International Journal of Security, Privacy and Trust Management最新文献

{"title":"Object Capability Model for Tee: A Cheri Based Compartmentalization Approach","authors":"Bala Subramanyan","doi":"10.5121/ijsptm.2023.12402","DOIUrl":"https://doi.org/10.5121/ijsptm.2023.12402","url":null,"abstract":"In this paper, we introduce a capability-driven approach to bolster security and granularity within Trusted Execution Environments (TEEs) [1]. By delivering precise privilege control and fine-grained compartmentalization, we aim to improve TEE security standards. To address vulnerabilities within Trusted Execution Environments (TEEs) and enable selective privilege management and secure object sharing between secure and normal worlds, we introduce a TEE compartmentalization framework based on the CHERI object-capability model. Leveraging DSbD technologies, our framework provides an efficient prototyping environment for developing trusted applications while safeguarding against existing threats. At Verifoxx Ltd, our architecture relies on TEEs to handle sensitive data, encompassing tasks such as extracting client secrets, managing commitments, sharding and executing cryptographic operations for zero-knowledge responses. The proposed approach holds promise where TEEs can enhance transaction security and enterprises seeking data protection. Our approach introduces in-enclave compartments with controlled communication, facilitating domain transitions through sealed data capability delegations and hardware-assisted call/return mechanisms. This enables application layer compartmentalization by modularly separating concerns within the secure world, emphasising single responsibility, least privileges, and information hiding from unprivileged compartments. Furthermore, we ensure the integrity of lower-layer hardware and OS properties, effectively thwarting compromise attempts.","PeriodicalId":103478,"journal":{"name":"International Journal of Security, Privacy and Trust Management","volume":"175 1","pages":""},"PeriodicalIF":0.0,"publicationDate":"2023-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139215106","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"The Performance Comparison of a Brute-Force Password Cracking Algorithm using Regular Functions and Generator Functions in Python","authors":"Berker Tasoluk, Zuhal Tanrikulu","doi":"10.5121/ijsptm.2023.12201","DOIUrl":"https://doi.org/10.5121/ijsptm.2023.12201","url":null,"abstract":"Python is used extensively in research, including algorithm testing. Python is a multi-paradigm programming language and supports both object-oriented programming and functional programming. In the functional side, it supports both regular functions and generator functions. This study tests both approaches in terms of usability cases and performance. A password-cracking algorithm is used for this tryout.","PeriodicalId":103478,"journal":{"name":"International Journal of Security, Privacy and Trust Management","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128976287","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"How Reversibility Differentiates Cyber from Kinetic Warfare: A Case Study in the Energy Sector","authors":"Tom Johansmeyer","doi":"10.5121/ijsptm.2023.12101","DOIUrl":"https://doi.org/10.5121/ijsptm.2023.12101","url":null,"abstract":"A pair of attacks on energy sector assets offers a unique opportunity to better understand the differences in impact from cyber and kinetic warfare. A review of the 2021 cyber attack on Colonial Pipeline and the missile strike on the Syvash wind farm demonstrates the principle of reversibility in action, particularly in regard to the short-lived nature of cyber attacks. Within the context of security and strategy, particularly at the cyber/energy security nexus, this means that traditional state security thinking needs to evolve to address threats in the cyber domain rather than try to retrofit dated strategies. The two cases compared offer lessons that can be applied more broadly in the formation of state-level cyber and energy strategic thinking, ultimately improving resilience and the appropriateness of protection.","PeriodicalId":103478,"journal":{"name":"International Journal of Security, Privacy and Trust Management","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-02-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127909824","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Trust Management Framework for Vehicular Ad Hoc Networks","authors":"Rezvi Shahariar, C. Phillips","doi":"10.5121/ijsptm.2023.12102","DOIUrl":"https://doi.org/10.5121/ijsptm.2023.12102","url":null,"abstract":"Vehicular Ad Hoc Networks (VANETs) enable road users and public infrastructure to share information that improves the operation of roads and driver experience. However, these are vulnerable to poorly behaved authorized users. Trust management is used to address attacks from authorized users in accordance with their trust score. By removing the dissemination of trust metrics in the validation process, communication overhead and response time are lowered. In this paper, we propose a new Tamper-Proof Device (TPD) based trust management framework for controlling trust at the sender side vehicle that regulates driver behaviour. Moreover, the dissemination of feedback is only required when there is conflicting information in the VANET. If a conflict arises, the Road-Side Unit (RSU) decides, using the weighted voting system, whether the originator is to be believed, or not. The framework is evaluated against a centralized reputation approach and the results demonstrate that it outperforms the latter.","PeriodicalId":103478,"journal":{"name":"International Journal of Security, Privacy and Trust Management","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-02-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124227417","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Technical Analysis on the Cyber Organizational Criminology of Dictatorial Military Conducts -- Experience from Human Trafficking and Coercions by Military Cyber Aggressions","authors":"Yang I. Pachankis","doi":"10.5121/ijsptm.2022.11301","DOIUrl":"https://doi.org/10.5121/ijsptm.2022.11301","url":null,"abstract":"The reformulated paper after the proceeding of the NCWMC 2022 recovers some previous manuscripts intercepted by the PLA of PRC for covert military operations with intrusions in global investment and financial systems. The crimes are analytically conducted through cloud servers and I/O for intelligence gathering. The information contained in the manuscripts with THEIR informatics not only could have led to further economic-financial surrogation of the PLA in American economy with investments, but also threats American national security through ontological calculation frameworks with artificial intelligence and further calculative power assertions - apart from the threats of outer space peace and security. It can be the reason behind the black hole and white hole observational results with the signal-satelliteinformation approach to general relativity manuscripts. A preliminary conception for defense strategy is proposed with previous insights and post facto security breaches to USA Space Command directly and national security conductively.","PeriodicalId":103478,"journal":{"name":"International Journal of Security, Privacy and Trust Management","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-08-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117148788","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Emerging Security Risks of E-Hail Transport Services: Focus on Uber Taxi in Nairobi, Kenya","authors":"Cosmas Ekwom Kamais","doi":"10.5121/ijsptm.2019.8301","DOIUrl":"https://doi.org/10.5121/ijsptm.2019.8301","url":null,"abstract":"This study attempted to examine the emerging security risks brought about by the e-hail taxi mode of transportation. It argues that despite the fact that the security risks associated with traditional taxi transportation still apply to e-hail taxi services, there are emergent risks that are unique to the app-based taxi hailing services. It further contends that as evidenced by the reactionary way of addressing security issues arising form usage of the service, it is clear that security was not a factor during conceptualisations, development and operation of the app-based taxi service. The study conducted a survey of uber customers and drivers in Nairobi County Kenya, and data was collected from 400 respondents with 85% response rate. Majority of the respondents indicated that they somewhat often (32.23%), agreed that Uber is more convenient (58.76%), indicated that Uber offers more business and job opportunities (86.46%). Despite the positive opinions by the respondents, 65.31% opined that Uber portend security risks. Majority indicated that the following risks are likely; abductions (40.82%), carjacking (40.82%), sexual harassment (38.14%), murders (35.71%), robbery (41.84%) and burglaries (34.69%). However, a majority of 28.57% thought that hackings into sensitive customer and company data was less likely. Furthermore, 57.14% of the respondents felt that the regulatory framework for appbased taxi hailing system were not sufficient to guarantee safety and security while 75.51% were optimistic that the e-hail transport industry will take meaningful security mitigation measures from the lessons they have learned. Finally, 92.93% of the respondents felt that government authorities should do more in regulating app-based services such Uber while 85.86% opined that founders and managers of ehail taxi services should be held responsible for security lapses. The study recommends that a review of existing traffic laws and criminal laws be done to take care of the emerging security risks associated by app-based service providers.","PeriodicalId":103478,"journal":{"name":"International Journal of Security, Privacy and Trust Management","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-08-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134647550","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"DE-IDENTIFICATION OF PROTECTED HEALTH INFORMATION PHI FROM FREE TEXT IN MEDICAL RECORDS","authors":"Geetha Mahadevaiah, M. Dinesh, R. Sreenivasan, S. Moin, A. Dekker","doi":"10.5121/IJSPTM.2019.8201","DOIUrl":"https://doi.org/10.5121/IJSPTM.2019.8201","url":null,"abstract":"Medical health records often contain clinical investigations results and critical information regarding patient health conditions. In these medical records, along with patient health information, patient Protected Health Information (PHI) such as names, locations and date information can co-exist. As per Health Insurance Portability and Accountability Act (HIPAA), before sharing the medical records with researchers and others, all types of PHI information needs to be de-identified. Manual de-identification through human annotators is laborious and error prone, hence, a reliable automated de-identification system is need of the hour. In this work, various state of the art techniques for de-identification of patient notes in electronic health records were analyzed for their performance, based on the performance quoted in the literature, NeuroNER was selected to de-identify Indian Radiology reports. NeuroNER is a named-entity recognition text de-identification tool developed by Massachusetts Institute of Technology (MIT). This tool is based on the Artificial Neural Networks written in Python and uses Tensorflow machine-learning framework and it comes with five pre-trained models. To test the NeuroNER models on Indian context data such as name of the person and place, 3300 medical records were simulated. Medical records were simulated by extracting clinical findings, remarks from MIMIC-III data set. For collection of all the relevant Indian data, various websites were scraped to include Indian names, Indian locations (all towns and cities), and Indian Hospital and unit names. During the testing of NeuroNER system, we observed that some of the Indian data such as name, location, etc. were not de-identified satisfactorily. To improve the performance of NeuroNER on Indian context data, along with the existing NeuroNER pre-trained model, a new pre-trained model was added to handle Indian medical reports. Medical dictionary lookup was used to reduce number of misclassifications. Results from all four pre-trained models and the model trained on Indian simulated data were concatenated and final PHI token list was generated to anonymize the medical records to obtain de-identified records. Using this approach, we improved the applicability of the NeuroNER system to Indian data and improved its efficiency and reliability. 2000 simulated reports were used for transfer learning as training set, 1000 reports were used for test set and 300 reports were used for validation (unseen) set.","PeriodicalId":103478,"journal":{"name":"International Journal of Security, Privacy and Trust Management","volume":"357 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-05-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122731860","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"MANAGING THE INFORMATION SECURITY ISSUES OF ELECTRONIC MEDICAL RECORDS","authors":"Nisreen Innab","doi":"10.5121/IJSPTM.2018.7402","DOIUrl":"https://doi.org/10.5121/IJSPTM.2018.7402","url":null,"abstract":"All healthcare providers should have enough knowledge and sufficient information to understand the potential risk, which can lead to a breach in the Jordanian health information system (Hakeem program). This study aims to emphasise the importance of sharing sensitive health information among healthcare providers, create laws and regulations to keep the electronic medical records secure, and increase the awareness about health information security among healthcare providers. The study conducted seven interviews with medical staff and an information technology technician. The study results showed that sharing sensitive information in a secure environment, creating laws and regulations, and increasing the awareness about health information security render the electronic medical records of patients more secure and safe.","PeriodicalId":103478,"journal":{"name":"International Journal of Security, Privacy and Trust Management","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-11-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128336486","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Location Privacy Online : China, The Netherlands and South Korea","authors":"Peter Broeder, Yujin Lee","doi":"10.5121/ijsptm.2016.5401","DOIUrl":"https://doi.org/10.5121/ijsptm.2016.5401","url":null,"abstract":"The aim of the study is to explore cross-cultural differences in users’ location privacy behaviour on LBSNs (location-based social networks) in China, the Netherlands and Korea. The study suggests evidence that Chinese, Dutch and Korean users exhibit different location privacy concerns, attitudes to social influence, perceived privacy control and willingness to share location-related information on LBSNs. The results show that in general, the more concerned users are about location privacy, the less they are willing to share and it also suggests that location privacy concern and social influence affect each other. Furthermore, the more control people perceive they have over their privacy, the more they are willing to share location information. A negative relationship between willingness to share location information and users’ actual sharing of location information was seen. In short, it is concluded that the relation between cultural values and location privacy behaviours only have a partial connection.","PeriodicalId":103478,"journal":{"name":"International Journal of Security, Privacy and Trust Management","volume":"104 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-11-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125514876","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}