Open Access. Powered by Scholars. Published by Universities.®

Information Security Commons

Open Access. Powered by Scholars. Published by Universities.®

Databases and Information Systems

2018

Institution
Keyword
Publication
Publication Type
File Type

Articles 1 - 23 of 23

Full-Text Articles in Information Security

Russia Today, Cyberterrorists Tomorrow: U.S. Failure To Prepare Democracy For Cyberspace, Jonathan F. Lancelot Dec 2018

Russia Today, Cyberterrorists Tomorrow: U.S. Failure To Prepare Democracy For Cyberspace, Jonathan F. Lancelot

Journal of Digital Forensics, Security and Law

This paper is designed to expose vulnerabilities within the US electoral system, the use of cyberspace to exploit weaknesses within the information assurance strategies of the democratic and republican party organizations, and deficiencies within the social media communications and voting machine exploits. A brief history of discriminatory practices in voting rights and voting access will be set as the foundation for the argument that the system is vulnerable in the cyber age, and the need for reform at the local, state and national levels will be emphasized. The possibility of a foreign nation-state influencing the outcome of an election by …

Go to article

Secured Data Masking Framework And Technique For Preserving Privacy In A Business Intelligence Analytics Platform, Osama Ali Dec 2018

Secured Data Masking Framework And Technique For Preserving Privacy In A Business Intelligence Analytics Platform, Osama Ali

Electronic Thesis and Dissertation Repository

The main concept behind business intelligence (BI) is how to use integrated data across different business systems within an enterprise to make strategic decisions. It is difficult to map internal and external BI’s users to subsets of the enterprise’s data warehouse (DW), resulting that protecting the privacy of this data while maintaining its utility is a challenging task. Today, such DW systems constitute one of the most serious privacy breach threats that an enterprise might face when many internal users of different security levels have access to BI components. This thesis proposes a data masking framework (iMaskU: Identify, Map, Apply, …

Go to article

Gradubique: An Academic Transcript Database Using Blockchain Architecture, Thinh Nguyen Dec 2018

Gradubique: An Academic Transcript Database Using Blockchain Architecture, Thinh Nguyen

Master's Projects

Blockchain has been widely adopted in the last few years even though it is in its infancy. The first well-known application built on blockchain technology was Bitcoin, which is a decentralized and distributed ledger to record crypto-currency transactions. All of the transactions in Bitcoin are anonymously transferred and validated by participants in the network. Bitcoin protocol and its operations are so reliable that technologists have been inspired to enhance blockchain technologies and deploy it outside of the crypto-currency world. The demand for private and non-crypto-currency solutions have surged among consortiums because of the security and fault tolerant features of blockchain. …

Go to article

Performance Indicators Analysis Inside A Call Center Using A Simulation Program, Ditila Ekmekçiu, Markela Muça, Adrian Naço Nov 2018

Performance Indicators Analysis Inside A Call Center Using A Simulation Program, Ditila Ekmekçiu, Markela Muça, Adrian Naço

International Journal of Business and Technology

This paper deals with and shows the results of different performance indicators analyses made utilizing the help of Simulation and concentrated on dimensioning problems of handling calls capacity in a call center. The goal is to measure the reactivity of the call center’s performance to potential changes of critical variables. The literature related to the employment of this kind of instrument in call centers is reviewed, and the method that this problem is treated momentarily is precisely described. The technique used to obtain this paper’s goal implicated a simulation model using Arena Contact Center software that worked as a key …

Go to article

Modelling Business And Management Systems Using Fuzzy Cognitive Maps: A Critical Overview, Peter P. Groumpos Nov 2018

Modelling Business And Management Systems Using Fuzzy Cognitive Maps: A Critical Overview, Peter P. Groumpos

International Journal of Business and Technology

A critical overview of modelling Business and Management (B&M) Systems using Fuzzy Cognitive Maps is presented. A limited but illustrative number of specific applications of Fuzzy Cognitive Maps in diverse B&M systems, such as e business, performance assessment, decision making, human resources management, planning and investment decision making processes is provided and briefly analyzed. The limited survey is given in a table with statics of using FCMs in B&M systems during the last 15 years. The limited survey shows that the applications of Fuzzy Cognitive Maps to today’s Business and Management studies has been steadily increased especially during the last …

Go to article

Vpsearch: Achieving Verifiability For Privacy-Preserving Multi-Keyword Search Over Encrypted Cloud Data, Zhiguo Wan, Robert H. Deng Nov 2018

Vpsearch: Achieving Verifiability For Privacy-Preserving Multi-Keyword Search Over Encrypted Cloud Data, Zhiguo Wan, Robert H. Deng

Research Collection School Of Computing and Information Systems

Although cloud computing offers elastic computation and storage resources, it poses challenges on verifiability of computations and data privacy. In this work we investigate verifiability for privacy-preserving multi-keyword search over outsourced documents. As the cloud server may return incorrect results due to system faults or incentive to reduce computation cost, it is critical to offer verifiability of search results and privacy protection for outsourced data at the same time. To fulfill these requirements, we design aVerifiablePrivacy-preserving keywordSearch scheme, called VPSearch, by integrating an adapted homomorphic MAC technique with a privacy-preserving multi-keyword search scheme. The proposed scheme enables the client to …

Go to article

Vulnerability Assessment & Penetration Testing: Case Study On Web Application Security, Gazmend Krasniqi, Veton Bejtullahu Oct 2018

Vulnerability Assessment & Penetration Testing: Case Study On Web Application Security, Gazmend Krasniqi, Veton Bejtullahu

UBT International Conference

Complexity of information systems are increasing day by day. The security of information systems that are connected to public networks can be compromised by unauthorized, and usually anonymous, attempts to access them. By using public networks businesses and other institutions are exposed to numerous risks. This leads to more and more vulnerabilities in Information Systems. This situation calls for test methods that are devised from the attacker’s perspective to ensure that test conditions are as realistic as possible. In this paper we will describe complete stages of Vulnerability Assessment and Penetration Testing on some systems in UBT and proactive action …

Go to article

Is Information Systems Misuse Always Bad? A New Perspective On Is Misuse In Hospitals Under The Context Of Disasters, Dheyaaldin Alsalman Jul 2018

Is Information Systems Misuse Always Bad? A New Perspective On Is Misuse In Hospitals Under The Context Of Disasters, Dheyaaldin Alsalman

Masters Theses & Doctoral Dissertations

Although the extant literature has investigated how individuals engage in inappropriate behaviors based on the rational choice theory (RCT) (e.g., computer misconduct), the neutralization theory (e.g., IS security policies violation), and workarounds under normal situations, it has given little consideration to how individuals are involved in misuse of information systems with a good intention under the context of disasters. To fill this research gap, we propose a selfless misuse model, which offers a theoretical explanation for the concept of individuals’ selfless misuse intention under uncertainty caused by disasters. In this study, we show why employees make decisions to misuse the …

Go to article

Deaddrop: Message Passing Without Metadata Leakage, Davis Mike Arndt Jun 2018

Deaddrop: Message Passing Without Metadata Leakage, Davis Mike Arndt

Computer Science and Software Engineering

Even when network data is encrypted, observers can make inferences about content based on collected metadata. DeadDrop is an exploratory API designed to protect the metadata of a conversation from both outside observers and the facilitating server. To do so, DeadDrop servers are passed no recipient address, instead relying upon the recipient to check for messages of their own volition. In addition, the recipient downloads a copy of every encrypted message on the server to prevent even the server from knowing to whom each message is intended. To these purposes, DeadDrop is mostly successful. However, it does not obscure all …

Go to article

Verifiably Encrypted Cascade-Instantiable Blank Signatures To Secure Progressive Decision Management, Yujue Wang, Hwee Hwa Pang, Robert H. Deng Jun 2018

Verifiably Encrypted Cascade-Instantiable Blank Signatures To Secure Progressive Decision Management, Yujue Wang, Hwee Hwa Pang, Robert H. Deng

Research Collection School Of Computing and Information Systems

In this paper, we introduce the notion of verifiably encrypted cascade-instantiable blank signatures (CBS) in a multi-user setting. In CBS, there is a delegation chain that starts with an originator and is followed by a sequence of proxies. The originator creates and signs a template, which may comprise fixed fields and exchangeable fields. Thereafter, each proxy along the delegation chain is able to make an instantiation of the template from the choices passed down from her direct predecessor, before generating a signature for her instantiation. First, we present a non-interactive basic CBS construction that does not rely on any shared …

Go to article

User-Centric Privacy Preservation In Mobile And Location-Aware Applications, Mingming Guo Apr 2018

User-Centric Privacy Preservation In Mobile And Location-Aware Applications, Mingming Guo

FIU Electronic Theses and Dissertations

The mobile and wireless community has brought a significant growth of location-aware devices including smart phones, connected vehicles and IoT devices. The combination of location-aware sensing, data processing and wireless communication in these devices leads to the rapid development of mobile and location-aware applications. Meanwhile, user privacy is becoming an indispensable concern. These mobile and location-aware applications, which collect data from mobile sensors carried by users or vehicles, return valuable data collection services (e.g., health condition monitoring, traffic monitoring, and natural disaster forecasting) in real time. The sequential spatial-temporal data queries sent by users provide their location trajectory information. The …

Go to article

Surveying Digital Collections Stewardship In Nebraska [Original Survey Form], Jennifer L. Thoegersen, Blake Graham Apr 2018

Surveying Digital Collections Stewardship In Nebraska [Original Survey Form], Jennifer L. Thoegersen, Blake Graham

University of Nebraska-Lincoln Data Repository

No abstract provided.

Go to article

Every Step You Take, I’Ll Be Watching You: Practical Stepauth-Entication Of Rfid Paths, Kai Bu, Yingjiu Li Apr 2018

Every Step You Take, I’Ll Be Watching You: Practical Stepauth-Entication Of Rfid Paths, Kai Bu, Yingjiu Li

Research Collection School Of Computing and Information Systems

Path authentication thwarts counterfeits in RFID-based supply chains. Its motivation is that tagged products taking invalid paths are likely faked and injected by adversaries at certain supply chain partners/steps. Existing solutions are path-grained in that they simply regard a product as genuine if it takes any valid path. Furthermore, they enforce distributed authentication by offloading the sets of valid paths to some or all steps from a centralized issuer. This not only imposes network and storage overhead but also leaks transaction privacy. We present StepAuth, the first step-grained path authentication protocol that is practically efficient for authenticating products with strict …

Go to article

Keep It Simple, Keep It Safe - Research On The Impacts Of Increasing Complexity Of Modern Enterprise Applications, Shawn Ware, David Phillips Mar 2018

Keep It Simple, Keep It Safe - Research On The Impacts Of Increasing Complexity Of Modern Enterprise Applications, Shawn Ware, David Phillips

UNO Student Research and Creative Activity Fair

As the Cybersecurity program within UNO continues to adapt to the ever-changing world of information systems and information security, the Cybersecurity Capstone has recently become an active, community-involvement project, where real-world organizations can receive valuable, useful research and information from students on their way towards a degree. This presentation encompasses two such projects from the Cybersecurity Capstone, looking at how modern, more complex systems can often increase system vulnerability.

Go to article

Mining Sandboxes: Are We There Yet?, Lingfeng Bao, Tien Duy B. Le, David Lo Mar 2018

Mining Sandboxes: Are We There Yet?, Lingfeng Bao, Tien Duy B. Le, David Lo

Research Collection School Of Computing and Information Systems

The popularity of Android platform on mobile devices has attracted much attention from many developers and researchers, as well as malware writers. Recently, Jamrozik et al. proposed a technique to secure Android applications referred to as mining sandboxes. They used an automated test case generation technique to explore the behavior of the app under test and then extracted a set of sensitive APIs that were called. Based on the extracted sensitive APIs, they built a sandbox that can block access to APIs not used during testing. However, they only evaluated the proposed technique with benign apps but not investigated whether …

Go to article

Urlnet: Learning A Url Representation With Deep Learning For Malicious Url Detection, Hung Le, Hong Quang Pham, Doyen Sahoo, Steven C. H. Hoi Mar 2018

Urlnet: Learning A Url Representation With Deep Learning For Malicious Url Detection, Hung Le, Hong Quang Pham, Doyen Sahoo, Steven C. H. Hoi

Research Collection School Of Computing and Information Systems

Malicious URLs host unsolicited content and are used to perpetrate cybercrimes. It is imperative to detect them in a timely manner. Traditionally, this is done through the usage of blacklists, which cannot be exhaustive, and cannot detect newly generated malicious URLs. To address this, recent years have witnessed several efforts to perform Malicious URL Detection using Machine Learning. The most popular and scalable approaches use lexical properties of the URL string by extracting Bag-of-words like features, followed by applying machine learning models such as SVMs. There are also other features designed by experts to improve the prediction performance of the …

Go to article

Attribute-Based Cloud Storage With Secure Provenance Over Encrypted Data, Hui Cui, Robert H. Deng, Yingjiu Li Feb 2018

Attribute-Based Cloud Storage With Secure Provenance Over Encrypted Data, Hui Cui, Robert H. Deng, Yingjiu Li

Research Collection School Of Computing and Information Systems

To securely and conveniently enjoy the benefits of cloud storage, it is desirable to design a cloud data storage system which protects data privacy from storage servers through encryption, allows fine-grained access control such that data providers can expressively specify who are eligible to access the encrypted data, enables dynamic user management such that the total number of data users is unbounded and user revocation can be carried out conveniently, supports data provider anonymity and traceability such that a data provider’s identity is not disclosed to data users in normal circumstances but can be traced by a trusted authority if …

Go to article

Lowering Legal Barriers To Rpki Adoption, Christopher S. Yoo, David A. Wishnick Jan 2018

Lowering Legal Barriers To Rpki Adoption, Christopher S. Yoo, David A. Wishnick

All Faculty Scholarship

Across the Internet, mistaken and malicious routing announcements impose significant costs on users and network operators. To make routing announcements more reliable and secure, Internet coordination bodies have encouraged network operators to adopt the Resource Public Key Infrastructure (“RPKI”) framework. Despite this encouragement, RPKI’s adoption rates are low, especially in North America.

This report presents the results of a year-long investigation into the hypothesis—widespread within the network operator community—that legal issues pose barriers to RPKI adoption and are one cause of the disparities between North America and other regions of the world. On the basis of interviews and analysis of …

Go to article

Can Ego Defense Mechanism Help Explain Is Security Dysfunctional Behavior, Abhijit Chaudhury, Debasish Mallick Jan 2018

Can Ego Defense Mechanism Help Explain Is Security Dysfunctional Behavior, Abhijit Chaudhury, Debasish Mallick

Information Systems and Analytics Department Faculty Conference Proceedings

IS security behavior studies are becoming popular. To date, much of the research has been based on theories such as the Theory of Planned Behavior, Technology Adoption Model, Rational Choice theory and Theory of Reasoned Action. They view users as rational individuals making conscious utilitarian decisions when there is increasing evidence that security breaches are the result of human behavior such as carelessness, malicious intent, bad habits, and hostility. We propose the ego defense mechanism model, taken from the psychoanalytical world. This model makes no assumption of rationality and has been developed to help understand the roots of dysfunctional behavior …

Go to article

Software Intrusion Detection Evaluation System: A Cost-Based Evaluation Of Intrusion Detection Capability, Agbotiname L. Imoize, Taiwo Oyedare, Michael E. Otuokere, Sachin Shetty Jan 2018

Software Intrusion Detection Evaluation System: A Cost-Based Evaluation Of Intrusion Detection Capability, Agbotiname L. Imoize, Taiwo Oyedare, Michael E. Otuokere, Sachin Shetty

VMASC Publications

In this paper, we consider a cost-based extension of intrusion detection capability (CID). An objective metric motivated by information theory is presented and based on this formulation; a package for computing the intrusion detection capability of intrusion detection system (IDS), given certain input parameters is developed using Java. In order to determine the expected cost at each IDS operating point, the decision tree method of analysis is employed, and plots of expected cost and intrusion detection capability against false positive rate were generated. The point of intersection between the maximum intrusion detection capability and the expected cost is selected as …

Go to article

Developing A Cyberterrorism Policy: Incorporating Individual Values, Osama Bassam J. Rabie Jan 2018

Developing A Cyberterrorism Policy: Incorporating Individual Values, Osama Bassam J. Rabie

Theses and Dissertations

Preventing cyberterrorism is becoming a necessity for individuals, organizations, and governments. However, current policies focus on technical and managerial aspects without asking for experts and non-experts values and preferences for preventing cyberterrorism. This study employs value focused thinking and public value forum to bare strategic measures and alternatives for complex policy decisions for preventing cyberterrorism. The strategic measures and alternatives are per socio-technical process.

Go to article

Determining Vulnerability Using Attack Graphs: An Expansion Of The Current Fair Model, Beth M. Anderson Jan 2018

Determining Vulnerability Using Attack Graphs: An Expansion Of The Current Fair Model, Beth M. Anderson

EWU Masters Thesis Collection

Factor Analysis of Information Risk (FAIR) provides a framework for measuring and understanding factors that contribute to information risk. One such factor is FAIR Vulnerability; the probability that an event involving a threat will result in a loss. An asset is vulnerable if a threat actor’s Threat Capability is higher than the Resistance Strength of the asset. In FAIR scenarios, Resistance Strength is currently estimated for entire assets, oversimplifying assets containing individual systems and the surrounding environment. This research explores enhancing estimations of FAIR Vulnerability by modeling interactions between threat actors and assets through attack graphs. By breaking down the …

Go to article

User-Friendly Deniable Storage For Mobile Devices, Bing Chang, Yao Cheng, Bo Chen, Fengwei Zhang, Wen-Tao Zhu, Yingjiu Li, Zhan. Wang Jan 2018

User-Friendly Deniable Storage For Mobile Devices, Bing Chang, Yao Cheng, Bo Chen, Fengwei Zhang, Wen-Tao Zhu, Yingjiu Li, Zhan. Wang

Research Collection School Of Computing and Information Systems

Mobile devices are prevalently used to process sensitive data, but traditional encryption may not work when an adversary is able to coerce the device owners to disclose the encryption keys. Plausibly Deniable Encryption (PDE) is thus designed to protect sensitive data against this powerful adversary. In this paper, we present MobiPluto, a user-friendly PDE scheme for denying the existence of sensitive data stored on mobile devices. A salient difference between MobiPluto and the existing PDE systems is that any block-based file systems can be deployed on top of it. To further improve usability and deniability of MobiPluto, we introduce a …

Go to article