Mitigating social media threats towards information security : a case study of two academic institutions

01 September 2015

M.Tech. (Information Technology) / Since the introduction of Web 2.0, there has been an increase in the number of applications that promote the use of user-generated content, support social and collaborative interaction on the Web, and provide engaging user interactions. This together with the continuous increase in internet speed gave rise to the formation of interactive online communication channels, such as Social Media (SM). SM moved from just being a purely social platform to being an integral part of many organisations` business practices. Organisations saw an opportunity through SM to market themselves and interact with customers more efficiently and cost effectively, whist reaching a larger number of potential clients online ...

Social media - Security measures

Die integrering van inligtingsekerheid met programmatuuringenieurswese

20 November 2014

M.Com. (Informatiks) / Please refer to full text to view abstract

Computer security

Software engineering

Computer networks - Security measures

Assessment of Web-Based Authentication Methods in the U.S.: Comparing E-Learning Systems to Internet Healthcare Information Systems

Mattord, Herbert J.

01 January 2012

Organizations continue to rely on password-based authentication methods to control access to many Web-based systems. This research study developed a benchmarking instrument intended to assess authentication methods used in Web-based information systems (IS). It developed an Authentication Method System Index (AMSI) to analyze collected data from representative samples of e-learning systems in the U.S. and from healthcare ISs, also in the U.S. This data were used to compare authentication methods used by those systems. The AMSI measured 1) password strength requirements, 2) password usage methods, and 3) password reset requirements. Those measures were combined into the single index that represents the current authentication methods. This study revealed that there is no significant difference in the ways that authentication methods are employed between the two groups of ISs. This research validated the criteria proposed for the AMSI using a panel of experts drawn from industry and academia. Simultaneously, the same panel provided preferences for the relative weight of specific criteria within some measures. The panel of experts also assessed the relative weight of each measure within the AMSI. Once the criteria were verified and the elicited weights were computed, an opportunity sample of Web-based ISs in the two groups identified earlier were assessed to ascertain the values for the criteria that comprise the AMSI. After completion of pre-analysis data screening, the collected data were assessed using the results of the AMSI benchmarking tool. Results of the comparison within and between the two sample groups are presented. This research found that the AMSI can be used as a mechanism to measure some aspects of the authentication methods used by Web-based systems. There was no measurable significance in the differences between the samples groups. However, IS designers, quality assurance teams, and information security practitioners charged with validating ISs methods may choose to use it to measure the effectiveness of such authentication methods. This can enable continuous improvement of authentication methods employed in such Web-based systems.

Authentication

E-learning

Healthcare

Information Security

Security Management

Computer Sciences

Vytváření bezpečnostní architektury v Evropě po konci studené války / The Construction of the European security architecture after the Cold War

Kubicová, Marcela

January 2010

The thesis deals with the problems of construction of the European security architecture after the Cold War. The first part of the thesis discusses the new security environment after the end of the confrontation era. The second part deals with the considerations of the models of the European security architecture after the Cold War. The discussion about the role of the particular security organizations is also included. The third part of the thesis introduces the Russian proposal -- known as the Medvedev's initiative -- and offers the summary of the studies made by the reputable security analysts who deal with the analysis and the criticism of the Russian proposal. The next part of the thesis focuses on the summit of OSCE in Astana. Some particulary chosen strategic documents of EU and NATO are analysed in the final part of the thesis. The used methods are above all research, comparison and analysis. The aim of this thesis is to analyse the discussion relating to the European security architecture from the end of the Cold War until the present and to collate it with the real development. Such a comprehensive survey as this one is still missing in the Czech Republic. The thesis claims that the rhetoric used in the strategic documents of the particular organizations that constitute the pillar of the European security do not restrain from creating the working European security architecture. Though the different point of view on the concrete problems is questionable. It was found that a really working pan-European security architecture has not been created because the Russian Federation was not included and the european security is provided only by NATO and by EU.

Food insecurity in Southern Africa :causes and emerging response options from evidence at regional, provincial and local scales

Misselhorn, Alison Anne

19 February 2007

Student Number : 0206926T - PhD thesis - School of Geography, Archaeology and Environmental Studies - Faculty of Science / The overarching objective of this thesis is to determine causes of food insecurity in southern Africa, and how it can best be addressed. This objective is addressed through a number of research questions and methods at three geographic scales: the regional, through a technique of meta-analysis which is used to synthesise 49 local-level household economy case studies; the provincial, through a Delphi panel of practitioner experience; and the local, using multiple research techniques, including participatory methods. An extremely diverse range of factors contributing to food-insecurity are found at all three scales, indicating that community- and household-specific dynamics give rise to forms of food insecurity. Two common processes, however, are argued to be common across all the casestudy communities in the regional-scale research. These are the closely related processes of cycles of intensifying vulnerability associated with livelihood ‘trade-offs’, and of communitylevel social capital changing into forms that undermine resilience to food insecurity - such as the decline in two-parent families. A further probing of social capital at the local level suggests that while social capital takes multiple forms, and further remains in many respects a problematic concept, it nevertheless provides a valuable lens through which powerful social dynamics might be examined in developing responses to food insecurity. Policy makers and change agents should carefully consider their role in building community social-capital that might enhance the ability of vulnerable communities to overcome livelihood constraints and adapt to the tremendous challenges posed by changing economic environments in southern Africa. Drawing on the research at all scales, a framework is provided that calls for a reconceptualisation of food-security interventions to focus on intervention processes, applicable at all scales and in all contexts across the region. The development of social capital, participation, co-ordination and learning interactions are explored as central elements in these processes. The framework asks for closer attention to both the appropriate mechanisms (such as policy) necessary to effect change, and the human dimensions that give these mechanisms agency. The findings of the thesis represent an additional shift in understanding food security to acknowledge that the value of a political economic interpretation of food security is limited independent of an understanding of the cross-scale social networks and relational interactions that ultimately configure and reconfigure it.

food security

social capital

vulnerabilty

food security interventions

The Impact of Social Security on Early Retirement: A Cross-Country Analysis

Ahle, James

January 2017

Thesis advisor: Matthew Rutledge / This paper explores the relationship between social security wealth (SSW) and the decision to retire early in five countries: the United States, Germany, Denmark, Poland, and Australia. Individual probit regressions are used to analyze the impact of SSW on early retirement in each specific country. Next, a cross-country probit model including the United States, Germany, and Denmark is estimated to highlight the same relationship in three very different social insurance schemes. Finally, a counterfactual experiment is run in order to examine the impact of a 6.67 percent benefit cut on the likelihood of early retirement. This paper finds that SSW is associated with a greater likelihood of early retirement in the United States, Poland, and Denmark. However, these results are only statistically significant in the United States and Poland. Conversely, the relationship is statistically significant and negative in Australia, and statistically insignificant and negative in Germany. The counterfactual experiment reinforces these findings, demonstrating a particularly high responsiveness of a benefit cut in Denmark and Poland relative to the other countries. The results of the cross-country model finds that SSW has the largest positive effect on early retirement in the United States, followed by Germany, and finally Denmark. However, these contradictory results are not statistically significant. This paper presents interesting policy implications to consider in the United States. The statistically significant but small effect of SSW on early retirement in the United States indicates that policies aimed at reducing benefits as a means of decreasing the likelihood of early retirement may not be the most effective. Additionally, the creation of a system similar to Australia’s low-cost superannuation may be worth investigating, as superannuation benefits appear to have a similar negative impact on early retirement as pension benefits in the United States. / Thesis (BA) — Boston College, 2017. / Submitted to: Boston College. College of Arts and Sciences. / Discipline: Departmental Honors. / Discipline: Economics.

Social Security

Social Security Wealth

Early Retirement

Superannuation

A Network Telescope Approach for Inferring and Characterizing IoT Exploitations

Unknown Date

While the seamless interconnection of IoT devices with the physical realm is envisioned to bring a plethora of critical improvements on many aspects and in diverse domains, it will undoubtedly pave the way for attackers that will target and exploit such devices, threatening the integrity of their data and the reliability of critical infrastructure. The aim of this thesis is to generate cyber threat intelligence related to Internet-scale inference and evaluation of malicious activities generated by compromised IoT devices to facilitate prompt detection, mitigation and prevention of IoT exploitation. In this context, we initially provide a unique taxonomy, which sheds the light on IoT vulnerabilities from five di↵erent perspectives. Subsequently, we address the task of inference and characterization of IoT maliciousness by leveraging active and passive measurements. To support large-scale empirical data analytics in the context of IoT, we made available corresponding raw data through an authenticated platform. / Includes bibliography. / Thesis (M.S.)--Florida Atlantic University, 2018. / FAU Electronic Theses and Dissertations Collection

Internet of things.

Internet of things--Security measures.

Cyber intelligence (Computer security)

National Security in a Globalized Era : A case study of the security implications of selling significant infrastructure to foreign enterprises

Kock, Emilia

January 2019

Since the 1980’s the concept of security has broadened from traditional military security to new additional arenas, with each contributing to national security. The post-Cold War era and the current interconnectedness combined with the expanded concept has resulted in new perceptions of security and situations for states. The research questions of the thesis, How does the port of Gävle relate to the selected tendencies of national security? and Could the selling of the port be considered a matter of national security? aims to exemplify these problematics and examines the chosen case by utilizing the key aspects of economic security. What can be concluded is that the selling of the port could be considered a case of national security. This is based upon the selected characteristics of economic security, which to different degrees was exhibited in the case. As several aspects of the port is recognized as significant in terms of economy, strategy and infrastructure would an incident or intentional act against the port have large consequences for the region and in extensions the nation.

National Security

Securitization

Economic Security

Infrastructure

Gävle

Political Science

Statsvetenskap

Preemptive distributed intrusion detection using mobile agents.

January 2002

by Chan Pui Chung. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2002. / Includes bibliographical references (leaves [56]-[61]). / Abstracts in English and Chinese. / Chapter 1 --- Introduction --- p.1 / Chapter 1.1 --- The Trends --- p.1 / Chapter 1.2 --- What this Thesis Contains --- p.3 / Chapter 2 --- Background --- p.5 / Chapter 2.1 --- Computer Security --- p.5 / Chapter 2.2 --- Anti-intrusion Techniques --- p.6 / Chapter 2.3 --- The Need for Intrusion Detection System --- p.7 / Chapter 2.4 --- Intrusion Detection System Categorization --- p.8 / Chapter 2.4.1 --- Network-based vs. Host-based --- p.8 / Chapter 2.4.2 --- Anomaly Detection vs. Misuse Detection --- p.10 / Chapter 2.4.3 --- Centralized vs. Distributed --- p.11 / Chapter 2.5 --- Agent-based IDS --- p.12 / Chapter 2.6 --- Mobile agent-based IDS --- p.12 / Chapter 3 --- Survey on Intrusion Step --- p.14 / Chapter 3.1 --- Introduction --- p.14 / Chapter 3.2 --- Getting information before break in --- p.14 / Chapter 3.2.1 --- Port scanning --- p.14 / Chapter 3.2.2 --- Sniffing --- p.16 / Chapter 3.2.3 --- Fingerprinting --- p.17 / Chapter 3.3 --- Intrusion method --- p.17 / Chapter 3.3.1 --- DOS and DDOS --- p.17 / Chapter 3.3.2 --- Password cracking --- p.18 / Chapter 3.3.3 --- Buffer overflows --- p.19 / Chapter 3.3.4 --- Race Condition --- p.20 / Chapter 3.3.5 --- Session Hijacking --- p.20 / Chapter 3.3.6 --- Computer Virus --- p.21 / Chapter 3.3.7 --- Worms --- p.21 / Chapter 3.3.8 --- Trojan Horse --- p.22 / Chapter 3.3.9 --- Social Engineering --- p.22 / Chapter 3.3.10 --- Physical Attack --- p.23 / Chapter 3.4 --- After intrusion --- p.23 / Chapter 3.4.1 --- Covering Tracks --- p.23 / Chapter 3.4.2 --- Back-doors --- p.23 / Chapter 3.4.3 --- Rootkits --- p.23 / Chapter 3.5 --- Conclusion --- p.24 / Chapter 4 --- A Survey on Intrusion Detection System --- p.25 / Chapter 4.1 --- Introduction --- p.25 / Chapter 4.2 --- Information Source --- p.25 / Chapter 4.2.1 --- Host-based Source --- p.25 / Chapter 4.2.2 --- Network-based Source --- p.26 / Chapter 4.2.3 --- Out-of-band Source --- p.27 / Chapter 4.2.4 --- Data Fusion from multiple sources --- p.27 / Chapter 4.3 --- Detection Technology --- p.28 / Chapter 4.3.1 --- Intrusion signature --- p.28 / Chapter 4.3.2 --- Threshold Detection --- p.31 / Chapter 4.3.3 --- Statistical Analysis --- p.31 / Chapter 4.3.4 --- Neural Network --- p.32 / Chapter 4.3.5 --- Artificial Immune System --- p.33 / Chapter 4.3.6 --- Data Mining --- p.33 / Chapter 4.3.7 --- Traffic Analysis --- p.34 / Chapter 4.4 --- False Alarm Rate --- p.35 / Chapter 4.5 --- Response --- p.35 / Chapter 4.6 --- Difficulties in IDS --- p.36 / Chapter 4.6.1 --- Base Rate Fallacy --- p.36 / Chapter 4.6.2 --- Denial of Service Attack against IDS --- p.37 / Chapter 4.6.3 --- Insertion and Evasion attack against the Network-Based IDS . --- p.37 / Chapter 4.7 --- Conclusion --- p.38 / Chapter 5 --- Preemptive Distributed Intrusion Detection using Mobile Agents --- p.39 / Chapter 5.1 --- Introduction --- p.39 / Chapter 5.2 --- Architecture Design --- p.40 / Chapter 5.2.1 --- Overview --- p.40 / Chapter 5.2.2 --- Agents involved --- p.40 / Chapter 5.2.3 --- Clustering --- p.42 / Chapter 5.3 --- How it works --- p.44 / Chapter 5.3.1 --- Pseudo codes of operations --- p.48 / Chapter 5.4 --- Advantages --- p.49 / Chapter 5.5 --- Drawbacks & Possible Solutions --- p.49 / Chapter 5.6 --- Other Possible Mode of Operation --- p.50 / Chapter 5.7 --- Conclusion --- p.51 / Chapter 6 --- Conclusion --- p.52 / A Paper Derived from this Thesis --- p.54 / Bibliography --- p.55

Mobile agents (Computer software)

Computer security

Computer networks--Security measures

Secure execution of mobile agents on open networks using cooperative agents.

January 2002

Yu Chiu-Man. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2002. / Includes bibliographical references (leaves 93-96). / Abstracts in English and Chinese. / Abstract --- p.i / Acknowledgements --- p.ii / Chapter 1 --- Introduction --- p.1 / Chapter 1.1 --- Advantages of mobile agents --- p.2 / Chapter 1.2 --- Security --- p.3 / Chapter 1.3 --- Contributions --- p.3 / Chapter 1.4 --- Structure --- p.4 / Chapter 2 --- The Problem of Execution Tampering Attack --- p.5 / Chapter 2.1 --- Mobile agent execution model --- p.5 / Chapter 2.2 --- Tampering attack from malicious hosts --- p.5 / Chapter 2.3 --- Open network environment --- p.6 / Chapter 2.4 --- Conclusion --- p.6 / Chapter 3 --- Existing Approaches to Solve the Execution Tampering Prob- lem --- p.8 / Chapter 3.1 --- Introduction --- p.8 / Chapter 3.2 --- Trusted execution environment --- p.9 / Chapter 3.2.1 --- Closed system --- p.9 / Chapter 3.2.2 --- Trusted hardware --- p.9 / Chapter 3.3 --- Tamper-detection --- p.11 / Chapter 3.3.1 --- Execution tracing --- p.11 / Chapter 3.4 --- Tamper-prevention --- p.12 / Chapter 3.4.1 --- Blackbox security --- p.12 / Chapter 3.4.2 --- Time limited blackbox --- p.13 / Chapter 3.4.3 --- Agent mess-up --- p.15 / Chapter 3.4.4 --- Addition of noisy code --- p.15 / Chapter 3.4.5 --- Co-operating agents --- p.16 / Chapter 3.5 --- Conclusion --- p.17 / Chapter 4 --- Tamper-Detection Mechanism of Our Protocol --- p.18 / Chapter 4.1 --- Introduction --- p.18 / Chapter 4.2 --- Execution tracing --- p.18 / Chapter 4.3 --- Code obfuscation --- p.21 / Chapter 4.3.1 --- Resilience of obfuscating transformation --- p.22 / Chapter 4.4 --- Execution tracing with obfuscated program --- p.23 / Chapter 4.5 --- Conclusion --- p.27 / Chapter 5 --- A Flexible Tamper-Detection Protocol by Using Cooperating Agents --- p.28 / Chapter 5.1 --- Introduction --- p.28 / Chapter 5.1.1 --- Agent model --- p.29 / Chapter 5.1.2 --- Execution model --- p.30 / Chapter 5.1.3 --- System model --- p.30 / Chapter 5.1.4 --- Failure model --- p.30 / Chapter 5.2 --- The tamper-detection protocol --- p.30 / Chapter 5.3 --- Fault-tolerance policy --- p.38 / Chapter 5.4 --- Costs of the protocol --- p.38 / Chapter 5.5 --- Discussion --- p.40 / Chapter 5.6 --- Conclusion --- p.42 / Chapter 6 --- Verification of the Protocol by BAN Logic --- p.43 / Chapter 6.1 --- Introduction --- p.43 / Chapter 6.2 --- Modifications to BAN logic --- p.44 / Chapter 6.3 --- Term definitions --- p.45 / Chapter 6.4 --- Modeling of our tamper-detection protocol --- p.46 / Chapter 6.5 --- Goals --- p.47 / Chapter 6.6 --- Sub-goals --- p.48 / Chapter 6.7 --- Assumptions --- p.48 / Chapter 6.8 --- Verification --- p.49 / Chapter 6.9 --- Conclusion --- p.53 / Chapter 7 --- Experimental Results Related to the Protocol --- p.54 / Chapter 7.1 --- Introduction --- p.54 / Chapter 7.2 --- Experiment environment --- p.54 / Chapter 7.3 --- Experiment procedures --- p.55 / Chapter 7.4 --- Experiment implementation --- p.56 / Chapter 7.5 --- Experimental results --- p.61 / Chapter 7.6 --- Conclusion --- p.65 / Chapter 8 --- Extension to Solve the ´حFake Honest Host´ح Problem --- p.68 / Chapter 8.1 --- Introduction --- p.68 / Chapter 8.2 --- "The method to solve the ""fake honest host"" problem" --- p.69 / Chapter 8.2.1 --- Basic idea --- p.69 / Chapter 8.2.2 --- Description of the method --- p.69 / Chapter 8.3 --- Conclusion --- p.71 / Chapter 9 --- Performance Improvement by Program Slicing --- p.73 / Chapter 9.1 --- Introduction --- p.73 / Chapter 9.2 --- Deployment of program slicing --- p.73 / Chapter 9.3 --- Conclusion --- p.75 / Chapter 10 --- Increase Scalability by Supporting Multiple Mobile Agents --- p.76 / Chapter 10.1 --- Introduction --- p.76 / Chapter 10.2 --- Supporting multiple mobile agents --- p.76 / Chapter 10.3 --- Conclusion --- p.78 / Chapter 11 --- Deployment of Trust Relationship in the Protocol --- p.79 / Chapter 11.1 --- Introduction --- p.79 / Chapter 11.2 --- Deployment of trust relationship --- p.79 / Chapter 11.3 --- Conclusion --- p.82 / Chapter 12 --- Conclusions and Future Work --- p.83 / A Data of Experimental Results --- p.86 / Publication --- p.92 / Bibliography --- p.93

Mobile agents (Computer software)

Computer security

Computer networks--Security measures