发布求助
文献互助 智能选刊 最新文献

2016 Information Security for South Africa (ISSA)最新文献

筛选
英文 中文
Review of data storage protection approaches for POPI compliance 审查符合POPI的数据存储保护方法
2016 Information Security for South Africa (ISSA) Pub Date : 2016-08-01 DOI: 10.1109/ISSA.2016.7802928
Nicholas Scharnick, M. Gerber, L. Futcher
{"title":"Review of data storage protection approaches for POPI compliance","authors":"Nicholas Scharnick, M. Gerber, L. Futcher","doi":"10.1109/ISSA.2016.7802928","DOIUrl":"https://doi.org/10.1109/ISSA.2016.7802928","url":null,"abstract":"In business, information security has always been a debated topic amongst management and executives. Investing in something that is intangible is often not seen as priority expenditure as it brings no Return on Investment nor contributes to expanding the business. However, the newly enacted Protection of Personal Information (POPI) Act forces businesses to re-evaluate their stance on information security and data storage protection as POPI requires that “appropriate and reasonable security measures” be put in place to effectively protect all personal information that large organisations as well as smaller businesses process and more importantly store. However, the lack of comprehensive controls found within any one information security approach (information security standard, best practice or framework) to fully address the requirements of the POPI act, leaves businesses exposed to legislative action under POPI. This paper, through the use of a detailed literature review and qualitative content analysis aims to analyze widely implemented information security approaches in the context of POPI compliance. Through identifying themes for data protection within various information security approaches, an evaluation of the comprehensiveness of these approaches and their proposed mechanisms for protecting data within businesses is conducted.","PeriodicalId":330340,"journal":{"name":"2016 Information Security for South Africa (ISSA)","volume":"72 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123628349","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Context Aware Mobile Application for mobile devices 上下文感知移动应用,用于移动设备
2016 Information Security for South Africa (ISSA) Pub Date : 2016-08-01 DOI: 10.1109/ISSA.2016.7802933
M. Masango, Francois Mouton, Alastair Nottingham, J. Mtsweni
{"title":"Context Aware Mobile Application for mobile devices","authors":"M. Masango, Francois Mouton, Alastair Nottingham, J. Mtsweni","doi":"10.1109/ISSA.2016.7802933","DOIUrl":"https://doi.org/10.1109/ISSA.2016.7802933","url":null,"abstract":"Android smart devices have become an integral part of peoples lives, having evolved beyond the capability of just sending a text message or making a call. Currently, smart devices have applications that can restrict access to other applications on the same device, implemented through user authentication. Android smart devices offer the capability of Android Smart Lock, which uses different authentication methods for unlocking the device based on the users location. However, Android Smart Lock does not allow locking for individual applications. A possible solution to this limitation is an application that performs user authentication using a context-aware approach. This paper proposes a context-aware application, which provides different user authentication methods that are set up according to the auto-detection of areas designated as safe zones by the user. This application aims to improve the overall security of the content of a given device by securing individual applications.","PeriodicalId":330340,"journal":{"name":"2016 Information Security for South Africa (ISSA)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116758859","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Specific emitter identification for enhanced access control security 用于增强访问控制安全性的特定发射器标识
2016 Information Security for South Africa (ISSA) Pub Date : 2016-08-01 DOI: 10.1109/ISSA.2016.7802927
J. N. Samuel, W. P. Plessis
{"title":"Specific emitter identification for enhanced access control security","authors":"J. N. Samuel, W. P. Plessis","doi":"10.1109/ISSA.2016.7802927","DOIUrl":"https://doi.org/10.1109/ISSA.2016.7802927","url":null,"abstract":"This paper presents the application of specific emitter identification (SEI) to access control and points out the security caveats of current radio-based access remotes. Specifically, SEI is applied to radio frequency (RF) access remotes used to open and close motorised gates in residential housing complexes for the purposes of access control. A proof-of-concept SEI system was developed to investigate whether it is possible to distinguish between the RF signals produced by two nominally-identical access remotes. It was determined that it is possible to distinguish between the remotes with an accuracy of 98%.","PeriodicalId":330340,"journal":{"name":"2016 Information Security for South Africa (ISSA)","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115479195","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Adaptable exploit detection through scalable NetFlow analysis 通过可扩展的NetFlow分析进行适应性漏洞检测
2016 Information Security for South Africa (ISSA) Pub Date : 2016-08-01 DOI: 10.1109/ISSA.2016.7802938
Alan Herbert, B. Irwin
{"title":"Adaptable exploit detection through scalable NetFlow analysis","authors":"Alan Herbert, B. Irwin","doi":"10.1109/ISSA.2016.7802938","DOIUrl":"https://doi.org/10.1109/ISSA.2016.7802938","url":null,"abstract":"Full packet analysis on firewalls and intrusion detection, although effective, has been found in recent times to be detrimental to the overall performance of networks that receive large volumes of throughput. For this reason partial packet analysis technologies such as the NetFlow protocol have emerged to better mitigate these bottlenecks through log generation. This paper researches the use of log files generated by NetFlow version 9 and IPFIX to identify successful and unsuccessful exploit attacks commonly used by automated systems. These malicious communications include but are not limited to exploits that attack Microsoft RPC, Samba, NTP (Network Time Protocol) and IRC (Internet Relay Chat). These attacks are recreated through existing exploit implementations on Metasploit and through hand-crafted reconstructions of exploits via known documentation of vulnerabilities. These attacks are then monitored through a preconfigured virtual testbed containing gateways and network connections commonly found on the Internet. This common attack identification system is intended for insertion as a parallel module for Bolvedere in order to further the increase the Bolvedere system's attack detection capability.","PeriodicalId":330340,"journal":{"name":"2016 Information Security for South Africa (ISSA)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131135559","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
The pattern-richness of Graphical passwords 图形密码的模式丰富度
2016 Information Security for South Africa (ISSA) Pub Date : 2016-08-01 DOI: 10.1109/ISSA.2016.7802931
J. Vorster, R. V. Heerden, B. Irwin
{"title":"The pattern-richness of Graphical passwords","authors":"J. Vorster, R. V. Heerden, B. Irwin","doi":"10.1109/ISSA.2016.7802931","DOIUrl":"https://doi.org/10.1109/ISSA.2016.7802931","url":null,"abstract":"Conventional (text-based) passwords have shown patterns such as variations on the username, or known passwords such as “password”, “admin” or “12345”. Patterns may similarly be detected in the use of Graphical passwords (GPs). The most significant such pattern - reported by many researchers - is hotspot clustering. This paper qualitatively analyses more than 200 graphical passwords for patterns other than the classically reported hotspots. The qualitative analysis finds that a significant percentage of passwords fall into a small set of patterns; patterns that can be used to form attack models against GPs. In counter action, these patterns can also be used to educate users so that future password selection is more secure. It is the hope that the outcome from this research will lead to improved behaviour and an enhancement in graphical password security.","PeriodicalId":330340,"journal":{"name":"2016 Information Security for South Africa (ISSA)","volume":"37 4","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131993002","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
CDMA in signal encryption and information security CDMA中的信号加密与信息安全
2016 Information Security for South Africa (ISSA) Pub Date : 2016-08-01 DOI: 10.1109/ISSA.2016.7802929
O. Wojuola, S. Mneney, V. Srivastava
{"title":"CDMA in signal encryption and information security","authors":"O. Wojuola, S. Mneney, V. Srivastava","doi":"10.1109/ISSA.2016.7802929","DOIUrl":"https://doi.org/10.1109/ISSA.2016.7802929","url":null,"abstract":"Code-division multiple-access (CDMA) is a communication technique that was developed originally for the military because of its jam-resistant properties. It is one of the early forms of jam-resistant, signal encryption techniques used in military applications for the purpose of wireless signal transmission and information-hiding from adversaries. In recent years, CDMA has also played a key role in mobile telephony as a multiple-access technique because of certain properties that make it suitable for commercial and civilian applications. This paper gives a brief exposition on CDMA as a signal encryption technique, and the position that it occupies in future wireless technology. This paper also compares CDMA technology with a relatively recent technique, interleave-division multiple-access (IDMA) that has been attracting significant attention in wireless circles.","PeriodicalId":330340,"journal":{"name":"2016 Information Security for South Africa (ISSA)","volume":"77 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114219718","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Dridex: Analysis of the traffic and automatic generation of IOCs Dridex:流量分析和ioc自动生成
2016 Information Security for South Africa (ISSA) Pub Date : 2016-08-01 DOI: 10.1109/ISSA.2016.7802932
L. Rudman, B. Irwin
{"title":"Dridex: Analysis of the traffic and automatic generation of IOCs","authors":"L. Rudman, B. Irwin","doi":"10.1109/ISSA.2016.7802932","DOIUrl":"https://doi.org/10.1109/ISSA.2016.7802932","url":null,"abstract":"In this paper we present a framework that generates network Indicators of Compromise (IOC) automatically from a malware sample after dynamic runtime analysis. The framework addresses the limitations of manual Indicator of Compromise generation and utilises sandbox environment to perform the malware analysis in. We focus on the generation of network based IOCs from captured traffic files (PCAPs) generated by the dynamic malware analysis. The Cuckoo Sandbox environment is used for the analysis and the setup is described in detail. Accordingly, we discuss the concept of IOCs and the popular formats used as there is currently no standard. As an example of how the proof-of-concept framework can be used, we chose 100 Dridex malware samples and evaluated the traffic and showed what can be used for the generation of network-based IOCs. Results of our system confirm that we can create IOCs from dynamic malware analysis and avoid the legitimate background traffic originating from the sandbox system. We also briefly discuss the sharing of, and application of the generated IOCs and the number of systems that can be used to share them. Lastly we discuss how they can be useful in combating cyber threats.","PeriodicalId":330340,"journal":{"name":"2016 Information Security for South Africa (ISSA)","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126473981","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
首页 上一页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信