MOFAC : model for fine grained access control

Von Solms, Johan Sebastiaan

11 September 2014

M.Sc. (Computer Science) / Computer security is a key component in any computer system. Traditionally computers were not connected to one another. This centralized configuration made the implementation of computer security a relatively easy task. The closed nature of the system limited the number of unknown factors that could cause security breaches. The users and their access rights were generally well defined and the system was protected from outside threats through simple, yet effective control measures. The evolution of network environments changed the computer environment and in effect also computer security. It became more difficult to implement protection measures because the nature of the environment changed from closed to open. New defenses had to be developed for security issues like unknown parameters, increased points of attack, unknown paths of information etc. Businesses and the general public today depend on network systems and no person can ignore these and other related security problems. The widespread publicity of attacks, and better customer awareness on security issues, created a need for new solutions for computer security. Security organisations, businesses and universities are addressing these problems through the development of security standards and security solutions.Today computer systems are becoming more "safe" through new products such as encryption and decryption algorithms, single-sign on password facilities, biometrics systems, smart cards, firewalls etc. Another important security consideration is Access Control. Access Control is responsible for controlling the actions of users to resources.

Computers - Access control

Computer security

ISAP - an information security awareness portal

Tolnai, Annette

27 May 2010

M.Sc. / The exponential growth of the Internet contributes to risks and threats which materialize without our knowledge. The more computer and Internet use becomes a part of our daily lives, the more we expose ourselves and our personal information on the World Wide Web and hence, the more opportunities arise for fraudsters to get hold of this information. Internet use can be associated with Internet banking, online shopping, online transactions, Internet Relay Chat, newsgroups, search engines, online blogs and e-mail. The source behind online activities carried on over the Internet may be different from what we are led to believe. Communication lines may be intercepted, compromising sensitive information of the user. It is a risk to make digital payments and reveal sensitive information about ourselves to an unknown source. If the risk materializes, it may result in undesired circumstances. Using the Internet securely should be a prerequisite to every user before conducting online transactions and activities over the World Wide Web. Owing to the versatility and ease of the electronic medium, electronic databases and vast amounts of sensitive information are readily accumulated. This is cause for concern regarding the main issues, namely privacy, identity theft and monetary fraud. Major countermeasures to mitigate the main forms of security and Internet-related issues are awareness of these risks and how they may materialize as well as relevant protection mechanisms. A discussion about why the Internet is a popular medium for criminal behaviour, what risks are involved, what can be done about them and some technical as well as non-technical preventative measures are covered in this dissertation. The purpose of this dissertation is to create an overall awareness of Internet banking and the process of Internet transactions. The end result is the development of an information security awareness portal (ISAP) aimed at the general public and potential Internet users who may be subject to identity and credit fraud. The aim of the ISAP is to sensitize users and minimize the growing numbers of individuals who are victimized through online crimes. Individuals using the Internet need to be aware of privacy concerns governing the Internet and how searchers are able to find out almost anything about them. The false sense of security and anonymity we as users think we have when innocently connecting to the World Wide Web outlines threats lurking in the background where we would never imagine. By the time you are finished reading this dissertation, it may put you off transacting and revealing sensitive information about yourself online ever again.

Computer security

Internet security measures

Adaptive homophonic coding techniques for enhanced e-commerce security

Kruger, David

01 September 2005

This dissertation considers a method to convert an ordinary cipher system, as used to secure e-commerce transactions, into an unconditionally secure cipher system, i.e. one that generates ciphertext that does not contain enough statistical information to break the cipher, irrespective of how much ciphertext is available. Shannon showed that this can be achieved by maximizing the entropy of the message sequence to be encrypted. This, in turn, achieved by means of homophonic coding. Homophonic coding substitutes characters in the message source with randomly chosen codewords. It offers the advantage that it enables protection against known- and chosen plaintext attacks on cipher algorithms since source statistics are randomly changed before encryption. The disadvantage of homophonic substitution is that it will in general increase the length of the message sequence. To compensate for this, homophonic coding is combined with the data compression algorithm known as arithmetic coding. It is shown that the arithmetic coding algorithm can be adapted to perform homophonic coding by dyadically decomposing the character probabilities in its probability estimation phase. By doing this, a faster version of arithmetic coding, known as shift-and-add arithmetic coding can be implemented. A new method of statistical modelling, based on an Infinite Impulse Response filtering method is presented. A method to adapt the well-known Lempel-Ziv- Welch compression algorithm to perform homophonic coding is also presented. The procedure involves a bit-wise exclusive-or randomization operation during encoding. The results show that the adapted algorithms do indeed increase the entropy of the source sequences by no more than 2 bits/symbol, and even offers compression in some cases. / Dissertation (MEng (Data Security))--University of Pretoria, 2006. / Electrical, Electronic and Computer Engineering / unrestricted

Computer security

Electronic commerce

UCTD

A framework for information security management in local government

De Lange, Joshua

January 2017

Information has become so pervasive within enterprises and everyday life, that it is almost indispensable. This is clear as information has become core to the business operations of any enterprise. Information and communication technology (ICT) systems are heavily relied upon to store, process and transmit this valuable commodity. Due to its immense value, information and related ICT resources have to be adequately protected. This protection of information is commonly referred to as information security.

Computer security -- Management

Data protection

Introducing hippocratic log files for personal privacy control

Rutherford, Andrew

January 2005

The rapid growth of the Internet has served to intensify existing privacy concerns of the individual, to the point that privacy is the number one concern amongst Internet users today. Tools exist that can provide users with a choice of anonymity or pseudonymity. However, many Web transactions require the release of personally identifying information, thus rendering such tools infeasible in many instances. Since it is then a given that users are often required to release personal information, which could be recorded, it follows that they require a greater degree of control over the information they release. Hippocratic databases, designed by Agrawal, Kiernan, Srikant, and Xu (2002), aim to give users greater control over information stored in a data- base. Their design was inspired by the medical Hippocratic oath, and makes data privacy protection a fundamental responsibility of the database itself. To achieve the privacy of data, Hippocratic databases are governed by 10 key privacy principles. This dissertation argues, that asides from a few challenges, the 10 prin- ciples of Hippocratic databases can be applied to log ¯les. This argument is supported by presenting a high-level functional view of a Hippocratic log file architecture. This architecture focuses on issues that highlight the con- trol users gain over their personal information that is collected in log files. By presenting a layered view of the aforementioned architecture, it was, fur- thermore, possible to provide greater insight into the major processes that would be at work in a Hippocratic log file implementation. An exploratory prototype served to understand and demonstrate certain of the architectural components of Hippocratic log files. This dissertation, thus, makes a contribution to the ideal of providing users with greater control over their personal information, by proposing the use of Hippocratic logfiles.

Computer security

Internet -- Security measures

'n Gerekenariseerde bestuurshulpmiddel vir 'n hoofraamtoegangsbeheerstelsel

Pottas, Dalenca

18 February 2014

M.Sc. (Computer Science) / Please refer to full text to view abstract

Computer security

Computers - Access control

Empirical Measurement of Defense in Depth

Boggs, Nathaniel

January 2015

Measurement is a vital tool for organizations attempting to increase, evaluate, or simply maintain their overall security posture over time. Organizations rely on defense in depth, which is a layering of multiple defenses, in order to strengthen overall security. Measuring organizations' total security requires evaluating individual security controls such as firewalls, antivirus, or intrusion detection systems alone as well as their joint effectiveness when deployed together in defense in depth. Currently, organizations must rely on best practices rooted in ad hoc expert opinion, reports on individual product performance, and marketing hype to make their choices. When attempting to measure the total security provided by a defense in depth architecture, dependencies between security controls compound the already difficult task of measuring a single security control accurately. We take two complementary approaches to address this challenge of measuring the total security provided by defense in depth deployments. In our first approach, we use direct measurement where for some set of attacks, we compute a total detection rate for a set of security controls deployed in defense in depth. In order to compare security controls operating on different types of data, we link together all data generated from each particular attack and track the specific attacks detected by each security control. We implement our approach for both the drive-by download and web application attack vectors across four separate layers each. We created an extensible automated framework for web application data generation using public sources of English text. For our second approach, we measure the total adversary cost that is the total effort, resources, and time required to evade security controls deployed in defense in depth. Dependencies between security controls prevent us from simply summing the adversary cost to evade individual security controls in order to compute a total adversary cost. We create a methodology that accounts for these dependencies especially focusing on multiplicative relationships where the adversary cost of evading two security controls together is more than the sum of the adversary costs to evade each individually. Using the insight gained into the multiplicative dependency, we design a method for creating sets of multiplicative security controls. Additionally, we create a prototype to demonstrate our methodology for empirically measuring total adversary cost using attack tree visualizations and a database design capable of representing dependent relationships between security controls.

Firewalls (Computer security)

Virus inhibitors

Computer security

Computer science

Security risk prioritization for logical attack graphs

Almohri, Hussain

January 1900

Master of Science / Department of Computing and Information Sciences / William H. Hsu / Xinming (Simon) Ou / To prevent large networks from potential security threats, network administrators need to know in advance what components of their networks are under high security risk. One way to obtain this knowledge is via attack graphs. Various types of attack graphs based on miscellaneous techniques has been proposed. However, attack graphs can only make assertion about different paths that an attacker can take to compromise the network. This information is just half the solution in securing a particular network. Network administrators need to analyze an attack graph to be able to identify the associated risk. Provided that attack graphs can get very large in size, it would be very difficult for them to perform the task. In this thesis, I provide a security risk prioritization algorithm to rank logical attack graphs produced by MulVAL (A vulnerability analysis system) . My proposed method (called StepRank) is based on a previously published algorithm called AssetRank that generalizes over Google's PageRank algorithm. StepRank considers a forward attack graph that is a reversed version of the original MulVAL attack graph used by AssetRank. The result of the ranking algorithm is a rank value for each node that is relative to every other rank value and shows how difficult it is for an attacker to satisfy a node.

Computer Security

Network Security

Computer Science (0984)

An anonymity scheme for file retrieval systems

Tang, Wai-hung, 鄧偉雄

January 2008

published_or_final_version / Computer Science / Master / Master of Philosophy

Cryptography.

Computer networks - Access control.

Computer security.

A smart card based authentication system for peer and group model

Chan, Tak-fai, Dan., 陳德辉.

January 2008

published_or_final_version / Computer Science / Master / Master of Philosophy

Smart cards.