Confidentiality and integrity in distributed data exchange /

Miklau, Gerome.

January 2005

Thesis (Ph. D.)--University of Washington, 2005. / Vita. Includes bibliographical references (p. 132-142).

Institutionalized environments and information security management learning from Y2K /

Hassebroek, Pamela Burns.

January 2007

Thesis (Ph. D.)--Public Policy, Georgia Institute of Technology, 2008. / Rogers, Juan D., Committee Chair ; Klein, Hans K., Committee Member ; Bolter, Jay David, Committee Member ; Nelson-Palmer, Mike, Committee Member ; Kingsley, Gordon, Committee Member.

Distributed learning using generative models

Merugu, Srujana.

January 1900

Thesis (Ph. D.)--University of Texas at Austin, 2006. / Vita. Includes bibliographical references.

Trust on the semantic web /

Cloran, Russell Andrew.

January 2006

Thesis (M.Sc. (Computer Science)) - Rhodes University, 2007.

Internet-regulering in Suid-Afrika : staat of internasionaal?

Amoraal, Lezel

04 1900

Thesis (MPhil)--Stellenbosch University, 2003. / ENGLISH ABSTRACT: The Internet has become such an integral part of computer users' daily existence that it seems as if it has always been there. The Internet with its unique borders - or lack of borders - places an enormous burden on geographically based legal systems. Regulation, that has specifically been designed for the Internet, is a necessity because virtually every aspect of the law is challenged by the Internet and that many legal frameworks are inadequate to deal with the Internet. The other aspect which complicates the Internet even more, is that there is no specific organisation, business or government to whom the Internet belongs. Individuals and organisations have rights to the web pages that they own on the Internet, but there is no ownership of the Internet in its entirety. The development of the Internet in South Africa took place during a difficult time in the country's history. The apartheid era initially limited the growth of the Internet. Much of the existing legislation in South Africa has been partially adapted to accommodate the Internet, but the government could not envisage what the actual impact of the Internet would be and consequently they reacted when it came to the regulation of the Internet. In 2002 the Electronic Communication and Transaction Act 25 of2002 came into operation. In fact, the physical component of the Internet has already been regulated to a degree by the pure coincidence as a result of its physical presence. This is because the backbone of the Internet had not originally been created by the Internet, but by the telephone. There are a number of legislative Internet-organisations that are, among others, responsible for the technical standards of the Internet, dispute resolutions and in general what is important for the Internet community. Various international conventions regulate specific aspects of the Internet such as copyright, intellectual property rights, domain names, trademarks and cyber crime. The international conventions and agreements are an important step in the direction of standardised regulation. However, the lack of borders creates problems surrounding jurisdiction of the cyber space. / AFRIKAANSE OPSOMMING: Die Internet het al so deel van rekenaargebruikers se alledaagse bestaan geword dat dit soms wil voorkom asof dit maar nog altyd daar was. Die Internet met sy unieke grense - of sy gebrek aan grense - plaas 'n groot las op geografies gebaseerde regstelsels. Regulering wat spesifiek vir die Internet ontwerp is, is 'n noodsaaklikheid, aangesien byna elke aspek van die reg deur die Internet uitgedaag word en baie regsraamwerke onvoldoende is om die Internet te hanteer. Wat die regulering van die Internet verder kompliseer, is dat daar nie een spesifieke organisasie, onderneming of regering is aan wie die Internet behoort nie. Individue en organisasies het regte tot die webwerwe wat hulle op die Internet besit, maar daar is nie eienaarskap van die Internet in sy geheel nie. Die ontwikkeling van die Internet in Suid-Afirka het tydens 'n moeilike tydperk in die Suid- Afrikaanse geskiedenis plaasgevind. Die apartheidsera het die aanvanklike ontwikkeling en groei van die Internet in Suid-Afrika beperk. Verskeie bestaande Suid-Afrikaanse wetgewing is deels aangepas om die Internet te akkommodeer, maar die regering het nooit besef wat die werklike impak van die Internet sou wees nie en het gevolglik re-aktief te werk gegaan wanneer dit by die regulering van die Internet gekom het. In 2002 het Suid-Afrika se Elektroniese Kommunikasie en Transaksies Wet 25 van 2002 in werking getree. Die regulering van die fisieke komponente van die Internet is tot 'n mate as gevolg van sy fisieke teenwoordigheid deur blote toeval, gereguleer. Dit is omdat die ruggraat van die Internet nie oorspronklik vir die Internet geskep is nie, maar vir die telefoon. Daar bestaan verskeie wetgewende Internet-organisasies wat onder meer verantwoordelik is vir die tegniese standaarde van die Internet, dispuutresolusie en wat oor die algemeen aan die belange van die Internet-gemeenskap wil voldoen. Verskeie internasionale konvensies reguleer spesifieke aspekte van die Internet soos kopiereg, intellektuele eiendomsreg, domeinname en handelsmerke en kubermisdaad. Die internasionale konvensies en verdrae is 'n belangrike stap in die rigting van gestandaardiseerde regulering. Tog skep die grenslose omstandighede van die Internet probleme rondom jurisdiksie in die kuberruim.

Data protection -- Law and legislation

Dissertations -- Journalism

Theses -- Journalism

Det kommunala Europa : Implementeringsprocessen av den allmänna dataskyddsförordningen (2016/679) ur ett europeiseringsperspektiv / A local Europe : The implementation process of the General Data Protection Regulation (2016/679) through the lens of the phenomenon of Europeanization

Olsson, Karolina

January 2018

The General Data Protection Regulation (GDPR) (2016/679) can be described as a comprehensive regulation that was adopted by the European Union (EU) with the purpose of regulating the protection of personal data in all EU member states. The regulation will take effect on May 25th 2018 and will apply to all organisations that process the personal data of  EU- citizens. This study will explore the implementation process of the General Data Protection Regulation (2016/679) through the lens of the phenomenon of Europeanization.  The context of the phenomenon for this study is that EU seeks to adapt the member states’ political and administrative institutions into a common judicial framework through the implementation of EU-law. However, this requires member states having the ability to adapt to the common framework. This study’s purpose is therefore to study a local municipality’s implementation process of the regulation to evaluate its ability adapting to EU- law. The study has been conducted through a case-study design where interviews have taken place with employed public officials who are in the process of planning the implementation process. Through the interviews that have been conducted and the documentation that has been available, material, informative, personal resources and preferences in the shape of objectives in the implementation process have been deducted through Lennart Lundquist’s model for analysis of an organisation’s capabilitites and priorities in the implementation process. In conclusion, resocurces have been extracted mainly to prepare for the implementation in the shape of educational measures and recruiting new employees with the intent of coordinating the process. Through local cooperation common resources have been extracted for judicial support and for the use of a common Data Protection Officer (DPO). It is difficult to estimate the municipality’s ability to adapt to EU- law due to the fact that the process is still in its initial stages, but since the municipality is still preparing to implement measures to increase and ensure safeguards of information, the municipality will not be able to reach the requirements as of May 25th 2018.

The General Data Protection Regulation

Europeanization

EU

Swedish municipality

Political Science

Statsvetenskap

Towards a security framework for the semantic web

Mbaya, Ibrahim Rajab

30 November 2007

With the increasing use of the Web and the need to automate, interoperate, and reason about resources and services on the Web, the Semantic Web aims to provide solutions for the future needs of World Wide Web computing. However, the autonomous, dynamic, open, distributed and heterogeneous nature of the Semantic Web introduces new security challenges. Various security standards and mechanisms exist that address different security aspects of the current Web and Internet, but these have not been integrated to address security aspects of the Semantic Web specifically. Hence, there is a need to have a security framework that integrates these disparate security tools to provide a holistic, secure environment for the Semantic Web. This study proposes a security framework that provides various security functionalities to Semantic Web entities, namely, agents, Web services and Web resources. The study commences with a literature survey carried out in order to establish security aspects related to the Semantic Web. In addition, requirements for a security framework for the Semantic Web are extracted from the literature. This is followed by a model-building study that is used to compile a security framework for the Semantic Web. In order to prove the feasibility thereof, the framework is then applied to different application scenarios as a proof-of-concept. Following the results of the evaluation, it is possible to argue that the proposed security framework allows for the description of security concepts and service workflows, reasoning about security concepts and policies, as well as the specification of security policies, security services and security mechanisms. The security framework is therefore useful in addressing the identified security requirements of the Semantic Web. / School of Computing / M.Sc. (Computer Science)

Semantic Web

Security

Agents

Web services

Security framework

005.8

Computer security

Data protection

Biometric system security and privacy: data reconstruction and template protection

Mai, Guangcan

31 August 2018

Biometric systems are being increasingly used, from daily entertainment to critical applications such as security access and identity management. It is known that biometric systems should meet the stringent requirement of low error rate. In addition, for critical applications, the security and privacy issues of biometric systems are required to be concerned. Otherwise, severe consequence such as the unauthorized access (security) or the exposure of identity-related information (privacy) can be caused. Therefore, it is imperative to study the vulnerability to potential attacks and identify the corresponding risks. Furthermore, the countermeasures should also be devised and patched on the systems. In this thesis, we study the security and privacy issues in biometric systems. We first make an attempt to reconstruct raw biometric data from biometric templates and demonstrate the security and privacy issues caused by the data reconstruction. Then, we make two attempts to protect biometric templates from being reconstructed and improve the state-of-the-art biometric template protection techniques.

Protection of personal information in the South African cloud computing environment: a framework for cloud computing adoption

Skolmen, Dayne Edward

January 2016

Cloud Computing has advanced to the point where it may be considered an attractive proposition for an increasing number of South African organisations, yet the adoption of Cloud Computing in South Africa remains relatively low. Many organisations have been hesitant to adopt Cloud solutions owing to a variety of inhibiting factors and concerns that have created mistrust in Cloud Computing. One of the top concerns identified is security within the Cloud Computing environment. The approaching commencement of new data protection legislation in South Africa, known as the Protection of Personal Information Act (POPI), may provide an ideal opportunity to address the information security-related inhibiting factors and foster a trust relationship between potential Cloud users and Cloud providers. POPI applies to anyone who processes personal information and regulates how they must handle, store and secure that information. POPI is considered to be beneficial to Cloud providers as it gives them the opportunity to build trust with potential Cloud users through achieving compliance and providing assurance. The aim of this dissertation is, therefore, to develop a framework for Cloud Computing adoption that will assist in mitigating the information security-related factors inhibiting Cloud adoption by fostering a trust relationship through compliance with the POPI Act. It is believed that such a framework would be useful to South African Cloud providers and could ultimately assist in the promotion of Cloud adoption in South Africa.

Cloud computing -- Security measures

Privacy, Right of

Distributed authentication for resource control

Burdis, Keith Robert

January 2000

This thesis examines distributed authentication in the process of controlling computing resources. We investigate user sign-on and two of the main authentication technologies that can be used to control a resource through authentication and providing additional security services. The problems with the existing sign-on scenario are that users have too much credential information to manage and are prompted for this information too often. Single Sign-On (SSO) is a viable solution to this problem if physical procedures are introduced to minimise the risks associated with its use. The Generic Security Services API (GSS-API) provides security services in a manner in- dependent of the environment in which these security services are used, encapsulating security functionality and insulating users from changes in security technology. The un- derlying security functionality is provided by GSS-API mechanisms. We developed the Secure Remote Password GSS-API Mechanism (SRPGM) to provide a mechanism that has low infrastructure requirements, is password-based and does not require the use of long-term asymmetric keys. We provide implementations of the Java GSS-API bindings and the LIPKEY and SRPGM GSS-API mechanisms. The Secure Authentication and Security Layer (SASL) provides security to connection- based Internet protocols. After finding deficiencies in existing SASL mechanisms we de- veloped the Secure Remote Password SASL mechanism (SRP-SASL) that provides strong password-based authentication and countermeasures against known attacks, while still be- ing simple and easy to implement. We provide implementations of the Java SASL binding and several SASL mechanisms, including SRP-SASL.

Computers -- Access control

Data protection

Computer networks -- Security measures