CDG and UNCITRAL Model Law on E-Commerce

Posted by admin on June 7th, 2010

Can the Internet country domain governance learn from the UNCITRAL’s Model Law approach to address the Internet governance problems/weaknesses/vulnerabilities on the country domain level? The motivations for the Model Law included “the progressive harmonization and unification of the law of international trade and in that respect to bear in mind the interests of all peoples, in particular those of developing countries, in the extensive development of international trade”.

The United Nations Model Law facilitating the use of electronic commerce intends to be acceptable to States with different legal, social and economic systems, and could contribute significantly to the development of harmonious international economic relations is intended to facilitate the use of communications and storage of information … and contains rules in specific areas.

http://www.uncitral.org/uncitral/en/uncitral_texts/electronic_commerce/1996Model_status.html

The legislation implementing provisions of the United Nations Model Law has been adopted by many countries, including Dominican republic, Colombia, Ecuador, overseas territories of the United Kingdom. The Model Law influenced the legislation in the USA and Canada.

The UNCITRAL’’s Model Law approach seems to be a viable approach to address, in some extent, the existing problems/weaknesses/vulnerabilities of the Internet Country Domain Governance on the country domain level.

Posted on 2007-11-22

MEETING MINUTES

Posted by admin on June 7th, 2010

CDG Meeting Minutes

6 November, 2007

VENUE: International University of Japan

CALL TO MEETING: Chair, Prof. Yoshiki Mikami called the meeting to discuss on project outline and data collection and analysis.

Participants:

Yoshiki Mikami

Marasinghe Chandrajith Ashudoda

Jay R. Rajasekera

Keisuke Kamimura

Adam Peake

Naohisa Murakami

Katsuko T. Nakahira

Turrance Nandasara

Shigeaki Kodama

Chew Yew Choong

Apologies from Pavol Zavarsky\nTakashi Yukawa

Agenda:

- Briefing of the project outline.

- Discussion on data collection and analysis.

MEETING MINUTES

  • Briefing on today agenda.

Ashu introduced papers regarding Internet governance which found on Internet.

  • Data collection and analysis tools for CDG.

Chew briefly introduce the system going to implement for data collection.

  • Work in progress
  • Mikami asked everyone to study page 39 of Ashu’’s note.

- Mikami mentioned that during the next meeting in Tokyo, one aspect to discuss about is Risk Management; keyword should be how CCTLD is manage.

- Mikami asked everyone to inform him which part of the final report they are more interest to write.

- Kamimura said 1. We need to improve the relationship with domain manger before asking them. 2. We should filter already know/available information, and focus on unknown information.

Mikami asked Kimura to prepare a questionnaire for December meeting, list of what we know and what we don”t.

- Mikami asked Jay to prepare a definition of vulnerability and governance by December meeting.

- Mikami said NUT will responsible for data collection and analysis.

- Kamimura showed everyone the flyer he prepared for Rio.

- Mikami remind everyone that by end of March, we need to answer to Toi sensei on

1. How we define CCTLD governance.

2. What is our plan to solve CDG issue?

Next meeting.

Meeting #3: Suggested: 11, 17 or 21 of December 2007 somewhere in Tokyo. Mikami asked to invite Japan Registry Services Co., Ltd. (JPRS) staff to join this meeting.

Posted on 2007-11-15

CDG’’s Meeting Minutes

Posted by admin on June 7th, 2010
CDG’’s Meeting Minutes
8th October 2007
VENUE: Nagaoka University of Technology, SOGO KENKYU BLDG. 6F

CALL TO MEETING: Chair, Prof. Yoshiki Mikami called the meeting to kick off CDG project.

Participants:

Yoshiki Mikami
Marasinghe Chandrajith Ashudoda
Jay R. Rajasekera
Keisuke Kamimura
Adam Peake
Naohisa Murakami
Katsuko T. Nakahira
Turrance Nandasara
Shigeaki Kodama
Chew Yew Choong
Zin Maung Maung
Pann Yuu Mon
Apologies from:Pavol Zavarsky,Takashi Yukawa

Agenda: Briefing of the project outline

Discussion

MEETING MINUTES

Mikami introduced some background information about JST and RISTEX program.

Introduction to CDG’’s research plan:

Program: Governance in the Ubiquitous Society

Project title: Country Domain Vulnerability

Project period: 6 months Feasibility Study (Oct 07 – Mar 08). Mikami reminded that the RISTEX program is not a program for technology development; rather a social solution uld put more focus on “Governance in the Ubiquitous Society”, not on technology only.

Keywords: What is vulnerability of country domain? (Adam asked what is non-vulnerability or well-managed country domain then?)  How our study can contribute to solve the problem?

Stakeholders” involvement/network. Example of stakeholder: ICANN, centrefold’’s manager, government, user, etc. Any more keywords?

Questions from Toi sensei: List of sub-themes.

Predefined milestones of R&D (Adam suggested to predefined an incremental process).

-Way(s) to implement the result of this research into real world.

-Way(s) to perform self-evaluation and what is the evaluation criteria.

- Feedback to the program coordinator’s comments and questions?

Two papers about ccTLD:

- RFC 1591 (Domain Name Sstsem Structure and Delegation)

- ICP-1: Internet Domain Name System Structure and Delegation (ccTLD Administration and Delegation)

Possible conference dates:

- APTLD Bangkok Oct. 24-25

- IGF Brazil 2007 Nov. 12-15

- ICANN Feb. 10-15

- APTLD Taipei 2008 Feb. 20-29

Mikami mentioned that the final feasibility study report should submit by mid of March 2008.

Target parties:

NSO – Country Code Names Supporting Organisation. Chris Disspain (Chris) (.au)

APTLD – Asia Pacific Top Level Domain Association. Shariya Haniz Zulkifli (Shariya) (.my)

PICISOC  – Pacific Islands Chapter of the Internet Society. Frank Martin

FUNREDES Fundaci -Redes-y-Desarrollo or  Networks-and-Development-Foundation.

Daniel Pimienta Catalan TLD – Amadeu Abril i Abril.

To Do

- To define the final scope of study:

- To be focus on ccTLD, especially Pacific Islands

- To be consider non-ccTLD like .cat, .eu, .asia, etc in later stage.

- How about other cases like the using of .us on famous social bookmarking site http://del.iciou.us

- To define what is vulnerability and non-vulnerability.

For example, non-vulnerability (well-managed):

Does not allow inappropriate services

Contents : Efficient and fair allocation of sub-domains

Physical and online security.

Serving good for local peoples/society.

Connectivity of whole local/Internet community.

- To review existing and/or propose new way to perform study on the business plans, money flow, government policy, authority and assignment on ccTLD in each country.

- To draft “TLD management questionnaire”

- Chew to get ready CDG’’s blog server. Create all user accounts and email users about the web site URL and their login information.

- To arrange a meeting with Daniel Pimienta in Rel de Janeiro during IGF Brazil 2007.

Next meeting:

Meeting #2: Suggested: 6 November 2007 in IUJ campus

Suggested: 11, 17 or 21 of December 2007 somewhere in Tokyo. Mikami asked to invite Japan Registry Services Co., Ltd. (JPRS) staff to join this meeting.

Posted on 2007-11-15

US Internet Control To Be Topic

Posted by admin on June 7th, 2010

Crazy Taco writes “It looks as though the next meeting of the UN’’s  http://www.intgovforum.org/

Internet Governance Forum is about to descend into another heated  http://news.yahoo.com/s/ap/20071110/ap_on_hi_te/internet_governance debate about US control of key Internet systems. Although the initial purpose of this year’s summit was to cover such issues as spam, free speech and cheaper access, it appears that nations such as China, Iran, and Russia, among others, would rather discuss US control of the Internet. In meetings leading to up to the second annual meeting of the IGF in Rio de Janiero on Monday, these nations won the right to hold an opening-day panel devoted to ”critical Internet resources.” While a number of countries wanting to internationalize Internet control simply want to have more say over policies such as creating domain names in languages other than English, we can only speculate what additional motives might be driving nations that heavily censor the Internet and lock down the flow of information across it.

SOURCE:

http://slashdot.org/article.pl?sid=07/11/10/2134212″>slashdot

US Internet Control To Be Topic

Posted on 2007-11-12

Islands of Red

Posted by admin on June 7th, 2010

McAfee’s report “Mapping the Mal Web” (March 2007) pointed out a weakness in registration process of several small islands” domains: free-of-charge registration in Tokelau, and an anonymous registration allowed in Niue. Following is an excerpt from Islands of Red chapter of the report.

Islands of Red

Small island nations and island territories frequently rank high on the list of most risky TLDs. If we include TLDs for which Site Advisor has tested 100 or more sites, we find five small island TLDs that are unusually risky.

Sao Tome / Principe (.st) 18.5%

Tokelau (.tk) 10.1%

Turks and Caicos (.tc) 9.9%

South Georgia / South Sandwich Islands (.gs) 9.3%

British Virgin Islands (.vg) 9.1%

Cocos Islands (.cc), while not highly ranked on overall risk, is 10th for e-mail practices (11.4% risky sites) and 4th for downloads (7.5% risky sites). Likewise, Tuvalu (.tv) ranks 13th for e-mail practices (7.4% risky sites) and 7th for downloads (6.7% risky sites). And Niue (.nu) ranks 1st for exploits (0.45%).

One possible reason for the relatively higher concentration of risky sites for at least some of these domains is cost. For example, Tokelau gives out domains for free. Scammers, particularly those employing phishing, exploit or spam tactics, are subject to frequent blacklisting and so they must register and discard many domains very quickly. Registration costs, minimal for one or two domains, become significant when the number of registered sites becomes large.

The .nu TLD makes itself attractive to registrants by allowing anonymous registration. The owner of the TLD indirectly acknowledged the problem some years ago when it announced a http://www.nunames.nu/Press/spam.cfm zero tolerance policy for spammers. But our tests indicate that this policy may not be effective in actually deterring scammers. By contrast, some larger nations require additional documentation as part of the site registration process. Japan, one of the safest TLDs. http://www.marcaria.com/absolutenm/templates/?a=83&z=513 a local postal address as do Ireland, Sweden, and Finland. Norway, another safe TLD, http://www.norid.no/regelverk/index.en.html businesses to register with the government in order to receive a .no domain.

Posted on 2007-11-10

Domain tasting – Abuse Tendencies

Posted by admin on June 7th, 2010

Domain tasting extremely encourages various fraudulent activities such as

  1. Phishing and pharming. During the AGP period a tasted name is attached to a fraudulent web site mirroring the content of a trustworthy organization to fool users in order to grab their credentials. 5 days is long enough to get some fallen victims to this practice but after elapsing the AGP period the name automatically disappears, often making effective investigation hard or impossible; especially, when considering that the 5 day period can be insufficient in filing a valid history record.
  2. Spam. After 5 days the spam domain name disappears and another name is being tasted in order to fool mail filter-out criteria while still delivering the same advertising content. For the same reasons as mentioned above possible investigation experiences the lack of domain name owner evidence.
  3. Domain name mining and WHOIS lookup tracking. Interesting domain names, subject to possible tasting are being harvested in different ways. Various web client add-on components track typed in names, suspect domain resellers track the WHOIS lookup traffic on the web and immediately register those found valuable. Moreover, some registries are eligible (by the respective registry agreement) to track the overall lookup traffic and use it for commercial purposes (e.g. Verisign).
  4. Trademark Infringement. The tasters taste domains with trademark name variations, or use trademark-based typo domains believing to gain more traffic while showing PPC (pay-per-click) advertisement related to the trademark business. As discovering such a name and applying for verbal or formal complaint against the taster takes time a significant amount can be earned during the tasting period. Moreover, in case of possible complaint the taster eventually lets the name expire and thus covers its tracks.

Domain tasting – an example of the Internet domain name governance vulnerability

http://forum.icann.org/lists/rfi-domaintasting/

Posted on 2007-11-02

WASHINGTON BATTLES THE WORLD

Posted by admin on June 7th, 2010

Each paper with brief abstract (copy right belongs to respective authors) and able to download full paper by click on the title. Some of the papers bit old but still relevant of the content.

Journal of Foreign Affairs

http://www.foreignaffairs.org/20051101facomment84602/kenneth-neil-cukier/who-will-control-the-internet.html

Who Will Control the Internet

http://www.foreignaffairs.org/author/kenneth-neil-cukier/index.html

Kenneth Neil Cukier

WASHINGTON BATTLES THE WORLD

As historic documents go, the statement issued by the U.S. Department of Commerce on June 30 was low-key even by American standards of informality. No flowery language, no fountain-penned signatures, no Great Seal of the United States — only 331 words on a single page. But the simplicity of the presentation belied the importance of the content, which was Washington’’s attempt to settle a crucial problem of twenty-first-century global governance: Who controls the Internet?

Any network requires some centralized control in order to function. The global phone system, for example, is administered by the world’’s oldest international treaty organization, the International Telecommunication Union, founded in 1865 and now a part of the UN family. The Internet is different. It is coordinated by a private-sector nonprofit organization called the Internet Corporation for Assigned Names and Numbers (ICANN), which was set up by the United States in 1998 to take over the activities performed for 30 years, amazingly, by a single ponytailed professor in California.

Journal of new media society

http://nms.sagepub.com/cgi/content/abstract/5/1/47

Mutiny on the bandwidth: the semiotics of statehood in the internet domain name registries of Pitcairn Island and Niue.

Philip E. Steinberg
Stephen D McDowell

The internet has evolved to have a complex top-level domain name system, in which generic top-level domains such as .com and .org coexist with country-code top-level domains such as .UK and .JP. In this article, the history and significance of this hybrid naming system is examined, with specific attention directed to the manner in which it simultaneously reproduces claims to globalism, state sovereignty, and the presumption of United States hegemony. It is found that the domain name system affirms the centrality of the sovereign state while concurrently challenging its underlying basis in an idealized nexus of nation, government, and territory. These themes are explored through case studies of two Pacific island microstate domains: .PN (Pitcairn Island) and .NU (Niue).

Journal of IT SOCIETY
DIGITAL DIVIDES IN THE PACIFIC ISLANDS
DIRK HR SPENNEMANN

By virtue of their physical make-up, their cultural and linguistic diversity, and the relative isolation and spread of their population, Pacific Island countries are faced with a multitude of challenges in the delivery of information services. This article reviews the nature of the digital divides that exist in the Pacific region, considering divides within countries, between the countries, and between the Pacific region and the rest of the world. The varied but generally high costs of Internet access (in part brought about by national telecommunication monopolies) are exacerbating the digital divide along socio-economic lines; but they also create regional imbalances, with certain countries effectively isolated. Nonetheless, community-based systems can work to offset this, as shown on Niue. Within these countries at present, no structures are even envisaged that would address digital divides, nor the implications of the technologies on traditional rank, status and power structures, which are fundamental matters in Polynesian and Micronesian societies .

http://csusap.csu.edu.au/~dspennem/PDF-Articles/PacificDivideTables.pdf

http://www.china-cic.org.cn/english/digital%20library/200502/5.pdf

Global Internet Governance: Perspectives and Analysis
Tang Zicai, Liang Xiongjian

The issue of Internet Governance is a hot topic in recent years for regulatory agencies around the world. In many papers this issue was discussed. This paper, using the Game theory, has explored the governance structure for the future, and achieved an alliance result. Furthermore, this paper presents an overview and analysis of the history and current structure of the global Internet Governance.

http://www.carleton.ca/spa/Publication/Pal%20Teplova%20chapter%203.pdf

Domain Games: Global Governance of the Internet
Leslie A. Pal and Tatyana Teplova

ICANN’’s assigned mission-to create an effective private sector policy development process capable of administrative and policy management of the Internet’’s naming and address allocation systems was incredibly ambitious. Nothing like this had ever been done before. ICANN was to serve as an alternative to the traditional, pre-Internet model of a multinational governmental treaty organization. The hope was that a private-sector body would be like the Internet itself: more efficient-more nimble-more able to react promptly to a rapidly changing environment and, at the same time, more open to meaningful participation by more stakeholders, developing policies through bottom-up consensus. It was also expected that such an entity could be established, and become functional, faster than a multinational governmental body. Against this backdrop, the US-based Internet Corporation for Assigned Names and Numbers (ICANN) resembles a “pilot project” for a new governance model in a globalized world. Here, the provider and users of Internet services represent the decision-making policy bodies, with national governments relegated to an “advisory” capacity. … [I]t reflected the conceptual need for the development of new global governance mechanisms, and political and legal structures that go beyond a system based on nation states and intergovernmental regulation.

https://www.cato.org/pub_display.php?pub_id=1473&print=Y&full=1

Internet Domain Names: Privatization, Competition, and Freedom of Expression by Milton Mueller Summery: There is growing confusion over the administration of Internet top-level domain names (TLDs), the system of suffixes, such as .com, .org, and .edu, that determines a person’’s e-mail or Web site address on the Internet. We need to define rules and procedures that will permit and encourage competition among administrators of TLDs in response to market demand. Freedom of expression should be a primary concern. Proposals for compulsory national TLDs should be rejected. National TLDs would undermine the international character of the Internet and encourage national governments to enact myriad petty regulations and restrictions on free speech. Domain names should not be equated with trademarks or brand names. We should reject attempts to forge inappropriate links between domain name registration and trademark protection.

http://www.smu.edu/csr/articles/2004/Winter/Mota.pdf

Internet Domain Name Disputes: Working Toward a Global Solution
Sue Ann Mota

The Internet is essential to the growth of the global economy and the Domain Name System is essential to accessing sites on the Internet. Over 170 registrars are accredited to issue top-level domains, such as .com, .net, and .org.

  1. Frequently, however, disputes arise over who should own a particular domain name. The Internet Corporation for Assigned Names and Numbers (ICANN) has adopted a Uniform Domain Name Dispute Resolution Policy (UDRP) to address these disputes.
  2. CANN has approved four dispute resolution service providers that are currently handling domain name disputes.
  3. This article will examine the success rate of complaints, the elements that must be proven in a domain name dispute, the fees charged, and the number of disputes handled by the four dispute resolution providers. In addition, this article will make recommendations for improving the current system.Different approaches to top-level domain naming embody three conflicting visions of Internet governance. One vision, which bases top-level domain names on ISO 3166 country codes, represents an attempt to force the Internet into the traditional governance structure of nation-states. An alternative vision bases top-level domain names on “generic,” meaningful categories and features company or organization names at the second level. A third principle of domain naming puts top priority on the problem of reconciling domain names with company trademarks.

http://www.cs.cornell.edu/People/egs/papers/dnssurvey.pdf

Perils of Transitive Trust in the Domain Name System
Venugopalan Ramasubramanian and Emin Gün Sirer

The Domain Name System, DNS, is based on nameserver delegations, which introduce complex and subtle dependencies between names and nameservers. In this paper, we present results from a large scale survey of DNS, and show that these dependencies lead to a highly insecure naming system. We report specifically on three aspects of DNS security: the properties of the DNS trusted computing base, the extent and impact of existing vulnerabilities in the DNS infrastructure, and the ease with which attacks against DNS can be launched. The survey shows that a typical name depends on 46 servers on average, whose compromise can lead to domain hijacks, while names belonging to some countries depend on a few hundred servers. An attacker exploiting well-documented vulnerabilities in DNS nameservers can hijack more than 30% of the names appearing in the Yahoo and DMOZ.org directories. And certain nameservers, especially in educational institutions, control as much as 10% of the namespace.

http://www.cjc-online.ca/include/getdoc.php?id=1119&article=865&mode=pdf

Book Reviews

  • Ruling the Root: Internet Governance and the Taming of Cyberspace. By Milton L. Mueller. Cambridge: MIT Press, 2003. 327 pp. ISBN 0262134128.
  • Internet Governance in Transition: Who Is the Master of This Domain? By Daniel J. Paré. Lanham, MD: Rowman Littlefield, 2003. 208 pp. ISBN 0742518450.

When the Internet Corporation for Assigned Names and Numbers (ICANN)-the product of the Clinton administration’’s decision to entrust the regulation of the Internet domain name system (DNS) to the private sector in 1998-eliminated Internet user elections of its board members entirely last year, it signalled an important passage, both for the organization and for the regulation of the Internet itself as a communicative space. It is fitting therefore that a first round of book-length treatments of ICANN and domain name regulation have since emerged, ones bent on capturing the significance of the bitter struggle over the political, economic, and technological control of the network that has been unfolding since the early 1990s. Although a large number of academic articles dealing with the governance of the DNS have been published in the past several years (many of them contained in special issues of legal or elecommunications policy journals), the politics of cyberspace have progressed at such a rapid pace that any book ran the risk of instantly being overtaken by the continuation of the events they proposed to analyze.

Milton L. Mueller’’s Ruling the Root: Internet Governance and the Taming of Cyberspace and Daniel Paré’’s Internet Governance in Transition: Who Is the Master of This Domain? are two of the most comprehensive treatments thus far of the prehistory and first phase of ICANN’’s wildly contested first five years making policy for the Internet. Though both went to press before the organization abruptly ended its flirtation with cyber-democracy, they capture well both the interplay of forces that went into the creation of ICANN and its behavior since that point in the areas of creating a private resolution mechanism for domain name disputes and conjuring up seven new top-level domain cyber-neighborhoods (by the name of .biz, .aero, .pro, et cetera). As such, scholars looking for more complex and comprehensive treatments of the vitally important issue of DNS governance, pregnant as it is with meaning for the future structure and function of cyberspace, will be relieved. The first contribution these books make is to finally put to rest, should there still be any need for this, notions that the Internet is somehow immune by nature to power relations witnessed in our world of flesh and bone. As Mueller suggests, a precondition for understanding ICANN’’s status as an organization is moving “beyond the idea that the Internet is intrinsically voluntary and cannot be institutionalized or controlled” (p. 217), a position Paré adopts as well. Beyond formal similarities to do with their subject matter and the temporal congruence of their release, however, the works by Paré and Mueller are significantly different in terms of their theoretical approach to DNS governance. Paré, now an assistant professor at the University of Ottawa’’s Department of Communication, used his time as a research fellow at the London School of Economics profitably, turning his dissertation into this book-length treatment of DNS regulation. He opts for an approach to the subject from a theoretical position (outlined most thoroughly in chapter 3, “Don”t Believe the Hype!”) that brings into relief the social and political aspects of what have been called the “DNS wars.” Eschewed are “prescriptive” approaches to Internet governance such as what he characterizes as the “commons school,” or “top-down” approaches (p. 45), and the “decentralized school,” or approaches that “preclude the need for any external regulation or coordination” (p. 47). In addition, “process-based” approaches, although given more consideration than the previous two, are ultimately sidelined in favour of what Paré refers to as the “power-oriented” approach (p.. 64).

Posted on 2007-10-29

‘Country domains governance vulnerabilities’

Posted by admin on June 7th, 2010

The NIST SP 800-30 defines vulnerability as “a flaw or weakness in the system design, implementation, internal controls, or security procedures that could be exercised (accidentally triggered or intentionally exploited) and result in a security breach or violation of the system’’s security policy.

Non-existence of Internet related laws and regulations on national levels, non-existence of functioning centralized and decentralized Internet governance and supporting management structures in most countries of the world, etc., can be viewed as weaknesses of the system, as serious vulnerabilities of the Internet country domains.

The vulnerability identification typically follows system characterization and threat identification steps in the risk management process. The global Internet, a network of networks of networks of networks, is a system not planned by anyone and not controlled by anyone. If the Internet governance components include strategic planning on the global level, centralized and decentralized governance structures, policies, guidelines, assigned roles and responsibilities on the global and national levels, with an ongoing monitoring, then the governance of the Internet country domains is seriously flawed and vulnerable.

The Global Internet Governance Academic Network and the United Nations Internet Governance Forum have objectives to

(1) support the establishment of a global network of scholars specializing in Internet governance issues;

(2) promote the development of Internet governance as a recognized, interdisciplinary field of study,

(3) advance theoretical and applied research on Internet governance, broadly defined: and;

(4) facilitate informed dialogue on policy issues and related matters between scholars and Internet governance stakeholders (governments, international organizations, the private sector, and civil society). The Country Domain Vulnerability Project has the potential to identify vulnerabilities of the Internet country domains governance that may not have been previously identified in other sources. The research goals of the Country Domain Vulnerability Project fit extremely well into the objectives of the Global Internet Academic Network and the UN Internet Governance Forum Pavol.

mailto:pavol.zavarsky@concordia.ab.ca

Information Systems Security Management

Concordia University College of Alberta

Edmonton, AB, Canada’, ‘Country domains governance vulnerabilities’

Posted on 2007-10-25

Domain Vulnerability Fishbone Diagram by Jay

Posted by admin on June 7th, 2010

Hello! This is my first post here. So, if I make mistake please excuse me. Thanks Mikami-sensei for the meeting on Thursday. We discussed about the domain vulnerability. I collected several information about how vulnerability has been described. I found that vulnerability can happen due to many reasons and a comprehensive measure may include many variables. While trying to connect such variables, it came to my mind that “Fishbone Diagram,” sometimes known as Ishikawa Diagram may be a good starting point. Example of Fishbone Diagram as below:

http://gii2.nagaokaut.ac.jp/cdg/wp-content/uploads/2008/07/fishbone_diagram.gif

I think it needs more brainstorming to refine it. Once we refine it, there may be other approaches that we can use to define the “vulnerability.” As I had mentioned before, perhaps a measure such as “Vulnerability Index” may be a good thing to think about as part of this research project.

You may be aware that US-CERT (a us govt sponsored research organization) maintains a “Vulnerability Notes Database” as a way to inform various vulnerabilities related to Internet. If a Vulnerability Index can be somehow defined, that may also be useful to the larger Internet community.

Anyway, we could follow such paths as part of this research. For now, I submit this Fishbone Diagram as a starting point. (Unfortunately, I cannot upload the ppt file or a jpg file to the server). SO, I send it by e-mail.

(Thanks Chew-san and Mikami-sensei for uploading the Fishbone Diagram from the ppt file. I see it here now)

Thanks everyone.

Jay Rajasekera

Ref:

  1. Jonathan Zittrain, “Saving the Internet”, Harvard Business Review, June 2007.
  2. William L. Fithen, Shawn V. Hernan, Paul F. O”Rourke, and David A. Shinberg, “Formal Modeling of Vulnerability”, Bell Labs Technical Journal 8(4), 173-186 (2004)
  3. US-CERT Vulnerability Notes Database:

http://www.kb.cert.org/vuls/

‘Domain Vulnerability- Fishbone Diagram’

Posted on 2007-10-20

Korea – The Ubiquitous Society

Posted by admin on June 7th, 2010

A paper submitted to World ICT Summit 2005, titled

http://www.chiefexecutive.net/Media/MediaManager/Korea%202.pdf

Posted on 2007-10-19