International Journal of Information Security and Privacy最新文献

{"title":"Interview with Allen Hsieh, Business Consultant, China","authors":"Choton Basu","doi":"10.1080/15536548.2015.1073536","DOIUrl":"https://doi.org/10.1080/15536548.2015.1073536","url":null,"abstract":"","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"37 1","pages":"182 - 183"},"PeriodicalIF":0.8,"publicationDate":"2015-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81495313","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Information Security: SETA Program Status at Jordanian Universities","authors":"Mohammad Eyadat","doi":"10.1080/15536548.2015.1073535","DOIUrl":"https://doi.org/10.1080/15536548.2015.1073535","url":null,"abstract":"An information security education awareness training (SETA) program is considered one of the key factors for making the information technology environment more secure and efficient. This research aimed at investigating and determining the status of the SETA program in Jordanian universities. The findings indicated an alarmingly high rate of unawareness of security, with no education and training programs available in the surveyed Jordanian universities. The lack of adequate knowledge and security implementation among the majority of the communities of the surveyed universities showed the need of a well-designed SETA program in Jordanian universities.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"10 1","pages":"174 - 181"},"PeriodicalIF":0.8,"publicationDate":"2015-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84779497","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Editorial Preface","authors":"K. Bagchi","doi":"10.1080/15536548.2015.1073505","DOIUrl":"https://doi.org/10.1080/15536548.2015.1073505","url":null,"abstract":"The third 2015 issue of JIPS contains three exciting research articles in addition to an interview with a leading business consultant and a review of a new “classic” book. Mobile malware detection is not an easy task. The first paper titled, “M0Droid, An Android Behavioral-Based Malware Detection Model” by Mohsen Damshenas, Ali Dehghantanha, KimKwang Raymond Choo and Ramlan Mahmud, deals with M0Droid, a behavioral-based Android malware detection technique. The authors propose a method to generate standardized mobile malware signatures and a method for comparing generated signatures. Running M0Droid against Genome dataset yields impressive detection rates. The second paper titled, “Investigating Factors Influencing Web-Browsing Safety Efficacy (WSE) Among Older Adults” by Victoria Kisekka, Rajarshi Chakraborty, Sharmistha BagchiSen, and H. Raghav Rao looks into the ability of older adults to anticipate online threats. Several factors that influence older adults’ ability to distinguish between safe and unsafe websites were investigated with partial least square (PLS) regression analysis using a set of older adults age 55 years and older. The authors find that factors such as risk aversion, security education, and perceived ability in finding information online were positively associated with web-browsing safety. The third paper titled, “Information Security: SETA Program Status at Jordanian Universities” by Mohammad S. Eyadat delves into the important issue of the information security education awareness training (SETA) program at universities in Jordan. The author found a high rate of unawareness of security with no education and training programs available in the surveyed universities. In the Expert Opinion section, Choton Basu interviews Allen Hsieh, a consultant from China who recently consulted with Accenture in China. Hsieh observes that a big percentage of the phones in China are either jail-broken or otherwise problematic, and thus they are easier targets for exploits. In the Book Review section, Adolfo Coronado reviews “Introduction to Computer Security” authored by M. Goodrich & R. Tamassia and published by Addison-Wesley. Adolfo observes that the selection of topics in this book is relevant to any introductory book in computer security,","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"25 1","pages":"139 - 140"},"PeriodicalIF":0.8,"publicationDate":"2015-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77437914","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Location Privacy Protection for Smartphone Users Using Quadtree Entropy Maps","authors":"Xiaoen Ju, K. Shin","doi":"10.1080/15536548.2015.1045372","DOIUrl":"https://doi.org/10.1080/15536548.2015.1045372","url":null,"abstract":"The ever-increasing popularity of location-based services poses a serious threat to users’ location privacy. Most protection systems, however, rely on an anonymization server, which itself becomes one source of untrustworthiness. This article presents EMP2—a new location privacy protection scheme based on a quadtree entropy map, enabling the protection of users’ location privacy only with their smartphones. EMP2 accurately estimates the uncertainty of users' intended destinations and dynamically adjusts the protection level to defend against sophisticated inference attacks based on query correlation. Our evaluation demonstrates that EMP2 can effectively protect users’ location privacy with reasonable computation time and resource consumption.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"60 1","pages":"62 - 79"},"PeriodicalIF":0.8,"publicationDate":"2015-04-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"84176221","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"The Human Key: Identification and Authentication in Wearable Devices Using Gait","authors":"Pallavi Meharia, D. Agrawal","doi":"10.1080/15536548.2015.1046286","DOIUrl":"https://doi.org/10.1080/15536548.2015.1046286","url":null,"abstract":"With the advent of wearable devices and the commonality of on-body monitoring devices, a future is anticipated in which the body-area networks will become commonplace in daily life. It is envisioned that the whole process will be automated wherein a user wearing such a device automatically enables the associated security mechanism and establishes communication between that user and her surroundings. This article addresses a technique to identify the wearer of the device and proposes an encryption scheme for secure communication, allowing for identification and authentication before establishing communication. It suggests using gait as a metric for identity association using wearable sensors.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"114 1","pages":"80 - 96"},"PeriodicalIF":0.8,"publicationDate":"2015-04-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79209308","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Cross-Site Scripting (XSS) Abuse and Defense: Exploitation on Several Testing Bed Environments and Its Defense","authors":"B. B. Gupta, Shashank Gupta, S. Gangwar, Manoj Kumar, P. K. Meena","doi":"10.1080/15536548.2015.1044865","DOIUrl":"https://doi.org/10.1080/15536548.2015.1044865","url":null,"abstract":"Today cyber physical systems (CPS) facilitate physical world devices to integrate with several Internet data sources and services. In the contemporary era of Web 2.0 technologies, web applications are being developed on several advanced technologies (e.g., AJAX, JavaScript, Flash, ASP.net). However, due to the frequent usage in daily life, web applications are constantly under attack. Cross-site scripting (XSS) attacks are presently the most exploited security problems in the modern web applications. XSS attacks are generally caused by the improper sanitization of user-supplied input on the applications. These attacked use vulnerabilities in the source code, resulting in serious consequences such as stealing of session-identifications embedded in cookies, passwords, credit card numbers, and several other related personal credentials. This article describes a three-fold approach: 1) testing the vulnerabilities of XSS attack on the local host server Apache Tomcat by utilizing the malicious scripts from XSS cheat sheet website; 2) exploiting the same vulnerabilities on Web Goat; and 3) exploiting encoded versions of the injected scripts for testing the level of XSS attack prevention capability. Based on the observed results, further work is also discussed.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"1 1","pages":"118 - 136"},"PeriodicalIF":0.8,"publicationDate":"2015-04-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75866837","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Special Issue on Secured Communication in Wireless and Wired Networks","authors":"D. Agrawal","doi":"10.1080/15536548.2015.1044863","DOIUrl":"https://doi.org/10.1080/15536548.2015.1044863","url":null,"abstract":"The emergence of the Internet of Things (IoT) has enlarged the network scope even in daily life now as many household items are being served or connected. Due to such infiltration of networking, th...","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"6 1","pages":"59 - 61"},"PeriodicalIF":0.8,"publicationDate":"2015-04-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"74281971","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Information Theoretic and Statistical Drive Sanitization Models","authors":"Jeffrey Medsger, A. Srinivasan, Jie Wu","doi":"10.1080/15536548.2015.1045380","DOIUrl":"https://doi.org/10.1080/15536548.2015.1045380","url":null,"abstract":"Current drive sanitization techniques employ little or no intelligence to determine if the area being sanitized, with data overwriting, actually contains sensitive resident data. All data blocks in the target area are sanitized, utilizing brute-force sanitization techniques of one to several wipe passes. In reality, a significant number of drives needing sanitization may contain areas with no sensitive data—or even any data. Consequently, sanitizing such areas is counterintuitive and counterproductive. This article proposes two information-theoretic techniques—ERASE and ERASERS, which utilize an entropy measurement of data blocks for quick and effective drive sanitization. The first technique, ERASE, computes the entropy of each data block in the target area. Subsequently, all data blocks, which have an entropy within the user-specified sensitivity range, are wiped. The second technique, ERASERS, which is an extension of ERASE, employs random sampling to enhance the speed performance of ERASE. To achieve this goal, ERASERS divides the target area into subpopulations, performs random sampling of blocks from each subpopulation, and computes the entropy of each sampled block. If the entropy of any sampled block, within a subpopulation, is within the user-specified sensitive entropy range, the entire subpopulation is wiped.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"32 1","pages":"117 - 97"},"PeriodicalIF":0.8,"publicationDate":"2015-04-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82108224","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Mining the Social Web: Data Mining Facebook, Twitter, LinkedIn, Google+, Github, and More, by Matthew A. Russell","authors":"Dehghantanha Ali","doi":"10.1080/15536548.2015.1046287","DOIUrl":"https://doi.org/10.1080/15536548.2015.1046287","url":null,"abstract":"","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"278 1","pages":"137 - 138"},"PeriodicalIF":0.8,"publicationDate":"2015-04-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80092237","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Healthshark: Using Twitter for Situational Awareness in Public Health","authors":"Alana Platt, Levi Citrin, C. Hood","doi":"10.1080/15536548.2015.1010984","DOIUrl":"https://doi.org/10.1080/15536548.2015.1010984","url":null,"abstract":"Monitoring outbreaks of contagious diseases is an important task for public health officials and they must receive outbreak information quickly to respond to this threat. Social network sites such as Twitter can be leveraged to track self-reporting of diseases in real time. This work presents a prototype system, HealthShark, which monitors Twitter for mentions of contagious diseases. The authors outline the features of HealthShark, perform a user study to assess its usefulness as a tool for monitoring disease outbreaks, and discuss potential privacy concerns’ impact on the design of such a system.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":"132 1","pages":"19 - 37"},"PeriodicalIF":0.8,"publicationDate":"2015-01-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79650520","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}