Focus of Investment on Network Security 99
Conclusions 101
References 102
Hybrid Genetic Algorithm for Travel Time Reliability of Optimal Path 104
Introduction 104
Mathematical Model for Demand 105
Genetic Algorithm and Application in Knapsack Problems 106
Genetic Algorithm 106
Genetic Algorithm for 0-1 Knapsack Problems 107
Hybrid Genetic Algorithm 108
Numerical Simulation 109
Conclusions and Future Research 111
References 112
Geofencing in a Security Strategy Model 113
Introduction 113
The Problem 113
The Solution 114
Wireless Networks 115
Controlling Wi-Fi Medium 115
Modelling Wi-Fi Mediums 115
Developing a Security Strategy 115
Properties of Security Strategy Models 116
Classification of Data in Security Strategy Models 116
The Novelty of Geofencing in a Security Strategy Model 117
Ethics of Prototype Software Development 117
Quality of the Prototype Software 118
Location Based Services 118
Containment of Location Based Services 118
Method 118
Methodology 119
Conclusion 119
References 119
Using Business Process Execution Language to Handle Evaluation Factors for Web Services Compositions 121
Introduction 121
Business Process Evaluation: Focus on the Underlying Service Composition 122
Evaluation Factors 122
The Expressiveness of Business Process Execution Language (BPEL) 122
Implementing a WS Composition Scenario 124
Role Check Service 125
Medical Record Service 126
XRay Authorization Service 128
Conclusion 129
References 130
The Significance of Security in Transmitting Clinical Data 131
Introduction 131
Existing and Emerging Threats 132
Mitigating Threats 132
Evaluating E-Crime Threats in the NHS 132
Contemporary Types of E-Crimes Threats to the NHS 132
Potential Types of E-Crime Threats to the NHS 132
E-Crime and Governance 134
Relationship between Potential NHS E-Crime Threats and IT Law 136
NHS E-Crime Snapshot 136
How the UK Law Applies to the Current and Potential NHS E-Crimes 137
Mitigating Current and Potential E-Crime Risks in the NHS 138
Conclusion 138
References 139
Security Concern over Earth Viewer Software Using Satellite Photo Service 141
Introduction 141
Worldwide Complaints 142
Current Restrictions 142
Nosy Neighbors 143
Global Access Policies for Earth Viewer Software 143
Proposed Method for Implementation of Global Access Policy 143
Countrywide Access Control List 143
Global Access Control List 144
Implementation of Global Access Policy Using Proposed GACL and CACL 144
Conclusions 146
References 146
The People’s Republic of China – The Emerging Cyberpower 147
Introduction 147
Cyberspace and Strategy 148
Spying in Cyberspace 149
Conclusions 152
References 152
Computer Anti-forensics Methods and Their Impact on Computer Forensic Investigation 154
Introduction 154
Computer Forensics Methodologies versus Anti-forensics 155
Stage One – Elimination of Source 155
Stage Two – Hiding the Data 156
Stage Three – Direct Attacks against Computer Forensic Software 156
Experimenting with Anti-forensics Techniques 157
Experimental Results 159
Discussion – Conclusions 163
References 163
Neural Networks for Intrusion Detection Systems 165
Intrusion Detection Systems 166
Neural Networks 167
Current Issues with Intrusion Detection Systems 169
Neural Networks for Intrusion Detection Systems 171
Proposed Approach 172
Conclusion 172
References 173
Exploitation of Secrets Injected in Java Midlets 175
Introduction 175
State of the Art 176
The Methodology 176
Related Work and Objectives 176
Scenario and Obfuscation 176
Description of the Methodology 178
Case Studies 179
TrustedSMS v. 1.0 179
HOTPMidlet 180
Limitations and Future Works 181
Conclusions 182
References 182
Biometrically Based Electronic Signatures for a Public Networked Environment 183
Introduction 183
Biometric Based Digital Signature 184
Phase 1 – Sign Message Destined for Sam 184
Phase 2: Authentication Server 185
Phase 3: Sam Requesting the Hash Key 186
Phase 4: Confirm Sam’s Authenticity 188
Phase 5: Biometric Key Supplied to Sam 188
Phase 6: Test Message’s Integrity 189
Conclusion 190
Bibliography 191
Policy Translation and Reconciliation Techniques for the System-of-Systems Domain 192
Introduction 192
Related Works 194
Policy Translation 194
Policy Reconciliation 195
Overview of Our Policy Translation and Reconciliation Solutions 195
Conclusion 197
References 198
The Kido Botnet: Back to the Future 200
Introduction 200
The Story Begins 200
How Kido Works 201
Tricky to Analyse, Tricky to Find, Tricky to Remove 201
The Kido Botnet 202
Dealing with Kido 203
Back to the Future 203
Information Systems Security and Its Affiliation to Information Technology Risk Management 204
The Case for IT Risk Management 204
Information Security’s Relationship to Information Technology Risk Management 205
The IT Risk Management Framework 205
Risk Identification 206
Business Impact Analysis 206
Threats and Vulnerabilities 207
Mitigation Strategies 207
Measure Compliance 208
Contemporary Risk Assessment Methodologies 208
Industry Risk Management Methodologies 209
IT Risk Management and Regulatory Compliance 212
Conclusion 213
References 213
A Sustainable Approach to Healing the World for Humanity and the Environment ... An Evolving Idea 214
Introduction 214
The Need for a New Vision of Leadership and Decision-Making to Transform Business from the Bottom Up, Inside Out 215
The Sustainability of Business and Its Obligation to the Continuity of Life 216
Redesigning the Business Model 219
The Architecture of Sustainable Living 220
Collaborative Systems Replace Hierarchical Structures 222
Business, Biology and Survival of the Fit 225
Tinkering with Mother Nature 227
How Behavior and Wisdom Shape the Future 229
References 232
Hey – Get Off My Cloud! 233
History of Cloud Computing 233
Overview of Cloud Computing 235
Some Services That Cloud Computing Can Offer 235
Some Benefits of Cloud Computing 236
Summary of Cloud Computing Benefits 239
Unequal Contracting Parties 239
Responsibility 240
Access to My Data 240
Right to Audit 240
What Certifications Do They Hold? 240
Forensics 240
Backup, a Bigger Target, Business Continuity, Encryption, Financial Viability 240
Backing Out, Identity, Intruder Detection, Ability to Prove Compliance, Proprietary or Open? 241
Static and Dynamic Analysis for Web Security in Generic Format 242
Introduction 242
Static Analysis 244
Dynamic Analysis 246
Conclusions 248
References 248
Author Index 250