IT Security — State of the Nation

Rather than tackle one particular topic in detail, this article will consider where IT security has got to across several fronts — in some areas considerable progress has been made, systems are “more” secure now than a few years ago. In other areas however, little has changed; the problem has just been moved around or hasn’t really been effectively solved. Certainly the threat landscape has changed, modern attacks are often intriguingly clever and powerful (witness the breadth of distribution mechanisms that the NIMDA virus used, the use of SQL injection against websites etc…). Technology has also presented further opportunity — just look at the flurry of threats that have surrounded wireless networks since their inception.     

Can a Trusted Environment Provide Security?

A natural extension of cloud services is to extend platform independence via virtualization to a security model. For security as a service to be a viable cloud offering, customers must be able to establish their own security policies and risk framework. Today, cloud customers must purchase, install, and configure the antiviral, antispyware, antimalware, and so on, services in their host environment. However, if cloud providers offered security as a service in these virtualized environments, customers could integrate these security measures into their risk profile to ensure that the cloud risk posture is acceptable for their mission. By leveraging the service delivery model, a cloud can deliver security as a service as part of a virtualized infrastructure as a pay-for-service offering. This configuration lets customers selectively choose the countermeasures they wish to implement as dictated by their risk profile. The practicality of this security-as-a-service approach will continue to evolve with technology. In spring 2009, VMware released the VMsafe API, which supports third-party security applications in the hypervisor (a virtual-machine monitor). If VMsafe performs as claimed, it will enable the cloud-computing environment to support security as a service. The VMsafe API offers the immediate opportunity to begin the long-needed transition of cloud computing from a trusted environment to a secured environment.     

Security analysis of a new stream cipher

From 1st February of 2004, Europe launches the ECRYPT project, which collects lots of stream ciphers from all over the world. These new stream ciphers are unlike the tradi- tional stream ciphers that use LFSRs as basic building blocks; instead they use mo…     

Organisational learning: Collective mind or cognitivist metaphor?

The concept of organisational learning may be seen to be based on an implicit cognitive model of organisations. An examination of the literature on the subject, however, reveals that there are widely differing views on how this model is to be interpreted. Does it really mean that organisations are entities capable of cognition, or is it just a metaphor? In this paper some of the main perspectives on organisational learning are explored and their assumptions about the nature of the phenomenon are discussed. The implications of the different perspectives for the relationship between information systems and organisational learning are considered.     

Closing the gap between copyright and designs: an age of enlightenment or state of confusion?

The arena of intellectual property encompasses streams that often interrelate and overlap in protecting different aspects of intellectual property. Australian commentators suggest that ‘one of the most troublesome areas in the entire field of intellectual property has been the relationship between copyright protection for artistic works under the Copyright Act 1968 (Cth) and protection for registered designs under the Designs Act 1906 (Cth).’ [McKeough, J., Stewart, A., & Griffith, P. (2004). Intellectual property in Australia (3rd ed.). Chatswood, NSW: Butterworths.] [Ricketson, S., Richardson, M., & Davison, M. (2009). Intellectual property: Cases, materials and commentary (4th ed.). Chatswood, NSW: LexisNexis Butterworths.] This overlap has caused much confusion for both creators of artistic works and industrial designs, as there is an uncertainty of whether protection against infringement is afforded under the Copyright Act 1988 (Cth) or whether the Designs Act 2003 (Cth) will apply. In Australia, there is limited precedent that examines the crossover between copyright and designs. Essentially, the cases that have tested this issue remain unclear as to whether a design applied industrially will invoke copyright protection. The cases demonstrate that there is an inconsistency in this area despite the aims of the new provisions of the Designs Act 2003 (Cth) to close the loopholes between copyright and designs. This paper will discuss and evaluate the relationship between copyright protection for artistic works and protection for registered designs with respect to the Designs Act 2003 (Cth).     

Cooperative virtual worlds—a viable eCollaboration pathway or merely a gaming trend?

With research and technology advances in networking and computer graphics, cooperative virtual environments (CVEs), 3D virtual worlds, which can be used by multiple persons that are represented in the virtual world through avatars, are becoming increasingly popular. In this short position paper we discuss whether or not CVEs are a lasting phenomenon with impact on eCollabopration practice and CSCW research or just an isolated phenomenon in the gaming community. In doing so, this paper outlines four application areas that CVEs are successful in (games, leisure, education, business) and presents opportunities, risks and research challenges that are associated with using CVEs as eCollaboration tools.     

Adaptive music retrieval–a state of the art

With the development of more and more sophisticated Music Information Retrieval approaches, aspects of adaptivity are becoming an increasingly important research topic. Even though, adaptive techniques have already found their way into Music Information Retrieval systems and contribute to robustness or user satisfaction they are not always identified as such. This paper attempts a structured view on the last decade of Music Information Retrieval research from the perspective of adaptivity in order to increase awareness and promote the application and further development of adaptive techniques. To this end, different approaches from a wide range of application areas that share the common aspect of adaptivity are identified and systematically categorized.     

State estimation over a communication network： measurement or estimate communication？

In this paper we consider the problem of state estimation over a communication network. Using estimation quality as a metric, two communication schemes are studied and compared. In scheme one, each sensor node communicates its measurement data to the remote estimator, while in scheme two, each sensor node communicates its local state estimate to the remote estimator. We show that with perfect communication link, if the sensor has unlimited computation capability, the two schemes produce the same estimate at the estimator, and if the sensor has limited computation capability, scheme one is always better than scheme two. On the other hand, when data packet drops occur over the communication link, we show that if the sensor has unlimited computation capability, scheme two always outperforms scheme one, and if the sensor has limited computation capability, we show that in general there exists a critical packet arrival rate, above which scheme one outperforms scheme two. Simulations are provided to demonstrate the two schemes under various circumstances.     

Robustness of nonlinear state feedback—A survey

A survey of robustness of nonlinear state feedback is given. For series perturbations there are fairly complete results, showing that under mild restrictions an optimal controller can tolerate an infinite increase in gain. For gain reductions there are some results for systems linear in the control. In particular there is a 50% reduction tolerance if the control penalty is quadratic. Usually the optimal controller cannot be computed exactly. There are some results showing the effects of truncation on the robustness. Essentially robustness is maintained but in a reduced (computable) part of the state space.     

ε-Entropy and Fractal Dimension of a State for a Gaussian Measure

Kolmogorov introduced the concept of -entropy to analyze information in classical continuous systems. The fractal dimension of a geometric set was introduced by Mandelbrot as a new criterion to analyze the geometric complexity of the set. The -entropy and the fractal dimension of a state in a general quantum system were introduced by one of the present authors (MO) in order to characterize chaotic properties of general states.In this paper, we show that -entropy of a state includes Kolmogorov's -entropy, and that the fractal dimension of a state describes fractal structure of Gaussian measures.     

InfoSec In the Interest of National Security — Part 1

In looking back at articles in InfoSec magazines and even this column’s past topics, I didn’t find any significant readings that addressed the role of InfoSec in the national security environment. By national security, we mean not only the sensitive nation-state’s government agencies’ information, but more importantly, their classified information. Just as trade secrets and other proprietary-related information are the ‘crown jewels’ of any corporation, the classified information is the ‘crown jewels’ of a nation. By classified we mean information that is confidential, secret or top secret —or have similar designations, depending on where you live.     

Security of the Internet Transactions

The new generation of networked business solutions brings legacy data and applications to the world wide Web, and lets companies redefine internal and external business processes. The present need for internet transaction has forced many business to adopt the internet forms of distribution of its business items. This has threatened security, hence needs to be given a key priority. This paper alights the key areas on how to protect the information we transact on the internet. It also aims at improving the security of our data and the computers we use to access this data.     

电脑安全卫士—Pc Security

Tropical Software公司出品的PcSecurity是一款十分优秀的电脑安全软件,《软件》杂志2001年第2期配套光盘中收录有Pc Security4.3版以及汉化包,也可以到http://www.tropsoft.com下载最新版本,到http://tarino.myrice.com下载汉化包。推荐使用中文Windows系统的用户安装汉化包,因为英文软件在