"The future is open" for composition studies a new intellectual property model in the digital age /

Lowe, Charles. Fenstermaker, John J.

January 1900

Thesis (Ph. D.)--Florida State University, 2006. / Advisor: John Fenstermaker, Florida State University, College of Arts and Sciences, Dept. of English. Title and description from dissertation home page (viewed Sept. 18, 2006). Document formatted into pages; contains vi, 144 pages. Includes bibliographical references.

Health Insurance Portability and Accountability Act (HIPAA)-compliant privacy access control model for Web services /

Cheng, Sin Ying.

January 2006

Thesis (M.Phil.)--Hong Kong University of Science and Technology, 2006. / Includes bibliographical references (leaves 96-100). Also available in electronic version.

Secure management of networked storage services models and techniques /

Singh, Aameek.

January 2007

Thesis (Ph. D.)--Computing, Georgia Institute of Technology, 2008. / Liu, Ling, Committee Chair ; Aberer, Karl, Committee Member ; Ahamad, Mustaque, Committee Member ; Blough, Douglas, Committee Member ; Pu, Calton, Committee Member ; Voruganti, Kaladhar, Committee Member.

Data Protection over Cloud

January 2016

abstract: Data protection has long been a point of contention and a vastly researched field. With the advent of technology and advances in Internet technologies, securing data has become much more challenging these days. Cloud services have become very popular. Given the ease of access and availability of the systems, it is not easy to not use cloud to store data. This however, pose a significant risk to data security as more of your data is available to a third party. Given the easy transmission and almost infinite storage of data, securing one's sensitive information has become a major challenge. Cloud service providers may not be trusted completely with your data. It is not very uncommon to snoop over the data for finding interesting patterns to generate ad revenue or divulge your information to a third party, e.g. government and law enforcing agencies. For enterprises who use cloud service, it pose a risk for their intellectual property and business secrets. With more and more employees using cloud for their day to day work, business now face a risk of losing or leaking out information. In this thesis, I have focused on ways to protect data and information over cloud- a third party not authorized to use your data, all this while still utilizing cloud services for transfer and availability of data. This research proposes an alternative to an on-premise secure infrastructure giving exibility to user for protecting the data and control over it. The project uses cryptography to protect data and create a secure architecture for secret key migration in order to decrypt the data securely for the intended recipient. It utilizes Intel's technology which gives it an added advantage over other existing solutions. / Dissertation/Thesis / Masters Thesis Computer Science 2016

Computer science

Cloud Computing

Data Protection

Software Security

Trusted Computing

The conflict of interest between data sharing and data privacy : a middleware approach

Molema, Karabo Omphile

January 2016

Thesis (MTech (Information Technology))--Cape Peninsula University of Technology, 2016. / People who are referred to as data owners in this study, use the Internet for various purposes and one of those is using online services like Gmail, Facebook, Twitter and so on. These online services are offered by organizations which are referred to as data controllers. When data owners use these service provided by data controllers they usually have to agree to the terms and conditions which gives data controllers indemnity against any privacy issues that may be raised by the data owner. Data controllers are then free to share that data with any other organizations, referred to as third parties. Though data controllers are protected from lawsuits it does not necessarily mean they are free of any act that may be considered a privacy violation by the data owner. This thesis aims to arrive at a design proposition using the design science research paradigm for a middleware extension, specifically focused on the Tomcat server which is a servlet engine running on the JVM. The design proposition proposes a client side annotation based API to be used by developers to specify classes which will carry data outside the scope of the data controller's system to a third party system, the specified classes will then have code weaved in that will communicate with a Privacy Engine component that will determine based on data owner's preferences if their data should be shared or not. The output of this study is a privacy enhancing platform that comprises of three components the client side annotation based API used by developers, an extension to Tomcat and finally a Privacy Engine.

Computer security

Data protection

Computer networks -- Security measures

Privacy, Right of

Analise de seleção de parametros em criptografia baseada em curvas elipticas / Parameter selection analysis on elliptic curve cryptography

Silva, Rosemberg André da, 1969-

28 July 2006

Orientador: Ricardo Dahab / Dissertação (mestrado profissional) - Universidade Estadual de Campinas, Instituto de Computação / Made available in DSpace on 2018-08-11T02:09:49Z (GMT). No. of bitstreams: 1 Silva_RosembergAndreda_M.pdf: 824860 bytes, checksum: 48ed40bc241415f1692ca283d3e1f65b (MD5) Previous issue date: 2006 / Resumo: A escolha dos parâmetros sobre os quais uma dada implementação de Criptografia sobre Curvas Elípticas baseia-se tem influência direta sobre o desempenho das operações associadas bem como sobre seu grau de segurança. Este trabalho visa analisar a forma como os padrões mais usados na atulalidade lidam com este processo de seleção, mostrando as implicações que tais escolhas acarretam / Abstract: The choice of parameters associated with a given implementation of ECC (Elliptic Curve Cryptography) has direct impact on its performance and security leveI. This dissertation aims to compare the most common standards used now-a-days, taking into account their selection criteria and their implications on performance and security / Mestrado / Engenharia de Software / Mestre em Ciência da Computação

Criptografia

Curvas elípticas

Proteção de dados

Cryptography

Elliptic curves

Data protection

Information security in the client/server environment

Botha, Reinhardt A

23 August 2012

M.Sc. (Computer Science) / Client/Server computing is currently one of the buzzwords in the computer industry. The client/server environment can be defined as an open systems environment. This openness of the client/server environment makes it a very popular environment to operate in. As information are exceedingly accessed in a client/server manner certain security issues arise. In order to address this definite need for a secure client/server environment it is necessary to firstly define the client/server environment. This is accomplished through defining three possible ways to partition programs within the client/server environment. Security, or secure systems, have a different meaning for different people. This dissertation defines six attributes of information that should be maintained in order to have secure information. For certain environments some of these attributes may be unnecessary or of lesser importance. Different security techniques and measures are discussed and classified in terms of the client/server partitions and the security attributes that are maintained by them. This is presented in the form of a matrix and provides an easy reference to decide on security measures in the client/server environment in order to protect a specific aspect of the information. The importance of a security policy and more specifically the influence of the client/server environment on such a policy are discussed and it is demonstrated that the framework can assist in drawing up a security policy for a client/server environment. This dissertation furthermore defines an electronic document .management system as a case study. It is shown that the client/server environment is a suitable environment for such a system. The security needs and problems are identified and classified in terms of the security attributes. Solutions to the problems are discussed in order to provide a reasonably secure electronic document management system environment.

Client/server computing

Data protection

Computers - Access control

A model for a secure fully wireless telemedicine system

Ngoss, Ngue Baha Djob

07 July 2008

New wireless communication technology standards are being released every year. Wireless technologies merely differ from one another by their range and speed and can each be selected according to the type of application in use. Mobility and ubiquity are the main benefits that can be extracted by using those technologies. On the other hand, telemedicine is the use of communication technologies to provide medical care and thus avoid the usual face-to-face, physician-to-patient scenario. With telemedicine, a physician can treat a patient located at a remote site. Early telemedicine systems used technologies that were available at the time, such as the telephone. Integrating wireless technologies into telemedicine systems would surely provide a huge boost to the improvement of the delivery of healthcare. However, telemedicine and wireless technologies are both emerging scientific concepts. Scientific concepts always have to face challenges prior to popularisation. The more important barriers to the adoption of wireless telemedicine are security and privacy. Medical practitioners are doing their best to preserve the privacy of their patients. Disclosure of patients’ health information may lead to severe legal sanctions. Security flaws in a wireless telemedicine system would lead to privacy breaches. Patient privacy, which physicians have tried so hard to protect, would consequently be out of their control. This dissertation will achieve two goals. The first goal is to show how different wireless technologies could be integrated into telemedicine to provide different applications. The second goal is to design a fully wireless telemedicine system where the information of patients will flow securely. The model described in this dissertation shows a possible wireless telemedicine scenario using different types of wireless technologies. The model also proposes a solution to allow the secure flow of medical information in order to protect the privacy of patients. / Dr. E. Marais

Wireless telecommunication systems

Telecommunication in medicine

Computer security

Data protection

'n Bestuurshulpmiddel vir die evaluering van 'n maatskappy se rekenaarsekerheidsgraad

Von Solms, Rossouw

13 May 2014

M.Sc. (Informatics) / Information is power. Any organization must secure and protect its entire information assets. Management is responsible for the well-being of the organization and consequently for computer security. Management must become and stay involved with the computer security situation of the organization, because the existence of any organization depends on an effective information system. One way in which management can stay continually involved and committed with the computer security situation of the organization, is by -, the periodic evaluation of computer security. The results from this evaluation process can initiate appropriate actions to increase computer security in areas needed. For effective management involvement, a tool is needed to aid management in monitoring the status of implementing computer security on a regular basis. The main objective of this dissertation is to develop such a management tool. Basically the thesis consists of three parts, namely framework for effective computer security evaluation, the definition of the criteria to be included in the tool and lastly, the tool itself. The framework (chapters 1 to 6) defines the basis on which the tool (chapters 7 to 9) is built, e.g. that computer security controls need to be cost-effective and should aid the organization in accomplishing its objectives. The framework is based on a two dimensional graph: firstly, tho various risk areas in which computer security should be applied and secondly, the severity of controls in each of these areas. The tool identifies numerous risk areas critical to the security of the computer and its environment. Each of these risk areas need to be evaluated to find out how well it is secured. From these results an overall computer security situation is pictured. The tool is presented as a spreadsheet, containing a number of questions. The built -in formulae in the spreadsheet perform calculations resulting in an appreciation of the computer security situation. The results of the security evaluation can be used by management to take appropriate actions regarding the computer security situation.

Data protection

Computer security

Enforcing Privacy on the Internet.

Lategan, Frans Adriaan

02 June 2008

Privacy of information is becoming more and more important as we start trusting unknown computers, servers and organisations with more and more of our personal information. We distribute our private information on an ever-increasing number of computers daily, and we effectively give target organisations carte blanche to do what they want with our private information once they have collected it. We have only their privacy policy as a possible safeguard against misuse of our private information. Thus far, no reliable and practical method to enforce privacy has been discovered. In this thesis we look at ways to enforce the privacy of information. In order to do this, we first present a classification of private information based on the purpose it is acquired for. This will then enable us to tailor protection methods in such a way that the purpose the information is acquired for can still be fulfilled. We propose three distinct methods to protect such information. The first method, that of nondisclosure, is where private information is required not for the contents, but as input to verify calculations. We shall present an encryption method to protect private information where the private information consists of a set of numeric values S on which some function G has to be applied and the result = G(S) has to be supplied to a target organisation. The calculation of the result must be verifiable by the target organisation, without disclosing S. The second method, that of retaining control is a method by which we can grant limited access to our private information, and thus enforce the terms of privacy policies. The final method we present is a conceptual method to extend P3P in order to add more flexibility to the decision on whether or not a given item of private information will be supplied to a target organisation by using the Chinese Wall security policy. This will enable a user to not only define rules as to which items of private information he would disclose, but also to define what collection of private information any given organisation would be able to build about him. / Olivier, M.S., Prof.

internet

internet security

computer security

data protection

right of privacy