A Verified Formal Specification of A Secured Communication Method For Smart Card Applications

In remote villages without access to modern IT technology, simple devices such as smartcards can be used to carry out business transactions. These devices typically store multiple business applications from multiple vendors. Although devices must prevent malicious or accidental security breaches among the applications, a secure communication channel between two applications from different vendors is often required. In this paper, first, we propose a method of establishing secure communication channels between applications in embedded operating systems that run on multi-applet smart cards. Second, we enforce the high assurance using an intransitive noninterference security policy. Thirdly, we formalize the method through the Z language and create the formal specification of the proposed secure system. Finally, we verify its correctness using Rushby's unwinding theorem.

Assurance quality, disclosed connectivity of the capitals and information asymmetry – An interaction analysis for the case of integrated reporting

Purpose Credibility concerns regarding integrated reports can harm the intended decrease of information asymmetry between a firm and its investors. Therefore, it is crucial to examine whether voluntary third-party assurance enhances the credibility of integrated reports and, thus, decreases information asymmetry. Furthermore, this study aims to investigate the interaction effect between assurance quality and the disclosed connectivity of the capitals, a distinguishing feature of integrated reports. Design/methodology/approach Content analysis is performed of the 176 assurance statements included in the 269 integrated reports of Forbes Global 2000 firms disclosed from 2013 to 2015 and the 269 integrated reports themselves. Regression analyzes are applied to examine the associations between assurance, the disclosed connectivity of the capitals and information asymmetry. Findings The presence of an assurance statement in an integrated report significantly decreases information asymmetry. Surprisingly, assurance quality is not significantly associated with information asymmetry. However, an interaction analysis reveals that combining high assurance quality with high disclosed connectivity of the capitals allows a significant decrease in information asymmetry. Research limitations/implications The paper demonstrates that the connectivity of the capitals of integrated reports and assurance quality are connected and together are associated with information asymmetry. Practical implications The results imply, both for report preparers and standard setters, that assurance quality is advantageous only when combined with disclosed connectivity of the capitals. Social implications More information on non-financial information measured by the connectivity of the capitals of integrated reporting has an interaction effect together with assurance quality on information asymmetry. Originality/value This paper builds on a unique data set derived from the contents of integrated reports and accompanying assurance statements. Furthermore, it extends the integrated reporting literature by investigating the interaction between assurance quality and the disclosed connectivity of the capitals, which had not previously been examined in combination.

A fuzzy vault development based on iris images

Biometric systems gather information from the person's biometric attributes, used extensively to authorize the individuals. Due to the obvious convenience of using specific individual traits such as face, fingerprints, palm veins, and irises, biometric authentication is becoming more common. In particular, Iris systems are in high demand for high-assurance applications, because they contain a broad feature set and remain stable. Authentication methods based on iris biometrics are now commonly used in a variety of fields. This is due to the fact that iris biometric authentication is both safer and more comfortable than conventional passwords. Template Security is a major concern in biometric systems. The template security mechanism ensures reusable, permanent, and un-linkable models. The Fuzzy Vault strategy is one of the most popular security schemes for Template protection. Fuzzy vault has demonstrated to be an effective protection method but lacks revocability and security attacks. This article introduced an improved fuzzy vault system. The improved fuzzy vault system was introduced, which uses more than one key to protect biometric data. Different keys make the search space more detailed. The additional key was used to encrypt vault data, which stopped the intruder from accessing the information on the person's biometry. The system was tested using CASIA.v1 and IITD.v1 datasets, and findings showed that the system ensures the protection and authentication of the iris templates without compromising performance. The proposed modification gave a 0.0 % False Accepted Rate (FAR) for both the dataset and False Rejected Rate (FRR), 0.14 % for CASIA v1 and 0.12 % for ITTD v1 False Rejected rate

Does Benchmarking of Rating Scales Improve Ratings of Search Performance Given by Specialist Search Dog Handlers?

Rating scales are widely used to rate working dog behavior and performance. Whilst behaviour scales have been extensively validated, instruments used to rate ability have usually been designed by training and practitioner organizations, and often little consideration has been given to how seemingly insignificant aspects of the scale design might alter the validity of the results obtained. Here we illustrate how manipulating one aspect of rating scale design, the provision of verbal benchmarks or labels (as opposed to just a numerical scale), can affect the ability of observers to distinguish between differing levels of search dog performance in an operational environment. Previous studies have found evidence for range restriction (using only part of the scale) in raters' use of the scales and variability between raters in their understanding of the traits used to measures performance. As provision of verbal benchmarks has been shown to help raters in a variety of disciplines to select appropriate scale categories (or scores), it may be predicted that inclusion of verbal benchmarks will bring raters' conceptualization of the traits closer together, increasing agreement between raters, as well as improving the ability of observers to distinguish between differing levels of search dog performance and reduce range restriction. To test the value of verbal benchmarking we compared inter-rater reliability, raters' ability to discriminate between different levels of search dog performance, and their use of the whole scale before and after being presented with benchmarked scales for the same traits. Raters scored the performance of two separate types of explosives search dog (High Assurance Search (HAS) and Vehicle Search (VS) dogs), from short (~30 s) video clips, using 11 previously validated traits. Taking each trait in turn, for the first five clips raters were asked to give a score from 1, representing the lowest amount of the trait evident to 5, representing the highest. Raters were given a list of adjective-based benchmarks (e.g., very low, low, intermediate, high, very high) and scored a further five clips for each trait. For certain traits, the reliability of scoring improved when benchmarks were provided (e.g., Motivation and Independence), indicating that their inclusion may potentially reduce ambivalence in scoring, ambiguity of meanings, and cognitive difficulty for raters. However, this effect was not universal, with the ratings of some traits remaining unchanged (e.g., Control), or even reducing in reliability (e.g., Distraction). There were also some differences between VS and HAS (e.g., Confidence reliability increased for VS raters and decreased for HAS raters). There were few improvements in the spread of scores across the range, but some indication of more favorable scoring. This was a small study of operational handlers and trainers utilizing training video footage from realistic operational environments, and there are potential cofounding effects. We discuss possible causal factors, including issues specific to raters and possible deficiencies in the chosen benchmarks, and suggest ways to further improve the effectiveness of rating scales. This study illustrates why it is vitally important to validate all aspects of rating scale design, even if they may seem inconsequential, as relatively small changes to the amount and type of information provided to raters can have both positive and negative impacts on the data obtained.

Cybersecurity of Railway Network Management and Partitioning

The railway transport infrastructure ensures the transfer of large numbers of people and cargo every day. The importance of the railway in terms of ensuring the serviceability of the territory makes it a critical infrastructure. We can observe the development of the use of IT technologies on railway, as in all areas of the human system. The management of the railway as a physical system needs to be superseded by management of the railway as a cyberphysical system. The railway infra-structure has a large area of attack in both, physical space and cyber space. Multiple Independent Levels of Security (MILS) can meet the high system security requirements. The MILS is a high-assurance security architecture based on the concepts of separation and controlled information flow. The article discusses the possibilities of using the MILS platform in the data communication system and the control system of the railway. Keywords: Cyber Physical Systems, Critical Infrastructures, Multiple Independent Levels of Security