The role of security and its antecedents in e-government adoption

Alharbi, Nawaf Sulaiman S.

January 2016

The use of e-government has increased in recent years, and many countries now use it to provide high quality services to their citizens. As user acceptance is crucial for the success of any IT project, a number of studies have investigated the user acceptance of e-government via the use of adoption models, such as the Unified Theory of Acceptance and Use of Technology (UTAUT) model. However, these models do not pay sufficient attention to security. The lack of security is one of the key issues associated with the adoption of e-government. Thus, this study aims at investigating the role of security in the behaviour intention for using e-government services. In addition, this study seeks to determine the factors influencing end users’ perceptions in e-government security. Therefore, in mind of achieving the aim, the research followed a mixed-methods approach, which divided the research into two phases. The first phase is a qualitative study aiming at exploring the factors influencing end users’ perceptions in e-government security. The second phase is a quantitative study aiming at identifying the role of security and its antecedences in the behaviour intention for using e-government services. To achieve this goal, a research model was developed by integrating trust, security and privacy with the UTAUT2 and tested via Structural Equation Modelling (SEM). The findings show that user interface quality, security culture and cyber-security law positively affect security perception. These factors explain 54% of security perception variance and strongly influence trust in e-government services. The findings also show that trust is ranked as the third most critical factor affecting behaviour intention after performance expectance and habit. The results make a significant contribution to academic research as this research is the first that investigated the factors that influence the security perception in e-government services. This will provide opportunities for further research to investigate further contributing factors and validate the security antecedences explored in this study. This research has practical implications regarding understanding the role of security in e-government adoption and the factors affecting end users’ perceptions of e-government security. This will help the decision makers in government to increase users’ trust in e-government by focusing more on these factors.

352.3

Protecting the physical layer: threats and countermeasures to communication system and smart power grid. / CUHK electronic theses & dissertations collection

January 2013

Bi, Suzhi. / Thesis (Ph.D.)--Chinese University of Hong Kong, 2013. / Includes bibliographical references (leaves 113-119). / Electronic reproduction. Hong Kong : Chinese University of Hong Kong, [2012] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Abstract also in Chinese.

Computer networks--Security measures

Authenticated 2D barcode: design, implementation and applications. / CUHK electronic theses & dissertations collection

January 2013

Li, Chak Man. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2013. / Includes bibliographical references (leaves 150-159). / Electronic reproduction. Hong Kong : Chinese University of Hong Kong, [2012] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Abstracts also in Chinese.

QR codes--Security measures

Bar coding--Security measures

Mobile computing

Regional security in the Middle East : a critical security studies perspective

Bilgin, Hatice Pinar

January 2000

This is a study of regional security in the Middle East from a Critical Security Studies perspective. The main aim of the thesis is to provide an account of the pasts, presents and futures of regional security in the Middle East cognisant of the relationships between the three in one's thinking as well as practices. This is achieved through the threefold structure of the thesis, which looks at Cold War pasts (Part I), post-Cold War presents (Part II) and possible futures (Part III). The thesis also has a set of more specific aims. First, it aims to present a critique of prevailing security discourses in theory and practice with reference to regional security in the Middle East and point to unfulfilled potential immanent in regional politics. Second, the thesis aims to explore the mutually constitutive relationship between (inventing) regions and theories and practices of security. And finally, it aims to show how Critical Security Studies might allow one to think differently about the futures of regional security in the Middle East. The overall thesis is that the Critical Security Studies perspective presents a fuller account of regional security in the Middle East; it offers a comprehensive framework recognising the dynamic relationships between various dimensions and levels of security, as voiced by multiple referents.

327.170956

Software-defined Networking: Improving Security for Enterprise and Home Networks

Taylor, Curtis Robin

24 April 2017

In enterprise networks, all aspects of the network, such as placement of security devices and performance, must be carefully considered. Even with forethought, networks operators are ultimately unaware of intra-subnet traffic. The inability to monitor intra-subnet traffic leads to blind spots in the network where compromised hosts have unfettered access to the network for spreading and reconnaissance. While network security middleboxes help to address compromises, they are limited in only seeing a subset of all network traffic that traverses routed infrastructure, which is where middleboxes are frequently deployed. Furthermore, traditional middleboxes are inherently limited to network-level information when making security decisions. Software-defined networking (SDN) is a networking paradigm that allows logically centralized control of network switches and routers. SDN can help address visibility concerns while providing the benefits of a centralized network control platform, but traditional switch-based SDN leads to concerns of scalability and is ultimately limited in that only network-level information is available to the controller. This dissertation addresses these SDN limitations in the enterprise by pushing the SDN functionality to the end-hosts. In doing so, we address scalability concerns and provide network operators with better situational awareness by incorporating system-level and graphical user interface (GUI) context into network information handled by the controller. By incorporating host-context, our approach shows a modest 16% reduction in flows that can be processed each second compared to switch-based SDN. In comparison to enterprise networks, residential networks are much more constrained. Residential networks are limited in that the operators typically lack the experience necessary to properly secure the network. As a result, devices on home networks are sometimes compromised and, unbeknownst to the home user, perform nefarious acts such as distributed denial of services (DDoS) attacks on the Internet. Even with operator expertise in residential networks, the network infrastructure is limited to a resource-constrained router that is not extensible. Fortunately, SDN has the potential to increase security and network control in residential networks by outsourcing functionality to the cloud where third-party experts can provide proper support. In residential networks, this dissertation uses SDN along with cloud-based resources to introduce enterprise-grade network security solutions where previously infeasible. As part of our residential efforts, we build and evaluate device-agnostic security solutions that are able to better protect the increasing number of Internet of Things (IoT) devices. Our work also shows that the performance of outsourcing residential network control to the cloud is feasible for up to 90% of home networks in the United States.

software-defined networking

security

network security

enterprise networking

residential networking

Toward Usable Access Control for End-users: A Case Study of Facebook Privacy Settings

Johnson, Maritza Lupe

January 2012

Many protection mechanisms in computer security are designed to enforce a configurable policy. The security policy captures high-level goals and intentions, and is managed by a policy author tasked with translating these goals into an implementable policy. In our work, we focus on access control policies where errors in the specified policy can result in the mechanism incorrectly denying a request to access a resource, or incorrectly allowing access to a resource that they should not have access to. Due to the need for correct policies, it is critical that organizations and individuals have usable tools to manage security policies. Policy management encompasses several subtasks including specifying the initial security policy, modifying an existing policy, and comprehending the effective policy. The policy author must understand the configurable options well enough to accurately translate the desired policy into the implemented policy. Specifying correct security policies is known to be a difficult task, and prior work has contributed policy authoring tools that are more usable than the prior art and other work has also shown the importance of the policy author being able to quickly understand the effective policy. Specifying a correct policy is difficult enough for technical users, and now, increasingly, end-users are being asked to make access control decisions in regard to who can access their personal data. We focus on the need for an access control mechanism that is usable for end-users. We investigated end-users who are already managing an access control policy, namely social network site (SNS) users. We first looked at how they manage the access control policy that defines who can access their shared content. We accomplish this by empirically evaluating how Facebook users utilize the available privacy controls to implement an access control policy for their shared content and found that many users have policies are inconsistent with their sharing intentions. Upon discovering that many participants claim they will not take corrective action in response to inconsistencies in their existing settings, we collected quantitative and qualitative data to measure whether SNS users are concerned with the accessibility of their shared content. After confirming that users do in fact care about who accesses their content, we hypothesize that we can increase the correctness of users' SNS privacy settings by introducing contextual information and specific guidance based on their preferences. We found that the combination of viewership feedback, a sequence of direct questions to audit the user's sharing preferences, and specific guidance motivates some users to modify their privacy settings to more closely approximate their desired settings. Our results demonstrate the weaknesses of ACL-based access control mechanisms, and also provide support that it is possible to improve the usability of such mechanisms. We conclude by outlining the implications of our results for the design of a usable access control mechanism for end-users.

Computer science

Computer security

Computer security--Management

Facebook (Electronic resource)

Combining Programs to Enhance Security Software

Kang, Yuan Jochen

January 2018

Automatic threats require automatic solutions, which become automatic threats themselves. When software grows in functionality, it grows in complexity, and in the number of bugs. To keep track of and counter all of the possible ways that a malicious party can exploit these bugs, we need security software. Such software helps human developers identify and remove bugs, or system administrators detect attempted attacks. But like any other software, and likely more so, security software itself can have blind spots or flaws. In the best case, it stops working, and becomes ineffective. In the worst case, the security software has privileged access to the system it is supposed to protect, and the attacker can hijack those privileges for its own purposes. So we will need external programs to compensate for their weaknesses. At the same time, we need to minimize the additional attack surface and development time due to creating new solutions. To address both points, this thesis will explore how to combine multiple programs to overcome a number of weaknesses in individual security software: (1) When login authentication and physical protections of a smart phone fail, fake, decoy applications detect unauthorized usage and draw the attacker away from truly sensitive applications; (2) when a fuzzer, an automatic software testing tool, requires a diverse set of initial test inputs, manipulating the tools that a human uses to generate these inputs multiplies the generated inputs; (3) when the software responsible for detecting attacks, known as an intrusion detection system, itself needs protection against attacks, a simplified state machine tracks the software's interaction with the underlying platform, without the complexity and risks of a fully functional intrusion detection system; (4) when intrusion detection systems run on multiple, independent machines, a graph-theoretic framework drives the design for how the machines cooperatively monitor each other, forcing the attacker to not only perform more work, but also do so faster. Instead of introducing new, stand-alone security software, the above solutions only require a fixed number of new tools that rely on a diverse selection of programs that already exist. Nor do any of the programs, old or new, require additional privileges that the old programs did not have before. In other words, we multiply the power of security software without multiplying their risks.

Computer science

Computer security

Computer security--Computer programs

Regions Security Policy (RSP) : applying regions to network security / RSP : applying regions to network security

Baratz, Joshua W. (Joshua William), 1981-

January 2004

Thesis (M. Eng. and S.B.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2004. / Includes bibliographical references (p. 51-54). / The Regions network architecture is a new look at network organization that groups nodes into regions based on common purposes. This shift from strict network topology groupings of nodes requires a change in security systems. This thesis designs and implements the Regions Security Policy (RSP). RSP allows a unified security policy to be set across a region, fully controlling data as it enters into, exits from, and transits within a region. In doing so, it brings together several existing security solutions so as to provide security comparable to existing systems that is more likely to function correctly. / by Joshua W. Baratz. / M.Eng.and S.B.

Computer networks Security measures

Computer security

Collaborative cyber security situational awareness

Almualla, Mohammed Humaid

January 2017

Situational awareness is often understood as the perception of environmental elements and comprehension of their meaning, and the projection of future status. The advancements in cyberspace technology have fuelled new business and opportunities, but also brought an element of risk to valued assets. Today, the growing gap between different types of cyber-attacks threatens governments and organisations, from individuals to highly organized sponsored teams capable of breaching the most sophisticated systems and the inability to cope with these emerging threats. There is a strong case to be made for effective Collaborative Cyber-Security Situational Awareness (CCSA) that is designed to protect valuable assets, making them more resilient to cybersecurity threats. Cybersecurity experts today must rethink the nature of security, and shift from a conventional approach that stresses protecting vulnerable assets to a larger, more effective framework with the aim of strengthening cyber assets, making them more resilient and part of a cybersecurity process that delivers greater value against cyber threats. This study introduces a new approach to understanding situational awareness of information sharing and collaboration using knowledge from existing situational awareness models. However, current situational awareness models lack resilience in supporting information systems infrastructure, addressing various vulnerabilities, identifying high priority threats and selecting mitigation techniques for cyber threats. The use of exploratory and explanatory analysis techniques executed by Structure Equation Modelling (SEM) allowed the examination of CCSA, in this study. Data from 377 cyber security practitioners affiliated to cybersecurity expert groups including computer emergency response team (CERT) and computer security incident response team (CSIRT) was gathered in the form of an electronic survey and analysed to discover insights and understand the mental model of those cybersecurity experts. Also, a finding from the SEM was the CSSA model aligned perfectly with the second-order Cybernetics model to test the theory in practice, confirming the possibility of using the proposed model in a practical application for this research. Furthermore, the SEM informed the design of the CCSA Environment where an empirical study was employed to verify and validate the CCSA theory in practice. In addition, the SEM informed the design of a behavioural anchor rating scale to measure participant situational awareness performance. The experiment results proved that when using the CCSA model and replicating real-world cyber-attack scenarios that the outcome of situational awareness performance was 61% more than those who did not employ the use of the CCSA model and associated dashboard tool. Further, it was found that both timeliness and accuracy are important in influencing the outcome of information sharing and collaboration in enhancing cyber situational awareness and decision-making. This thesis for the first time presents a novel CCSA theory which has been confirmed in practice. Firstly, this research work improves the outcome of effectiveness in cyber SA by identifying important variables related with the CCSA model. Second, it provides a new technique to measure operators' cyber SA performance. Secondly, it provides the necessary steps to employ information sharing in order to improve cyber security incorporated in the CCSA model. Finally, cybersecurity experts should collaborate to identify and close the gap between cybersecurity threats and execution capacity. The novel CCSA model validated in this research can be considered an effective solution in fighting and preventing cyber-attacks. Attainment of cyber security is driven by how information is both secured and presented between members to encourage the use of information sharing and collaboration to resolve cyber security threats in a timely and accurate manner. This research helps researchers and practitioners alike gain an understanding of key aspects of information sharing and collaboration in CSSA which is informed by the CCSA theory and new capability that the implementation of this theory has shown to deliver in practice.

Machine learning algorithms for the analysis and detection of network attacks

Unknown Date

The Internet and computer networks have become an important part of our organizations and everyday life. With the increase in our dependence on computers and communication networks, malicious activities have become increasingly prevalent. Network attacks are an important problem in today’s communication environments. The network traffic must be monitored and analyzed to detect malicious activities and attacks to ensure reliable functionality of the networks and security of users’ information. Recently, machine learning techniques have been applied toward the detection of network attacks. Machine learning models are able to extract similarities and patterns in the network traffic. Unlike signature based methods, there is no need for manual analyses to extract attack patterns. Applying machine learning algorithms can automatically build predictive models for the detection of network attacks. This dissertation reports an empirical analysis of the usage of machine learning methods for the detection of network attacks. For this purpose, we study the detection of three common attacks in computer networks: SSH brute force, Man In The Middle (MITM) and application layer Distributed Denial of Service (DDoS) attacks. Using outdated and non-representative benchmark data, such as the DARPA dataset, in the intrusion detection domain, has caused a practical gap between building detection models and their actual deployment in a real computer network. To alleviate this limitation, we collect representative network data from a real production network for each attack type. Our analysis of each attack includes a detailed study of the usage of machine learning methods for its detection. This includes the motivation behind the proposed machine learning based detection approach, the data collection process, feature engineering, building predictive models and evaluating their performance. We also investigate the application of feature selection in building detection models for network attacks. Overall, this dissertation presents a thorough analysis on how machine learning techniques can be used to detect network attacks. We not only study a broad range of network attacks, but also study the application of different machine learning methods including classification, anomaly detection and feature selection for their detection at the host level and the network level. / Includes bibliography. / Dissertation (Ph.D.)--Florida Atlantic University, 2017. / FAU Electronic Theses and Dissertations Collection

Machine learning.

Computer security.

Data protection.

Computer networks--Security measures.