2015 Information Security for South Africa (ISSA)最新文献

{"title":"Evaluation and analysis of a software prototype for guidance and implementation of a standardized digital forensic investigation process","authors":"M. Ingles, A. Valjarević, H. Venter","doi":"10.1109/ISSA.2015.7335052","DOIUrl":"https://doi.org/10.1109/ISSA.2015.7335052","url":null,"abstract":"Performing a digital forensic investigation requires a standardized and formalized process to be followed. The authors have contributed to the creation of an international standard on digital forensic investigation process, namely ISO/IEC 27043:2015, which was published in 2015. However, currently, there exists no application that would guide a digital forensic investigator to implement such a standardized process. The prototype of such an application has been developed by the authors and presented in their previous work. The prototype is in the form of a software application which has two main functionalities. The first functionality is to act as an expert system that can be used for guidance and training of novice investigators. The second functionality is to enable reliable logging of all actions taken within the investigation processes, enabling the validation of use of a correct process. The benefits of such a prototype include possible improvement in efficiency and effectiveness of an investigation and easier training of novice investigators. The last, and possibly most important benefit, includes that higher admissibility of digital evidence will be possible due to the fact that it will be easier to show that the standardized process was followed. This paper presents an evaluation of the prototype. Evaluation was performed in order to measure the usability and the quality of the prototype software, as well as the effectiveness of the prototype. The evaluation of the prototype consisted of two main parts. The first part was a software usability evaluation, which was performed using the Software Usability Measurement Inventory (SUMI), a reliable method of measuring software usability and quality. The second part of evaluation was in a form of a questionnaire set up by the authors, with the aim to evaluate whether the prototype meets its goals. The results indicated that the prototype reaches most of its goals, that it does have intended functionalities and that it is realatively easy to learn and use. Areas of improvement and future work were also identified in this work.","PeriodicalId":126848,"journal":{"name":"2015 Information Security for South Africa (ISSA)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-11-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125289781","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Prerequisites for building a Computer Security Incident Response capability","authors":"R. Mooi, R. Botha","doi":"10.1109/ISSA.2015.7335057","DOIUrl":"https://doi.org/10.1109/ISSA.2015.7335057","url":null,"abstract":"There are a number of considerations before one can commence with establishing a Computer Security Incident Response Team (CSIRT). This paper presents the results of a structured literature review investigating the business requirements for establishing a CSIRT. That is, the paper identifies those things that must be in place prior to commencing with the actual establishment process. These include characterising the CSIRT environment, funding, constituency, authority and legal considerations. Firstly, we identified authoritative CSIRT literature. Thereafter we identified salient aspects using a concept matrix. The study enumerates five areas of primary business requirements. Finally, a holistic view of the business requirements is provided by summarising the decisions required in each area.","PeriodicalId":126848,"journal":{"name":"2015 Information Security for South Africa (ISSA)","volume":"15 3","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-11-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121010761","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"The current state of digital forensic practitioners in South Africa","authors":"J. Jordaan, K. Bradshaw","doi":"10.1109/ISSA.2015.7335068","DOIUrl":"https://doi.org/10.1109/ISSA.2015.7335068","url":null,"abstract":"Recent high profile court trials around the world, including South Africa, have highlighted the importance of forensic science evidence in court. They have also show what can happen when forensic science is handled poorly in court leading to incorrect convictions or acquittals. Most often the problems have been linked to the qualifications, training, competency and experience of the forensic practitioners who examined and analysed the evidence. With digital forensics being recognised as a forensics science and criminal trials such as Casey Anthony and Julia Amero dominated by errors in the digital forensics process attributed to the examiners, it is crucial to understand what the current situation is in South Africa with regards local digital forensic practitioners, so as to identify any strengths or shortcomings which could impact on digital evidence in a court of law. The research focused on understanding the academic qualifications, digital forensics training, competency, and experience of South African digital forensic practitioners. General trends were identified through the research showing that South African digital forensic practitioners often lacked the necessary academic qualifications, training, competency and experience required of a digital forensics practitioner, raising concerns about the quality of digital forensics practice in South Africa. When contrasted against international standards, the research identified areas of improvement, and suggested potential remedial actions to address the situation.","PeriodicalId":126848,"journal":{"name":"2015 Information Security for South Africa (ISSA)","volume":"229 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-11-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133579097","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Risk-driven security metrics development for an e-health IoT application","authors":"R. Savola, Pekka T. Savolainen, Antti Evesti, H. Abie, M. Sihvonen","doi":"10.1109/ISSA.2015.7335061","DOIUrl":"https://doi.org/10.1109/ISSA.2015.7335061","url":null,"abstract":"Security and privacy for e-health Internet-of-Things applications is a challenge arising due to the novelty and openness of the solutions. We analyze the security risks of an envisioned e-health application for elderly persons' day-to-day support and chronic disease self-care, from the perspectives of the service provider and end-user. In addition, we propose initial heuristics for security objective decomposition aimed at security metrics definition. Systematically defined and managed security metrics enable higher effectiveness of security controls, enabling informed risk-driven security decision-making.","PeriodicalId":126848,"journal":{"name":"2015 Information Security for South Africa (ISSA)","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-11-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132752699","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"The adversarial threat posed by the NSA to the integrity of the internet","authors":"Jared Naude, L. Drevin","doi":"10.1109/ISSA.2015.7335060","DOIUrl":"https://doi.org/10.1109/ISSA.2015.7335060","url":null,"abstract":"In 2013, Edward Snowden, a NSA Contractor leaked thousands of highly classified documents about the activities of the USA's National Security Agency (NSA) and its foreign intelligence partners known as the “Five Eyes” [1]. The documents revealed secret programs about the NSA's mass bulk collection of phone, internet and communications traffic as well as how the NSA and its partners are working to sabotage and weaken encryption algorithms and the security protocols used to secure the internet. This paper presents some of the programs that were revealed as well as the rationale and legislation behind these programs from a global perspective. Mass surveillance is not only done by the Five Eyes partners but also by many other countries who pay private companies to provide them with tools to spy, censor and repress their own citizens [2]. In order to assess the potential harm and the security implications of mass surveillance, this paper looks at how state level actors around the world are conducting surveillance which raise broader issues about internet security such as how common weaknesses are being exploited by both intelligence agencies and criminals. This paper will also explore various technologies and techniques that can be used by both individuals and companies to secure themselves against mass surveillance.","PeriodicalId":126848,"journal":{"name":"2015 Information Security for South Africa (ISSA)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-11-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124787039","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Intrusion detection in Bluetooth enabled mobile phones","authors":"K. Nair, A. Helberg, J. V. D. Merwe","doi":"10.1109/ISSA.2015.7335048","DOIUrl":"https://doi.org/10.1109/ISSA.2015.7335048","url":null,"abstract":"Bluetooth plays a major role in expanding global spread of wireless technology. This predominantly happens through Bluetooth enabled mobile phones, which cover almost 60% of the Bluetooth market. Although Bluetooth mobile phones are equipped with built-in security modes and policies, intruders compromise mobile phones through existing security vulnerabilities and limitations. Information stored in mobile phones, whether it is personal or corporate, is significant to mobile phone users. Hence, the need to protect information, as well as alert mobile phone users of their incoming connections, is vital. An additional security mechanism was therefore conceptualized, at the mobile phone's user level, which is essential in improving the security. Bluetooth Logging Agent (BLA) is a mechanism that has been developed for this purpose. It alleviates the current security issues by making the users aware of their incoming Bluetooth connections and gives them an option to either accept or reject these connections. Besides this, the intrusion detection and verification module uses databases and rules to authenticate and verify all connections. BLA when compared to the existing security solutions is novel and unique in that it is equipped with a Bluetooth message logging module. This logging module reduces the security risks by monitoring the Bluetooth communication between the mobile phone and the remote device.","PeriodicalId":126848,"journal":{"name":"2015 Information Security for South Africa (ISSA)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-11-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130541275","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"SMT-constrained symbolic execution engine for integer overflow detection in C code","authors":"Paul Muntean, Mustafizur Rahman, A. Ibing, C. Eckert","doi":"10.1109/ISSA.2015.7335070","DOIUrl":"https://doi.org/10.1109/ISSA.2015.7335070","url":null,"abstract":"Integer overflow errors in C programs are difficult to detect since the C language specification rules which govern how one can cast or promote integer types are not accompanied by any unambiguous set of formal rules. Thus, making it difficult for the programmer to understand and use the rules correctly causing vulnerabilities or costly errors. Although there are many static and dynamic tools used for integer overflow detection, the tools lack the capacity of efficiently filtering out false positives and false negatives. Better tools are needed to be constructed which are more precise in regard to bug detection and filtering out false positives. In this paper, we present an integer overflow checker which is based on precise modeling of C language semantics and symbolic function models. We developed our checker as an Eclipse plug-in and tested it on the open source C/C++ test case CWE-190 contained in the National Institute of Standards and Technology (NIST) Juliet test suite for C/C++. We ran our checker systematically on 2592 programs having in total 340 KLOC with a true positive rate of 95.49% for the contained C programs and with no false positives. We think our approach is effective to be applied in future to C++ programs as well, in order to detect other kinds of vulnerabilities related to integers.","PeriodicalId":126848,"journal":{"name":"2015 Information Security for South Africa (ISSA)","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131898119","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Adding event reconstruction to a Cloud Forensic Readiness model","authors":"V. Kebande, H. Venter","doi":"10.1109/ISSA.2015.7335050","DOIUrl":"https://doi.org/10.1109/ISSA.2015.7335050","url":null,"abstract":"During post-event response, proactive forensics is of critical importance in any organisation when conducting digital forensic investigations in cloud environments. However, there exist no reliable event reconstruction processes in the cloud that can help in analysis and examination of Digital Evidence (DE) aspects, during Digital Forensic Readiness (DFR) process, as defined in the standard of ISO/IEC 27043:2015. The problem that this paper addresses is the lack of an easy way of performing digital event reconstruction process when the cloud is forensically ready in preparation of a Digital Forensic Investigation (DFI). During DFR approaches, event reconstruction helps in examination and pre-analysis of the characteristics of potential security incidents. As a result, the authors have proposed an Enhanced Cloud Forensic Readiness (ECFR) process model with event reconstruction process that can support future investigative technologies with a degree of certainty. We also propose an algorithm that shows the methodology that is used to reconstruct events in the ECFR. The main focus of this work is to examine the addition of event reconstruction to the initially proposed Cloud Forensic Readiness (CFR) model, by providing a more enhanced and detailed cloud forensic readiness model.","PeriodicalId":126848,"journal":{"name":"2015 Information Security for South Africa (ISSA)","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126876841","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Location aware mobile device management","authors":"J. D. Toit, Ian Ellefsen","doi":"10.1109/ISSA.2015.7335059","DOIUrl":"https://doi.org/10.1109/ISSA.2015.7335059","url":null,"abstract":"Mobile devices have created a situation where system-focused security may not be sufficient in an environment where security requirements can change depending on the location of a mobile device. The security on a network at a corporate company may be different in a boardroom, where sensitive information is discussed and acted upon, than at an employee's desk, where the employee works with his normal line of business application. The Neo Model is a conceptual model that describes a hypothetical black box, called the Neo device, which uses secure containers and mutual authentication to connect to specialised gateway controllers. The gateway controllers have the ability to control and manage the Neo devices to ensure that specialised secure containers can be provisioned to Neo devices and activated or deactivated, depending on where the Neo device is physically located on the network. The Neo Model allows companies to define security controls that is applicable depending on where the mobile device is located on the network.","PeriodicalId":126848,"journal":{"name":"2015 Information Security for South Africa (ISSA)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132184991","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A framework of opportunity-reducing techniques to mitigate the insider threat","authors":"Keshnee Padayachee","doi":"10.1109/ISSA.2015.7335064","DOIUrl":"https://doi.org/10.1109/ISSA.2015.7335064","url":null,"abstract":"This paper presents a unified framework derived from extant opportunity-reducing techniques employed to mitigate the insider threat leveraging best practices. Although both motive and opportunity are required to commit maleficence, this paper focuses on the concept of opportunity. Opportunity is more tangible than motive; hence, it is more pragmatic to reflect on opportunity-reducing measures. Situational Crime Prevention theory is the most evolved criminology theory with respect to opportunity-reducing techniques. Hence, this theory will be the basis of the theoretical framework. The derived framework highlights several areas of research and may assist organizations in implementing controls that are situationally appropriate to mitigate insider threat.","PeriodicalId":126848,"journal":{"name":"2015 Information Security for South Africa (ISSA)","volume":"609 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-10-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116209488","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}