2017 11th International Conference on Research Challenges in Information Science (RCIS)最新文献

{"title":"Securing digital identities in the cloud by selecting an apposite Federated Identity Management from SAML, OAuth and OpenID Connect","authors":"N. Naik, Paul Jenkins","doi":"10.1109/RCIS.2017.7956534","DOIUrl":"https://doi.org/10.1109/RCIS.2017.7956534","url":null,"abstract":"Access to computer systems and the information held on them, be it commercially or personally sensitive, is naturally, strictly controlled by both legal and technical security measures. One such method is digital identity, which is used to authenticate and authorize users to provide access to IT infrastructure to perform official, financial or sensitive operations within organisations. However, transmitting and sharing this sensitive information with other organisations over insecure channels always poses a significant security and privacy risk. An example of an effective solution to this problem is the Federated Identity Management (FIdM) standard adopted in the cloud environment. The FIdM standard is used to authenticate and authorize users across multiple organisations to obtain access to their networks and resources without transmitting sensitive information to other organisations. Using the same authentication and authorization details among multiple organisations in one federated group, it protects the identities and credentials of users in the group. This protection is a balance, mitigating security risk whilst maintaining a positive experience for users. Three of the most popular FIdM standards are Security Assertion Markup Language (SAML), Open Authentication (OAuth), and OpenID Connect (OIDC). This paper presents an assessment of these standards considering their architectural design, working, security strength and security vulnerability, to cognise and ascertain effective usages to protect digital identities and credentials. Firstly, it explains the architectural design and working of these standards. Secondly, it proposes several assessment criteria and compares functionalities of these standards based on the proposed criteria. Finally, it presents a comprehensive analysis of their security vulnerabilities to aid in selecting an apposite FIdM. This analysis of security vulnerabilities is of great significance because their improper or erroneous deployment may be exploited for attacks.","PeriodicalId":193156,"journal":{"name":"2017 11th International Conference on Research Challenges in Information Science (RCIS)","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-06-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123310401","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Gamification solutions for software acceptance: A comparative study of Requirements Engineering and Organizational Behavior techniques","authors":"L. Piras, E. Paja, P. Giorgini, J. Mylopoulos, R. Cuel, Diego Ponte","doi":"10.1109/RCIS.2017.7956544","DOIUrl":"https://doi.org/10.1109/RCIS.2017.7956544","url":null,"abstract":"Gamification is a powerful paradigm and a set of best practices used to motivate people carrying out a variety of ICT-mediated tasks. Designing gamification solutions and applying them to a given ICT system is a complex and expensive process (in time, competences and money) as software engineers have to cope with heterogeneous stakeholder requirements on one hand, and Acceptance Requirements on the other, that together ensure effective user participation and a high level of system utilization. As such, gamification solutions require significant analysis and design as well as suitable supporting tools and techniques. In this work, we compare concepts, tools and techniques for gamification design drawn from Software Engineering and Human and Organizational Behaviors. We conduct a comparison by applying both techniques to the specific Meeting Scheduling exemplar used extensively in the Requirements Engineering literature.","PeriodicalId":193156,"journal":{"name":"2017 11th International Conference on Research Challenges in Information Science (RCIS)","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128301425","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"TRAWL: Protection against rogue sites for the masses","authors":"Antonia Nisioti, Mohammad Heydari, Alexios Mylonas, Vasilios Katos, V. H. Tafreshi","doi":"10.1109/RCIS.2017.7956527","DOIUrl":"https://doi.org/10.1109/RCIS.2017.7956527","url":null,"abstract":"The number of smartphones reached 3.4 billion in the third quarter of 2016 [1]. These devices facilitate our daily lives and have become the primary way of accessing the web. Although all desktop browsers filter rogue websites, their mobile counterparts often do not filter them at all, exposing their users to websites serving malware or hosting phishing attacks. In this paper we revisit the anti-phishing filtering mechanism which is offered in the most popular web browsers of Android, iOS and Windows Phone. Our results show that mobile users are still unprotected against phishing attacks, as most of the browsers are unable to filter phishing URLs. Thus, we implement and evaluate TRAWL (TRAnsparent Web protection for alL), as a cost effective security control that provides DNS and URL filtering using several blacklists.","PeriodicalId":193156,"journal":{"name":"2017 11th International Conference on Research Challenges in Information Science (RCIS)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132384310","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Representing, reasoning and predicting fraud using fraud plans","authors":"John K. C. Kingston","doi":"10.1109/RCIS.2017.7956528","DOIUrl":"https://doi.org/10.1109/RCIS.2017.7956528","url":null,"abstract":"The efforts of fraudsters to think up new ways of committing fraud, and of law enforcers to detect and prosecute those fraud, often feel like a long-running competition. Yet all too often, law enforcement is accused of falling far behind the fraudsters, especially in situations where the responsibility for detecting frauds falls on non-specialists in security or on the general public.","PeriodicalId":193156,"journal":{"name":"2017 11th International Conference on Research Challenges in Information Science (RCIS)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132713548","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A modeling framework for business process reengineering using big data analytics and a goal-orientation","authors":"Grace Park, L. Chung, L. Khan, S. Park","doi":"10.1109/RCIS.2017.7956514","DOIUrl":"https://doi.org/10.1109/RCIS.2017.7956514","url":null,"abstract":"A business process is a collection of activities to create more business values and its continuous improvement aligned with business goals is essential to survive in fast changing business environment. However, it is quite challenging to find out whether a change of business processes positively affects business goals or not, if there are problems in the changing, what the reasons of the problems are, what solutions exist for the problems and which solutions should be selected. Big data analytics along with a goal-orientation which helps find out insights from a large volume of data in a goal concept opens up a new way for an effective business process reengineering. In this paper, we suggest a novel modeling framework which consists of a conceptual modeling language, a process and a tool for effective business processes reengineering using big data analytics and a goal-oriented approach. The modeling language defines important concepts for business process reengineering with metamodels and shows the concepts with complementary views: Business Goal-Process-Big Analytics Alignment View, Transformational Insight View and Big Analytics Query View. Analyzers hypothesize problems and solutions of business processes by using the modeling language, and the problems and solutions will be validated by the results of Big Analytics Queries which supports not only standard SQL operation, but also analytics operation such as prediction. The queries are run in an execution engine of our tool on top of Spark which is one of big data processing frameworks. In a goal-oriented spirit, all concepts not only business goals and business processes, but also big analytics queries are considered as goals, and alternatives are explored and selections are made among the alternatives using trade-off analysis. To illustrate and validate our approach, we use an automobile logistics example, then compare previous work.","PeriodicalId":193156,"journal":{"name":"2017 11th International Conference on Research Challenges in Information Science (RCIS)","volume":"59 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127104649","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Guidelines for designing a smart and ubiquitous learning environment with respect to cultural heritage","authors":"Alaa S. A. Alkhafaji, Ella Haig, J. Crellin, Sanaz Fallahkhair","doi":"10.1109/RCIS.2017.7956556","DOIUrl":"https://doi.org/10.1109/RCIS.2017.7956556","url":null,"abstract":"This paper introduces a list of guidelines for designing mobile location-based learning services with respect to cultural heritage sites. This list was set out based on the results of a user-study in the field. The user study was carried out with adult end-users to evaluate a prototype mobile application that delivered information through mobile phones and smart eye glasses simultaneously regarding cultural heritage sites based on location. Augmented reality and location-based services are utilised in this app.","PeriodicalId":193156,"journal":{"name":"2017 11th International Conference on Research Challenges in Information Science (RCIS)","volume":"134 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124163565","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"What can information systems do for regulators? A review of the state-of-practice in Canada","authors":"O. Akhigbe, Daniel Amyot, J. Mylopoulos, Gregory Richards","doi":"10.1109/RCIS.2017.7956518","DOIUrl":"https://doi.org/10.1109/RCIS.2017.7956518","url":null,"abstract":"Regulations constitute a rich source of requirements for software systems, especially so for information systems that handle sensitive data. However, there has been little attention paid to regulators and their requirements for managing the regulatory lifecycle. This paper presents a study of the state-of-practice for regulators in Canada by examining seven Government of Canada (GoC) agencies responsible for regulations. In each case, we attempt to capture the context within which regulations are created, the motivation behind these regulations, and the practices related to their design, enforcement, and review. Our aims are to understand how regulators currently design, monitor, and assess regulations and other regulatory instruments in their respective domains, and to identify opportunities where information system (IS) solutions can be applied to improve practice. Our field study involved reviewing publicly available information and conducting informal interviews. Together, these activities helped us understand key regulators' activities and concerns, as well as important challenges they currently face. In this paper, we summarize our findings and explain the implications for the use of ISs to improve the practice of regulatory management in the form of a research agenda.","PeriodicalId":193156,"journal":{"name":"2017 11th International Conference on Research Challenges in Information Science (RCIS)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126618355","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A research paper recommender system using a Dynamic Normalized Tree of Concepts model for user modelling","authors":"Modhi Al Alshaikh, Gulden Uchyigit, R. Evans","doi":"10.1109/RCIS.2017.7956538","DOIUrl":"https://doi.org/10.1109/RCIS.2017.7956538","url":null,"abstract":"The enormous growth of information on the Internet makes finding information challenging and time consuming. Recommender systems provide a solution to this problem by automatically capturing user interests and recommending related information the user may also find interesting. In this paper, we present a novel recommender system for the research paper domain using a Dynamic Normalized Tree of Concepts (DNTC) model. Our system improves existing vector and tree of concepts models to be adaptable with a complex ontology and a large number of papers. The proposed system uses the 2012 version of the ACM Computing Classification System (CCS) ontology. This ontology has a much deeper structure than previous versions, which makes it challenging for previous ontology-based approaches to recommender systems. We performed offline evaluations using papers provided by ACM digital library for classifier training, and papers provided by CiteSeerX digital library for measuring the performance of the proposed DNTC model. Our evaluation results show that the novel DNTC model significantly outperforms the other two models: non-normalized tree of concepts and the vector of concepts models. Further, our DNTC model provides high average precision and reliable results when used in a context which the user has multiple interests and reads a large quantity of papers over time.","PeriodicalId":193156,"journal":{"name":"2017 11th International Conference on Research Challenges in Information Science (RCIS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115500102","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Towards an ethical recommendation framework","authors":"Dimitris Paraschakis","doi":"10.1109/RCIS.2017.7956539","DOIUrl":"https://doi.org/10.1109/RCIS.2017.7956539","url":null,"abstract":"The goal of our study is to provide a holistic view on various ethical challenges that complicate the design and use of recommender systems (RS). Our findings materialize into an ethical recommendation framework, which maps RS development stages to the corresponding ethical concerns, and further down to known solutions and the proposed user-adjustable controls. The need for such a framework is dictated by the apparent lack of research in this particular direction and the severity of consequences stemming from the neglect of the code of ethics in recommendations. The framework aims to aid RS practitioners in staying ethically alert while taking morally charged design decisions. At the same time, it would give users the desired control over the sensitive moral aspects of recommendations via the proposed “ethical toolbox”. The idea is embraced by the participants of our feasibility study.","PeriodicalId":193156,"journal":{"name":"2017 11th International Conference on Research Challenges in Information Science (RCIS)","volume":"100 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132004550","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A definition of Information Security Classification in cybersecurity context","authors":"G. Collard, Stephane Ducroquet, Eric Disson, Guilaine Talens","doi":"10.1109/RCIS.2017.7956520","DOIUrl":"https://doi.org/10.1109/RCIS.2017.7956520","url":null,"abstract":"The concept of Information Security Classification is variable and sometimes uninformative. Most of definitions are coming from Standards and weren't updated for years even if the scope and the challenges in security are now becoming larger with Cybersecurity. Based on a literature review, we propose a new definition of Information Security Classification.","PeriodicalId":193156,"journal":{"name":"2017 11th International Conference on Research Challenges in Information Science (RCIS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129839409","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}