With the evolution of information technology in the corporate sector, the working paradigm shifted from manual to automated. On one side, it has leveraged human efforts of managing and maintaining the document files efficiently while on the other hand, it demands more security efforts for confidential documents because of the availability of large number of access channels. So the horizon of information security has also expanded from physical to electronic. This laid the foundation of developing more security mechanisms for protecting valuable information. The need and use of internet inside the organizations made this security problem quite nontrivial. Organizations not only have to protect those documents from external (outside the organization) attackers but also have to do the same for insiders (their legitimate users). Time has proven that majority of the attacks to tamper the confidentiality of information of an organization comes from external attackers but most of the attacks that get successful are from insiders. This is due to an obvious fact that insiders already possess the information external attackers would need to find out to penetrate into a system. It has always been an intricate job to protect your critical assets from those who not only have your trust but are also privileged to access those assets. This also holds good for insiders who (normally) are the rightful users of confidential information in the organization. Their privileged access to secret resources, knowledge about critical information and security mechanisms implemented inside the organization and their ability to bypass the existing security arrangements make the insider threats detection problem quite a significant one. The criticality of the problem can be vindicated by the fact that even a little misuse of the confidential informational assets of the organization may bring the reputation of the organization down from first-rate standing to below-par and can adversely affect the its financial position. To cope up with the aforementioned challenges, a host based framework for insider threats detection of information misuse has been presented in this dissertation. This research work has broad applicability with reference to the organizations of Pakistan especially those which work on missioncritical projects and products like Khan Research Laboratories, National Development Complex, Atomic Energy Commission, National Engineering and Scientific Commission. Private sector organizations can also benefit if the confidentiality of their secret information is critically significant for them. This framework will enable these organizations to cope up with the security threats posed by the insiders even if they already use a third party tool for detection. Such organizations can get advantage from the framework in their efforts to avoid/reduce possible insider attacks. Tunable parameters of the framework make it flexible and organizations can use it according to their need and security requirements. The framework in its nature is a comprehensive one. It not only comprehends technical measures but also covers psychological indicators to handle the misuse of information by insiders. Compared with the available methodologies, it incorporates a more practical approach. It provides a novel methodology of risk assessment which practically quantifies the risks and assigns threats level to each user depending upon his/her behavior, a problem which has not been handled in detail in the current literature of insiders. It also denies the famous assumption of no covert channel’s presence in the mechanisms used for detection. It proves the aforementioned assumption as unrealistic and a great threat to the organization. It discusses a deployment methodology to avoid this assumption. In this deployment, the source code of the developed application is accessible only to the higher management of the organization in order to detect any illegal changes in the source files through different techniques like code reviews etc. Besides describing efficient behavioral classification mechanism through fuzzy classifier, development of information sensors to capture necessary information, reduction in overall processing overheads by deploying non uniform security policies and the way to minimize false alarms by filtering insiders in different stages, it also provides an exhaustive blue print of scenario building and testing methodology in order to validate the framework. This validation methodology is quite closer to the real world environment of the organizations by simulating the real attack scenarios on the framework instead of theoretically providing a validation methodology. In epitome, the framework provides sufficient contributions to the knowledge of the insider threats detection domain. We, here in Pakistan would have remained unaware of the latest research in the field of networks and information security had HEC (Higher Education Commission of Pakistan) not taken revolutionary steps like providing free access to many digital resources and libraries, facilitating students with laptops, providing research grants and scholarships. The vision of HEC has enabled researchers to reveal the positive value that their research can bring into this country. Its technical and financial support has been a beacon for individuals who want to pursue their research work in the area of their interest. It is also due to the support of HEC that we have been able to conduct this research. HEC facilitated us in all ways during the course of this research work. From providing the supervision of knowledgeable academic professionals to the facilitation of modern literature, tools, accommodation and arrangements, HEC’s role has been very sublime and encouraging.
یار پرانے چھڈ کے ٹریوں نویاں من پسنداں نال ہتھیں دتیاں ہوئیاں گنڈھاں، بہہ کے کھولیں دنداں نال ہک پل کول کھلوتیاں میرے، جے کر جگ نے ویکھ لیا پھیر یقین کسے نہیں کرنا، قسماں تے سوگنداں نال قدم قدم تے ہے پئی چمدی، منزل پیر مسافر دے چار دیہاڑے بہہ کے جس نے کڈھے دانش منداں نال تن من دھن قربان کرایا، دین بچایا نانے دا شاہ حسینؑ، شہید ہوئے نے، خویشاں تے فرزنداں نال
One of the main features of the property that Islam does not allow the wealth is concentrated around few peoples; any group or class of society, but according to Islamic point of view money should be in circulation so that poor class of the society could enjoy this blessing from Almighty Allah. Zakat Distribution System is a system of fair procedure for this world by Islam; if it is implemented with true spirit of Islam it can end poverty from the society. Islam obligate rich people of the society to distribute Zakat from their wealth amongst poor people however Islam has ordered not to receiver Zakat more than their needs so that it could be distribute to other poor people of the society. Zakat is an important and has significance in Islam. Islamic law imposed the duty on the Islamic government to collect Zakat from the rich and distribute it to the poor of the society, which caused not only undermined the dignity of the poor. Islamic law imposed the duty on Islamic government to take steps of receiving Zakat. If the government imposed the proper procedures in current banks and other financial institutions to receive Zakat from the rich people of the society and distribute it amongst the poor of the society than it could help to get rid of poverty from the society and it also help for the stability of the economy of any Country?
Effects of New Physics on Neutrino Interactions We explore the effects of neutrino interactions due to new physics with the standard Lorentz structure, but with the nonstandard flavor structure in the reactor electron- antineutrino disappearance short- and medium-baseline oscillation and in the very- short-baseline scattering experiments. In both types of experiments, we explore the nonstandard interactions of neutrinos produced in the charged current neutron beta decays and, later on, when detected through inverse beta decay and through purely leptonic elastic scattering processes. In oscillation experiments, there is degeneracy between oscillations and the new interactions, whereas the scattering experiments are free from the degeneracy because of their baseline short enough to ignore the standard oscillation phenomenon. In oscillation experiments, we draw on the short-baseline Daya Bay and its future upgrade JUNO for the spectral event rate and the statistical analyses and in the scattering experiments TEXONO and its future upgrade version with improved statistical sensitivities for confidence level boundary regions of the nonstandard neutrino interaction parameters. In the oscillation experiments, we find that the average spectrum of observed events at a baseline of 50 km, in the middle of the currently favored region, provides improvement in sensitivity to new physics if combined with improved precision of input mixing parameters in independent experiments, despite of the ambiguity due to the degeneracy between new physics and oscillations in medium-baseline data. Moreover, the nonstandard interactions can enhance or suppress the sensitivity of experiments to the mass hierarchy, depending on the combination of nonstandard and the standard CP-violating phases. In the scattering experiments, we confirm that the current data of TEXONO experiment allows for new physics constraints at the detector of the same order as those currently published. The new physics phase effects are at the 5% level, noticeable in the 90% contour plots but not significantly affecting the conclusions. Based on the projected statistical sensitivities with an upgraded version of TEXONO experiment, we estimate sensitivity of new physics at both source and detector. We find that bounds on source nonstandard interaction parameters improve by an order of magnitude, but do not reach parameter space beyond current limits. On the other hand, the detector new physics sensitivity would push current limits by maximum of an order of magnitude.