Perceptions of employees regarding the utilization of the in-house employee assistance programme model in the North West department of education

Chabeli, Teboho Nicolaas

16 October 2007

This research is aimed at investigating the perceptions of employees regarding the utilization of the in-house Employee Assistance Programme mode in the North West Department of Education. The objectives of the study were: 1. To define EAP and describe its different models through literature review; 2. To determine the extent to which employees are aware of the in-house EAP service; 3. To determine the perceptions of the employees regarding the in-house EAP model; 4. To formulate the functioning of the in-house model; and 5. To provide conclusions and recommendations. RESULTS/FINDINGS From the information gathered, the employees’ perceptions regarding the use of in-house EAP model is negative. RECOMMENDATIONS The researcher proposes the following recommendations: Management support Senior managers must support the programme and take it as one of those programmes that, when properly utilized, will assist the employer to attain its strategic goal. Marketing the programme An extensive marketing strategy has to be put in place and implemented. This must, among other things, outline the rationale, advantages, and disadvantages of the programme in general as well as an in-house EAP model in particular. This could as well motivate the reason why an in-house EAP model is a viable option for the Department. / Dissertation (M.Soc.Sci (Employee Assistance Programme))--University of Pretoria, 2007. / Social Work and Criminology / MSocSci / unrestricted

Employee assistance programme

Senior management

Accessibility

In-house eap model

Work performance

Confidentiality

Employees

Employee assistance practitioner

UCTD

Integrity, authentication and confidentiality in public-key cryptography / Intégrité, authentification et confidentialité en cryptographie à clé publique

Ferradi, Houda

22 September 2016

Cette thèse présente des résultats appartenant aux trois thèmes fondamentaux de la cryptographie à clé publique : l’intégrité, l’authentification et la confidentialité. Au sein de chaque thème nous concevons des nouvelles primitives et améliorons des primitives existantes. Le premier chapitre, dédié à l’intégrité, introduit une preuve non-interactive de génération appropriée de clés publiques RSA et un protocole de co-signature dans lequel tout irrespect de l’équité laisse automatiquement la partie lésée en possession d’une preuve de culpabilité incriminant la partie tricheuse. Le second chapitre, ayant pour sujet l’authentification, montre comme une mesure de temps permet de raccourcir les engagements dans des preuves à divulgation nulle et comment des biais, introduits à dessin dans le défi, permettent d’accroitre l’efficacité de protocoles. Ce chapitre généralise également le protocole de Fiat-Shamir à plusieurs prouveurs et décrit une fraude très sophistiquée de cartes-à-puce illustrant les dangers de protocoles d’authentification mal-conçus. Au troisième chapitre nous nous intéressons à la confidentialité. Nous y proposons un cryptosystème à clé publique où les hypothèses de complexité traditionnelles sont remplacées par un raffinement du concept de CAPTCHA et nous explorons l’application du chiffrement-pot-de-miel au langage naturel. Nos dernières contributions concernent le chiffrement basé sur l’identité (IBE). Nous montrerons comment ajouter des fonctions d’émission à l’IBE hiérarchique et comment l’IBE permet de réduire la fenêtre temporelle de risque lors de la diffusion de mises à jour logicielles. / This thesis presents new results in three fundamental areas of public-key cryptography: integrity, authentication and confidentiality. In each case we design new primitives or improve the features of existing ones. The first chapter, dealing with integrity, introduces a non-interactive proof for proper RSA public key generation and a contract co-signature protocol in which a breach in fairness provides the victim with transferable evidence against the cheater. The second chapter, focusing on authentication, shows how to use time measurements to shorten zeroknowledge commitments and how to exploit bias in zero-knowledge challenges to gain efficiency. This chapter also generalizes Fiat-Shamir into a one-to-many protocol and describes a very sophisticated smart card fraud illustrating what can happen when authentication protocols are wrongly designed. The third chapter is devoted to confidentiality. We propose public-key cryptosystems where traditional hardness assumptions are replaced by refinements of the CAPTCHA concept and explore the adaptation of honey encryption to natural language messages. Our final contributions focus on identity-based encryption (IBE) showing how to add broadcast features to hierarchical IBE and how to use IBE to reduce vulnerability exposure time of during software patch broadcast.

Cryptographie

Intégrité

Authentification

Confidentialité

Chiffrement signatures numériques

Équité

Preuves à divulgation nulle

Cryptography

Integrity

Authentication

Confidentiality

Encryption

Digital signatures

Fairness

Zero-knowledge proofs

510

004.8

PRACTICAL CONFIDENTIALITY-PRESERVING DATA ANALYTICS IN UNTRUSTED CLOUDS

Savvas Savvides (9113975)

27 July 2020

<div> <div> <div> <p>Cloud computing offers a cost-efficient data analytics platform. This is enabled by constant innovations in tools and technologies for analyzing large volumes of data through distributed batch processing systems and real-time data through distributed stream processing systems. However, due to the sensitive nature of data, many organizations are reluctant to analyze their data in public clouds. To address this stalemate, both software-based and hardware-based solutions have been proposed yet all have substantial limitations in terms of efficiency, expressiveness, and security. In this thesis, we present solutions that enable practical and expressive confidentiality- preserving batch and stream-based analytics. We achieve this by performing computations over encrypted data using Partially Homomorphic Encryption (PHE) and Property-Preserving Encryption (PPE) in novel ways, and by utilizing remote or Trusted Execution Environment (TEE) based trusted services where needed.</p><p><br></p><p>We introduce a set of extensions and optimizations to PHE and PPE schemes and propose the novel abstraction of Secure Data Types (SDTs) which enables the application of PHE and PPE schemes in ways that improve performance and security. These abstractions are leveraged to enable a set of compilation techniques making data analytics over encrypted data more practical. When PHE alone is not expressive enough to perform analytics over encrypted data, we use a novel planner engine to decide the most efficient way of utilizing client-side completion, remote re-encryption, or trusted hardware re-encryption based on Intel Software Guard eXtensions (SGX) to overcome the limitations of PHE. We also introduce two novel symmetric PHE schemes that allow arithmetic operations over encrypted data. Being symmetric, our schemes are more efficient than the state-of-the-art asymmetric PHE schemes without compromising the level of security or the range of homomorphic operations they support. We apply the aforementioned techniques in the context of batch data analytics and demonstrate the improvements over previous systems. Finally, we present techniques designed to enable the use of PHE and PPE in resource-constrained Internet of Things (IoT) devices and demonstrate the practicality of stream processing over encrypted data.</p></div></div></div><div><div><div> </div> </div> </div>

Distributed Computing

Computer System Security

Data Encryption

Cloud computing

Distributed processing of data

Applied Crytpography

Encrypted Databases

Trusted Execution Environments

Intel SGX

Homomorphic Encryption

Confidentiality

Design and Implementation of Digital Information Security for Physical Documents

Wang, Pengcheng

17 July 2015

The objective of this thesis is to improve the security for physical paper documents. Providing information security has been difficult in environments that rely on physical paper documents to implement business processes. Our work presents the design of a digital information security system for paper documents, called "CryptoPaper", that uses 2-dimensional codes to represent data and its security properties on paper. A special scanner system is designed for "CryptoPaper" which uses image recognition techniques and cloud-based access control to display plaintext of encrypted and encoded data to authorized users.

QR code

access control

image processing

confidentiality

physical paper document

Computer Engineering

Computer Sciences

Databases and Information Systems

Electrical and Computer Engineering

Information Security

Software Engineering

Systems Architecture

Návrh metody pro hodnocení bezpečnostních zranitelností systémů / Design of methodology for vulnerability assesment

Pecl, David

January 2020

The thesis deals with the assessment of security vulnerabilities. The aim of this work is to create a new method of vulnerability assessment, which will better prioritize critical vulnerabilities and reflect parameters that are not used in currently used methods. Firstly, it describes the common methods used to assess vulnerabilities and the parameters used in each method. The first described method is the Common Vulnerability Scoring System for which are described all three types of scores. The second analysed method is OWASP Risk Rating Methodology. The second part is devoted to the design of the own method, which aims to assess vulnerabilities that it is easier to identify those with high priority. The method is based on three groups of parameters. The first group describes the technical assessment of the vulnerability, the second is based on the requirements to ensure the confidentiality, integrity and availability of the asset and the third group of parameters evaluates the implemented security measures. All three groups of parameters are important for prioritization. Parameters describing the vulnerability are divided into permanent and up-to-date, where the most important up-to-date parameter are Threat Intelligence and easy of exploitation. The parameters of the impact on confidentiality, integrity and availability are linked to the priority of the asset, and to the evaluation of security measures, which increase the protection of confidentiality, integrity and availability. The priority of the asset and the quality of the countermeasures are assessed based on questionnaires, which are submitted to the owners of the examined assets as part of the vulnerability assessment. In the third part of the thesis, the method is compared with the currently widely used the Common Vulnerability Scoring System. The strengths of the proposed method are shown in several examples. The effectiveness of prioritization is based primarily on the priority of the asset and the security measures in place. The method was practically tested in a laboratory environment, where vulnerabilities were made on several different assets. These vulnerabilities were assessed using the proposed method, the priority of the asset and the quality of the measures were considered, and everything was included in the priority of vulnerability. This testing confirmed that the method more effectively prioritizes vulnerabilities that are easily exploitable, recently exploited by an attacker, and found on assets with minimal protection and higher priority.

Datově úsporné zabezpečení cloudových úložišť / Data-efficient security of cloud storages

Elis, Martin

January 2016

This work is focused on problematics of a cloud solution, especially on its security side. It describes the current security trends and approaches used by security engineers when creating sophisticated designs of secure cloud systems. As part of it there is a risk analysis and an overview of the most common types of attacks led against the cloud solutions. Also, this document deals with the possibilities, principles, advantages and negatives of different types of cloud distributions. Another text deals with the usual methods used for accessing the cloud. This thesis contains author’s own design of possible realization. In the next part of the document, process of building a safe cloud data storage is described together with principles of ensuring its security. In the conclusion, the author focuses on comparison of cryptographic algorithms and their behavior depending on the length of a used keys.

Whistleblower protection programs compromise the reported taxpayer's privacy

Andonie, Luisa

January 2017

The United States Whistleblower Program’s inadequate protections have placed the privacy and confidentiality rights of United States taxpayers in a vulnerable state. By using the United States Whistleblower Program as an example, this paper seeks to illustrate the risk of eroding the confidentiality and privacy rights of the taxpayer, which is a risk that other national and international governments should likewise attempt to mitigate in their own whistleblower protection programs.

info:eu-repo/classification/ddc/343

ddc:343

Så nära, men ändå så långt ifrån : En kvalitativ studie om lärares och socialsekreterares beskrivningar av samverkan / So close, but yet so far away : A qualitative study about social workers and teachers experiences of collaboration.

Börjesson, Oskar, Nisbel, Josefine

January 2020

The purpose of this study was to investigate and analyse how professionals within school and social services experience collaboration between them when working with children and youth who are abused or are thought to be at risk of being abused. Furthermore, the intention was to illustrate which factors that teachers and social workers consider to be successful for collaboration, and how they consider that the existing law of confidentiality affects the collaboration. Qualitative interviews with six respondents were conducted, three teachers and three social workers. The six respondents who took part in the study worked in two different municipalities of different sizes. This enabled us to make comparisons between smaller and bigger municipalities. The content of the interviews was coded and analysed using a thematic analysis. The ecological systems theory was applied during the process of the thematic analysis, to create an understanding around how different systems affect the child’s development. The result of the study illustrates which factors teachers and social workers, who work with youths, experience are critical for success, although it also emerges what they experience to be obstacles to collaboration and how they would like to change the collaboration. All the respondents’ raised that collaboration was facilitated by having personal relationships to the professionals they were collaborating with, since this benefited communication and trust. Moreover, the respondents brought up that collaboration is more easily accomplished in smaller municipalities, since this can make it easier to establish personal relationships between different professionals. Furthermore, the teachers experience the law of confidentiality as very frustrating, they argued that it restricted their work since it stopped them from getting information about the particular student and the support the student was gaining from the social services. Lastly, it emerged that all respondents wish for a closer connection between school and social services, but several respondents express that it is not possible due to insufficient resources. / Syftet med denna studie var att undersöka och analysera hur yrkesverksamma inom skola och socialtjänst upplever samverkan som rör barn och unga som far illa eller som riskerar att fara illa. Intentionen var att synliggöra vilka faktorer som lärare och socialsekreterare för fram som framgångsrika i arbetet samt hur de beskriver att den rådande sekretessen påverkar samverkan. Med en kvalitativ utgångspunkt genomfördes intervjuer med sex respondenter inom skola och socialtjänst, tre lärare och tre socialsekreterare. Urvalet representerar sex yrkesverksamma från två kommuner av olika storlek i syfte att få en jämförelse kring hur samverkansarbetet upplevs i en mindre respektive större kommun. Innehållet i intervjuerna kodades och analyserades med hjälp av en tematisk analys. Det utvecklingsekologiska perspektivet applicerades under processen av den tematiska analysen för att skapa förståelse kring hur olika system inverkar på barnets utveckling. Studiens resultat synliggör vad lärare och socialsekreterare som arbetar med barn och unga upplever är såväl hinder som framgångsfaktorer för samverkan mellan skola och socialtjänst. Studien presenterar också hur yrkesverksamma inom skola och socialtjänst önskar utforma samverkan utifrån deras erfarenhet och kompetens. Samtliga respondenter lyfter att samverkan underlättas av personliga relationer mellan de samverkande aktörerna. De personliga relationerna underlättar kommunikationen och bidrar till ökat förtroende mellan verksamheterna. Samtliga respondenter för fram att samverkan gynnas av att arbeta i en mindre kommun, då det kan vara lättare att forma personliga relationer där. Vidare menar lärarna att sekretessen skapar frustration och hinder för samverkan. Lärarna säger att det är svårt att samarbeta kring ett barn när dem inte delges information om barnets situation, information som de även uttrycker är nödvändig för att de ska kunna ge de stöd och hjälp som barnet behöver. Slutligen, framkommer det att samtliga respondenter önskar en tätare kontakt mellan skola och socialtjänst, vilket de uttrycker inte är möjligt för tillfället på grund av tidsbrist och otillräckliga resurser.

Collaboration

confidentiality

school

social services

social work

the ecological systems theory

Samverkan

sekretess

skola

socialt arbete

socialtjänst

utvecklingsekologiskt perspektiv

Social Work

Socialt arbete

Secure Authenticated Key Exchange for Enhancing the Security of Routing Protocol for Low-Power and Lossy Networks

Alzahrani, Sarah Mohammed

26 May 2022

No description available.

Computer Science

Internet of things

networked resource-constrained devices

RPL routing protocol

low-power and lossy networks LLN

message integrity

message confidentiality

key management

Protection du contenu des mémoires externes dans les systèmes embarqués, aspect matériel / Protecting the content of externals memories in embedded systems, hardware aspect

Ouaarab, Salaheddine

09 September 2016

Ces dernières années, les systèmes informatiques (Cloud Computing, systèmes embarqués, etc.) sont devenus omniprésents. La plupart de ces systèmes utilisent des espaces de stockage (flash,RAM, etc.) non fiables ou non dignes de confiance pour stocker du code ou des données. La confidentialité et l’intégrité de ces données peuvent être menacées par des attaques matérielles (espionnage de bus de communication entre le composant de calcul et le composant de stockage) ou logicielles. Ces attaques peuvent ainsi révéler des informations sensibles à l’adversaire ou perturber le bon fonctionnement du système. Dans cette thèse, nous nous sommes focalisés, dans le contexte des systèmes embarqués, sur les attaques menaçant la confidentialité et l’intégrité des données qui transitent sur le bus de communication avec la mémoire ou qui sont stockées dans celle-ci.Plusieurs primitives de protection de confidentialité et d’intégrité ont déjà été proposées dans la littérature, et notamment les arbres de Merkle, une structure de données protégeant efficacement l’intégrité des données notamment contre les attaques par rejeu. Malheureusement,ces arbres ont un impact important sur les performances et sur l’empreinte mémoire du système.Dans cette thèse, nous proposons une solution basée sur des variantes d’arbres de Merkle (arbres creux) et un mécanisme de gestion adapté du cache afin de réduire grandement l’impact de la vérification d’intégrité d’un espace de stockage non fiable. Les performances de cette solution ont été évaluées théoriquement et à l’aide de simulations. De plus, une preuve est donnée de l’équivalence, du point de vue de la sécurité, avec les arbres de Merkle classiques.Enfin, cette solution a été implémentée dans le projet SecBus, une architecture matérielle et logicielle ayant pour objectif de garantir la confidentialité et l’intégrité du contenu des mémoires externes d’un système à base de microprocesseurs. Un prototype de cette architecture a été réalisé et les résultats de l’évaluation de ce dernier sont donnés. / During the past few years, computer systems (Cloud Computing, embedded systems...) have become ubiquitous. Most of these systems use unreliable or untrusted storage (flash, RAM...)to store code or data. The confidentiality and integrity of these data can be threaten by hardware (spying on the communication bus between the processing component and the storage component) or software attacks. These attacks can disclose sensitive information to the adversary or disturb the behavior of the system. In this thesis, in the context of embedded systems, we focused on the attacks that threaten the confidentiality and integrity of data that are transmittedover the memory bus or that are stored inside the memory. Several primitives used to protect the confidentiality and integrity of data have been proposed in the literature, including Merkle trees, a data structure that can protect the integrity of data including against replay attacks. However, these trees have a large impact on the performances and the memory footprint of the system. In this thesis, we propose a solution based on variants of Merkle trees (hollow trees) and a modified cache management mechanism to greatly reduce the impact of the verification of the integrity. The performances of this solution have been evaluated both theoretically and in practice using simulations. In addition, a proof a security equivalence with regular Merkle treesis given. Finally, this solution has been implemented in the SecBus architecture which aims at protecting the integrity and confidentiality of the content of external memories in an embedded system. A prototype of this architecture has been developed and the results of its evaluation are given.

Systèmes embarqués

Mémoire cache

Sécurité

Confidentialité

Attaques par rejeu

Arbres de Merkle

SoCLib

SoC

ZedBoard

Embedded systems

Cache memory

Security

Confidentiality

Replays attacks

Merkle trees

SoCLib

SoC

ZedBoard