发布求助
文献互助 智能选刊 最新文献

2013 Information Security for South Africa最新文献

筛选
英文 中文
SNIPPET: Genuine knowledge-based authentication 代码片段:真正的基于知识的认证
2013 Information Security for South Africa Pub Date : 2013-10-21 DOI: 10.1109/ISSA.2013.6641059
K. Renaud, D. Kennes, J. V. Niekerk, Joseph Maguire
{"title":"SNIPPET: Genuine knowledge-based authentication","authors":"K. Renaud, D. Kennes, J. V. Niekerk, Joseph Maguire","doi":"10.1109/ISSA.2013.6641059","DOIUrl":"https://doi.org/10.1109/ISSA.2013.6641059","url":null,"abstract":"Authentication is traditionally performed based on what you know, what you hold or what you are. The first is the most popular, in the form of the password. This is often referred to as “knowledge-based” authentication. Yet, given the guidelines for password restrictions commonly given to end-users we will argue that this is a misnomer. A strong password is actually a lengthy string of gibberish or nonsense. Common password strength guidelines advise users against choosing meaningful passwords.","PeriodicalId":300864,"journal":{"name":"2013 Information Security for South Africa","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-10-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123428808","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
An analysis of service degradation attacks against real-time MPLS networks 针对MPLS实时网络的业务降级攻击分析
2013 Information Security for South Africa Pub Date : 2013-10-21 DOI: 10.1109/ISSA.2013.6641057
Abdulrahman Al-Mutairi, S. Wolthusen
{"title":"An analysis of service degradation attacks against real-time MPLS networks","authors":"Abdulrahman Al-Mutairi, S. Wolthusen","doi":"10.1109/ISSA.2013.6641057","DOIUrl":"https://doi.org/10.1109/ISSA.2013.6641057","url":null,"abstract":"While the robustness of the communication network infastructure against attacks on the integrity of backbone protocols such as the Border Gateway Protocol (BGP) and MultiProtocol Label Switching (MPLS) protocols has been the subject of significant earlier work, more limited attention has been paid to the problem of availability and timeliness that is crucial for service levels needed in areas such as some financial services and particularly for the interconnection of smart grid components requiring hard real-time communication which are not necessarily over completely isolated networks. In such networks, an adversary will be successful if a targeted flow or set of flows no longer meets CoS and QoS boundaries, particularly delay and jitter, even where no outright compromise of either the flow itself or the control flow is achieved. The attacker's objective can be accomplished by interfering with the operation of the control signalling protocol, but also by influencing the policy of MPLS nodes and the mitigation mechanisms itself. In this paper we therefore describe an adversary model and analysis of attacks based on manipulation of Label Distribution Protocol (LDP) messages for the purpose of affecting the required (QoS) and Class of Service (CoS) for a targeted traffic where the adversary may intentionally modify the policy state of LSRs that the targeted traffic passes though.","PeriodicalId":300864,"journal":{"name":"2013 Information Security for South Africa","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-10-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130559504","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Information security risk management in small-scale organisations: A case study of secondary schools computerised information systems 小型机构的资讯保安风险管理:中学电脑化资讯系统个案研究
2013 Information Security for South Africa Pub Date : 2013-10-21 DOI: 10.1109/ISSA.2013.6641062
M. Moyo, Hanifa Abdullah, R. C. Nienaber
{"title":"Information security risk management in small-scale organisations: A case study of secondary schools computerised information systems","authors":"M. Moyo, Hanifa Abdullah, R. C. Nienaber","doi":"10.1109/ISSA.2013.6641062","DOIUrl":"https://doi.org/10.1109/ISSA.2013.6641062","url":null,"abstract":"The use of computerised information systems has become an integral part of South African secondary schools, bringing about a host of information security challenges that schools have to deal with in addition to their core business of teaching and learning. Schools handle large volumes of sensitive information pertaining to educators, learners, creditors and financial records, which they are obliged to secure. Unfortunately, school management and users are not aware of the risks to their information assets and the repercussions of a compromise thereof. Computerised information systems are susceptible to both internal and external threats but ease of access is likely to manifest in security breaches, thereby undermining information security. One way of enlightening schools about the risks to their computerised information systems is through a risk management programme. Schools may not have the full capacity to perform information security risk management exercises due to the unavailability of risk management experts and scarce financial resources. Therefore, the objective of this paper is to educate secondary schools' management and users on how to perform a risk management exercise for their computerised information systems in order to reduce or mitigate information security risks within their information systems and protect vital information assets. This study uses the Operationally Critical Threat, Asset, and Vulnerability Evaluation for small organisations (OCTAVE-Small) risk management methodology to address these information security risks in two selected secondary schools.","PeriodicalId":300864,"journal":{"name":"2013 Information Security for South Africa","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-10-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133107161","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
Towards Reputation-as-a-Service 对Reputation-as-a-Service
2013 Information Security for South Africa Pub Date : 2013-10-21 DOI: 10.1109/ISSA.2013.6641047
C. Hillebrand, M. Coetzee
{"title":"Towards Reputation-as-a-Service","authors":"C. Hillebrand, M. Coetzee","doi":"10.1109/ISSA.2013.6641047","DOIUrl":"https://doi.org/10.1109/ISSA.2013.6641047","url":null,"abstract":"Reputation is used to regulate relationships of trust in online communities. When deploying a reputation system, it needs to accommodate the requirements and constrains of the specific community in order to assist the community to reach their goals. This paper identifies that there is a need for a framework to define a configurable reputation system with the ability to accommodate the requirements of a variety of online communities. Such a reputation system can be defined as a service on the Cloud, to be composed with the application environment of the online community. This paper introduces the concept of RaaS (Reputation-as-a-Service) and discusses a potential framework for creating a RaaS. In order to achieve such a framework, research is conducted into features of SaaS (Software-as-a-Service) components, user requirements for trust and reputation, and features of current reputation frameworks that can be configured in order to support a reputation service on the Cloud.","PeriodicalId":300864,"journal":{"name":"2013 Information Security for South Africa","volume":"155 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-10-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133764286","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Challenges to digital forensics: A survey of researchers & practitioners attitudes and opinions 数字取证的挑战:研究人员和从业者的态度和意见的调查
2013 Information Security for South Africa Pub Date : 2013-10-21 DOI: 10.1109/ISSA.2013.6641058
M. A. Fahdi, N. Clarke, S. Furnell
{"title":"Challenges to digital forensics: A survey of researchers & practitioners attitudes and opinions","authors":"M. A. Fahdi, N. Clarke, S. Furnell","doi":"10.1109/ISSA.2013.6641058","DOIUrl":"https://doi.org/10.1109/ISSA.2013.6641058","url":null,"abstract":"Digital forensics have become increasingly important as an approach to investigate cyber- and computer-assisted crime. Whilst many tools exist and much research is being undertaken, many questions exist regarding the future of the domain. Indeed, prior literature has widely published the challenges that exist within the domain, from the increasing volume of data (e.g. SANs, hard drive capacities, databases) to the varying technology platforms and systems that exist (e.g. tablets, mobile phones, embedded systems, cloud computing). However, little effort has focused upon understanding the reality of these challenges. The paper presents research that seeks to identify, quantify and prioritise these challenges so that future efforts can be concentrated on the issues that actually affect the domain. The study undertook a survey of researchers and practitioners (both law enforcement and organisational) to examine the real-challenges from the perceived challenges and to understand what effect the future will have upon the digital forensic domain. A total of 42 participants undertook the study with 55% having 3 or more years of of experience. 45% were academic researchers, 16% law enforcement and 31% had a forensic role within an organisation. Overwhelmingly, 93% of participants felt that the number and complexity of investigations would increase in the future. Apart from the plethora of findings elaborated in the paper, the principal future challenge priorities included cloud computing, anti-forensics and encryption. Respondents also identified, improving communication between researchers and practitioners and the need to develop approaches to identify and extract “significant data” through techniques such as criminal profiling as essential. Interestingly, participants did not feel that the growth in privacy enhancing technologies nor legislation was a significant inhibitor to the future of digital forensics.","PeriodicalId":300864,"journal":{"name":"2013 Information Security for South Africa","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-10-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122068942","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 58
Testing the harmonised digital forensic investigation process model-using an Android mobile phone 测试统一的数字法医调查过程模型——使用Android手机
2013 Information Security for South Africa Pub Date : 2013-10-21 DOI: 10.1109/ISSA.2013.6641063
Stacey Omeleze, H. Venter
{"title":"Testing the harmonised digital forensic investigation process model-using an Android mobile phone","authors":"Stacey Omeleze, H. Venter","doi":"10.1109/ISSA.2013.6641063","DOIUrl":"https://doi.org/10.1109/ISSA.2013.6641063","url":null,"abstract":"Mobile forensics is a branch of digital forensics relating to the recovery of digital evidence from mobile devices under forensically sound conditions. Mobile forensics is considered to be at an infant stage with different investigation process models being applied. The biggest challenge in many of the available digital forensic investigation process models lies in their lack of testing before being fully applied to mobile forensics. Furthermore, for any proposed digital forensic investigation process model to be approved by the scientific community, it has to be tested. The Harmonised Digital Forensic Investigation (HDFI) process model is currently in the working draft stage towards becoming an international standard for digital forensic investigations (ISO/IEC 27043), thus the need for its testing. In this paper, the (HDFI) process model is tested using an Android mobile phone. The selection of an Android mobile phone is motivated by the fact that Android mobile phones have the greatest share of the mobile market index. In the last three years, for example, the market share index for mobile phones put Android mobile devices at 75% of the entire smartphone market. Through observing the findings of the test using an Android mobile phone, this paper demonstrates that conducting mobile forensics using the HDFI process model produces satisfactory results.","PeriodicalId":300864,"journal":{"name":"2013 Information Security for South Africa","volume":"113 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-10-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126971157","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 36
The characteristics of a biometric 生物特征:生物特征
2013 Information Security for South Africa Pub Date : 2013-10-21 DOI: 10.1109/ISSA.2013.6641037
H. V. D. Haar, D. Greunen, D. Pottas
{"title":"The characteristics of a biometric","authors":"H. V. D. Haar, D. Greunen, D. Pottas","doi":"10.1109/ISSA.2013.6641037","DOIUrl":"https://doi.org/10.1109/ISSA.2013.6641037","url":null,"abstract":"Biometric implementations have emerged as an improved solution in many spheres of life where security controls are necessary for authentication. However, not all human mannerisms and features can be used as a biometric measure. For example, the movement of an elbow will not satisfy the requirements for a useful biometric. There are a number of characteristics which are deemed important and that may be taken into account when choosing a human mannerism or feature to be used as a biometric for the purposes of identification. Some characteristics are more necessary than others. For example, the uniqueness of the fingerprint is more important than its acceptance as an identification mechanism by the public at large. One can find a number of these suggested characteristics in the literature and place them into various categories. The primary category will be its inherent nature but there may also be a technical and a procedural category. Technical considerations are where the typical technical implementation of the biometric may add further characteristics to the biometric. Finally, there may be procedural actions that will further have an influence on the biometric implementation. A categorized technical or procedural characteristic should add quality to the original inherent characteristics for any particular biometric. If a biometric feature and its further implementation (technical and/or procedural) satisfy a certain subset of these categorized characteristics which are deemed more important, then this may constitute a better choice than that which appears to satisfy a different subset of characteristics. This paper looks at the characteristics found in the literature and attempts to categorize them as inherent, technical or procedural in nature. The paper will subsequently look at some of the more popular biometric features and their inherent characteristics that have been found in the literature. Readers of this paper will be able to select appropriate biometric features based on the characteristics that are identified in this paper.","PeriodicalId":300864,"journal":{"name":"2013 Information Security for South Africa","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-10-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130594554","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Factors affecting user experience with security features: A case study of an academic institution in Namibia 影响安全功能用户体验的因素:纳米比亚某学术机构的案例研究
2013 Information Security for South Africa Pub Date : 2013-10-21 DOI: 10.1109/ISSA.2013.6641061
Fungai Bhunu Shava, D. Greunen
{"title":"Factors affecting user experience with security features: A case study of an academic institution in Namibia","authors":"Fungai Bhunu Shava, D. Greunen","doi":"10.1109/ISSA.2013.6641061","DOIUrl":"https://doi.org/10.1109/ISSA.2013.6641061","url":null,"abstract":"The widespread use of personal computers and other devices based on Information and Communication Technology (ICT) for networking and communication via the Internet exposes the end users to cybercriminals. Security systems and security features that interact with users via alerts, dialogue boxes and action buttons (such as update notices and other warnings) are embedded in operating systems and application programs in order to protect electronic information. Human behaviour and attitudes towards security features determine the user experience during the implementation of Information Security. Cyber criminals are primarily targeting the human aspect of security, since end users are easier to manipulate. In order to effectively secure information, the fields of Usable security and User experience should be integrated in the design and use of security features. This paper presents the findings of an online survey carried out to investigate attitudes towards, behaviour with and experience of embedded security features among members of staff in a tertiary education institution. User experience was measured by enumerating general security awareness, policy awareness and implementation, as well as user behaviour and emotions associated with security interaction. This paper reports on the findings of this survey. The researchers envisage that the findings can lead to the practical development and implementation of a framework for secure user experience.","PeriodicalId":300864,"journal":{"name":"2013 Information Security for South Africa","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-10-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131733244","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
A kernel-driven framework for high performance internet routing simulation 一个内核驱动的框架,用于高性能互联网路由模拟
2013 Information Security for South Africa Pub Date : 2013-10-21 DOI: 10.1109/ISSA.2013.6641048
Alan Herbert, B. Irwin
{"title":"A kernel-driven framework for high performance internet routing simulation","authors":"Alan Herbert, B. Irwin","doi":"10.1109/ISSA.2013.6641048","DOIUrl":"https://doi.org/10.1109/ISSA.2013.6641048","url":null,"abstract":"The ability to provide the simulation of packets traversing an internet path is an integral part of providing realistic simulations for network training, and cyber defence exercises. This paper builds on previous work, and considers an in-kernel approach to solving the routing simulation problem. The inkernel approach is anticipated to allow the framework to be able to achieve throughput rates of 1GB/s or higher using commodity hardware. Processes that run outside the context of the kernel of most operating system require context switching to access hardware and kernel modules. This leads to considerable delays in the processes, such as network simulators, that frequently access hardware such as hard disk accesses and network packet handling. To mitigate this problem, as experienced with earlier implementations, this research looks towards implementing a kernel module to handle network routing and simulation within a UNIX based system. This would remove delays incurred from context switching and allows for direct access to the hardware components of the host.","PeriodicalId":300864,"journal":{"name":"2013 Information Security for South Africa","volume":"35 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-10-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126609921","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Insider threat detection model for the cloud 云内部威胁检测模型
2013 Information Security for South Africa Pub Date : 2013-10-21 DOI: 10.1109/ISSA.2013.6641040
L. Nkosi, Paul Tarwireyi, M. Adigun
{"title":"Insider threat detection model for the cloud","authors":"L. Nkosi, Paul Tarwireyi, M. Adigun","doi":"10.1109/ISSA.2013.6641040","DOIUrl":"https://doi.org/10.1109/ISSA.2013.6641040","url":null,"abstract":"Cloud computing is a revolutionary technology that is changing the way people and organizations conduct business. It promises to help organizations save money on IT expenditure while increasing reliability, efficiency and productivity. However, despite the potential benefits that the cloud promises its users, it is facing some security challenges. Insider threats are some of the growing security concerns that are hindering the adoption of the cloud. Cloud providers are faced with a challenge of monitoring usage patterns of users so as to ensure that malicious insiders do not compromise the security of customer data and applications. Solutions are still needed to ensure that the data stored in the cloud is secure from malicious insiders of the cloud service provider. This paper presents an Insider Threat Detection Model that can be used to detect suspicious insider activities. An experimental system was designed to implement this model. This system uses sequential rule mining to detect malicious users by comparing incoming events against user profiles.","PeriodicalId":300864,"journal":{"name":"2013 Information Security for South Africa","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-10-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125107972","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 18
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信