Abstract.We propose a new model for estimating the time to compromise a system component that is visible to an attacker. The model provides an estimate of the expected value of the time-to-compromise as a function of known and visible vulnerabilities, and attacker skill level. The time-to-compromise random process model is a composite of three subprocesses associated with attacker actions aimed at the exploitation of vulnerabilities. In a case study, the model was used to aid in a risk reduction estimate between a baseline Supervisory Control and Data Acquisition (SCADA) system and the baseline system enhanced through a specific set of control system security remedial actions. For our case study, the total number of system vulnerabilities was reduced by 86% but the dominant attack path was through a component where the number of vulnerabilities was reduced by only 42% and the time-to-compromise of that component was increased by only 13% to 30% depending on attacker skill level.
Software consumers often need to choose between different software that provide the same functionality. Today, security is a quality that many consumers, especially system administrators, care about and will use in choosing one software system over another. An attack surface metric is a security metric for comparing the relative security of similar software systems [7]. The measure of a system's attack surface is an indicator of the system's security: given two systems, we compare their attack surface measurements to decide whether one is more secure than another along each of the following three dimensions: methods, channels, and data. In this paper, we use the attack surface metric to measure the attack surfaces of two open source FTP daemons: ProFTPD 1.2.10 and Wu-FTPD 2.6.2. Our measurements show that ProFTPD is more secure along the method dimension, ProFTPD is as secure as Wu-FTPD along the channel dimension, and Wu-FTPD is more secure along the data dimension. We also demonstrate how software consumers can use the attack surface metric in making a choice between the two FTP daemons.
The current study investigated the prevalence of multiple risk behaviors in popular music lyrics as well as the contexts within which they occur. We conducted a content analysis of the top 20 Billboard songs from 2009 to 2013 in the genres of rap, country, adult contemporary, rock, R&B/hip-hop, and pop, coding for the presence of alcohol, marijuana, nonmarijuana drugs, and sex as well as the contexts intoxication, binging/addiction, partying/socializing, disregard for consequences, and emotional states. The contexts relationship status and degradation were also coded for when sex was present. Of the 600 songs, 212 mentioned sexual behaviors, which were most frequent in rap and R&B/hip-hop. Alcohol was the next most frequent risk behavior, again with greatest mention in rap and R&B/hip-hop. Alcohol, marijuana, and nonmarijuana drugs were most often associated with positive emotions, and sex was most often described within the context of casual relationships. Alcohol and sex were associated with disregard for consequences most often in 2011, when the "you only live once" motto was most popular. These findings are concerning because exposure to popular music is associated with increased risk behaviors for adolescents and young adults, who are the greatest consumers of music.
While many studies have addressed the impact of media literacy interventions on knowledge of specific topic areas, fewer have explored improvements in media literacy skills as outcome measures. This study analyzed the impact of a media literacy intervention on participants' critical thinking skills and understanding of media literacy principles by addressing the topics of body image and media representations of gender and race. A two-group, longitudinal experimental design was implemented using college-aged student participants across multiple introductory communication course sections (n = 198) at a public university in the southeast. Results were significant for several media literacy measures for the treatment group after exposure to the intervention compared to the control group. These findings were persistent over the duration of the semester as demonstrated in the second posttest.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.