Global ETD Search

81	Molnbaserade affärssystem och SME-företag: Betydelsefulla trygghetsaspekter för extern datalagring : En kvalitativ studie om vilka aspekter som är betydelsefulla för att SME-företag ska känna trygghet med datalagring i molnbaserade affärssystem Heverius, Andreas, Hugander, Hanna January 2021 (has links) Molnbaserade affärssystem blir allt mer populära och fördelarna är många. Däremot är den mest återkommande utmaningen datasäkerheten eftersom företag lämnar över kontrollen av datalagring till molnleverantören. Det krävs därmed förtroende och trygghet mellan molnleverantören och företagen. Otrygghet kring datalagring och säkerhet är en av huvudanledningarna till att företag betvivlar att investera i molnbaserade affärssystem. Syftet med studien var därmed att identifiera betydelsefulla aspekter som frambringar trygghet för SME-företag med datalagring i molnbaserade affärssystem och besvara studiens frågeställning:“Vilka aspekter är betydelsefulla för att SME-företag ska känna trygghet med datalagring i molnbaserade affärssystem?”. En kvalitativ ansats har tillämpats i studien för att besvara forskningsfrågan. Genom semistrukturerade intervjuer undersöktes området på djupet och vid analys av resultatet framkom betydelsefulla teman som låg till grund för studiens diskussion och slutsats. Trygghetsaspekterna som identifierades var följande: logghantering, tvåfaktorsautentisering, segmentering, krypterad data, backuper, datalagring inom EU, avtal och standarder, etablerad molnleverantör och transparent molnleverantör. Studiens slutsatser kan vara till stöd för molnleverantörer och SME-företag om vilka aspekter som är betydelsefulla för att skapa ökad upplevd trygghet med extern datalagring. Det kan då generera i en tryggare och mer förtroendegivande relation mellan båda parter när SME-företag överlämnar ansvaret över data till molnleverantören. / Cloud-based enterprise resource planning system (ERP-system) is becoming increasingly popular and the benefits are many. The most recurrent challenge is data security because the enterprises left the control of data storage to the cloud supplier. For that reason, trust and safety are required between the cloud supplier and the enterprise. Data storage and security are one of the main reasons why enterprises are hesitant to invest in cloud-based ERP-systems. The purpose of the research was thus to identify significant aspects that create safety for SMEenterprises with data storage in cloud-based ERP-systems and answer the research question:“Which aspects are significant for SME-enterprises to feel safe with data storage in cloudbased ERP-systems?”. A qualitative approach has been applied to answer the research question. Semi-structured interviews have been used to investigate the area in depth. With analysis of the results, significant themes emerged which underlies this paper discussion and conclusion chapters. The safety aspects that was identified were the following: log management, two-factor authentication, segmentation, encrypted data, backups, data storage within the EU, agreements and standards, established cloud supplier and transparent cloud supplier. The conclusions of the research can support cloud suppliers and SME-enterprises about which aspects that are significant to create a perceived security with external data storage. It can generate in a more secure and trusting relationship between both parties when SME-enterprises hand over responsibility for data to the cloud supplier. SME-enterprises safety cloud-based ERP data storage data security SME-företag trygghet molnbaserade affärssystem datalagring datasäkerhet Information Systems
82	Analyzing Small Businesses' Adoption of Big Data Security Analytics Mathias, Henry 01 January 2019 (has links) Despite the increased cost of data breaches due to advanced, persistent threats from malicious sources, the adoption of big data security analytics among U.S. small businesses has been slow. Anchored in a diffusion of innovation theory, the purpose of this correlational study was to examine ways to increase the adoption of big data security analytics among small businesses in the United States by examining the relationship between small business leaders' perceptions of big data security analytics and their adoption. The research questions were developed to determine how to increase the adoption of big data security analytics, which can be measured as a function of the user's perceived attributes of innovation represented by the independent variables: relative advantage, compatibility, complexity, observability, and trialability. The study included a cross-sectional survey distributed online to a convenience sample of 165 small businesses. Pearson correlations and multiple linear regression were used to statistically understand relationships between variables. There were no significant positive correlations between relative advantage, compatibility, and the dependent variable adoption; however, there were significant negative correlations between complexity, trialability, and the adoption. There was also a significant positive correlation between observability and the adoption. The implications for positive social change include an increase in knowledge, skill sets, and jobs for employees and increased confidentiality, integrity, and availability of systems and data for small businesses. Social benefits include improved decision making for small businesses and increased secure transactions between systems by detecting and eliminating advanced, persistent threats. adoption of security analytics big data analytics big data security analytics security small business small business adoption of technology Computer Sciences Databases and Information Systems Library and Information Science
83	Reducing Internal Theft and Loss in Small Businesses Luster, Eric L 01 January 2018 (has links) Every year, several documented data breaches happen in the United States, resulting in the exposure of millions of electronic records. The purpose of this single-case study was to explore strategies some information technology managers used to monitor employees and reduce internal theft and loss. The population for this study consisted of 5 information technology managers who work within the field of technology in the southwestern region of the United States. Participants were selected using purposeful sampling. The conceptual framework for this study included elements from information and communication boundary theories. Data were collected from semistructured interviews, company standard operating procedures, and policy memorandums, which provided detailed information about technology managers' experiences with data security. The collected data were transcribed, member checked, and triangulated to validate credibility and trustworthiness. Two themes emerged from data analysis: the development of policies, procedures, and standards on internal theft and loss, and the use of technology-driven systems to monitor employees and control theft and loss. Technology-based interventions allow leaders within an organization to protect the integrity of systems and networks while monitoring employee actions and behaviors. Study findings could be used by leaders of business organizations to identify and respond to theft and fraud in the workplace. Business leaders may also be able to use study findings to develop employee monitoring programs that help to prevent the loss of both organizational and customers' data, enhancing public trust as a potential implication for positive social change. Data breach Data exchange data security internal data breach Internal theft Loss Business Databases and Information Systems
84	ENHANCING SECURITY IN DOCKER WEB SERVERS USING APPARMOR AND BPFTRACE Avigyan Mukherjee (15306883) 19 April 2023 (has links) <p>Dockerizing web servers has gained significant popularity due to its lightweight containerization approach, enabling rapid and efficient deployment of web services. However, the security of web server containers remains a critical concern. This study proposes a novel approach to enhance the security of Docker-based web servers using bpftrace to trace Nginx and Apache containers under attack, identifying abnormal syscalls, connections, shared library calls, and file accesses from normal ones. The gathered metrics are used to generate tailored AppArmor profiles for improved mandatory access control policies and enhanced container security. BPFtrace is a high-level tracing language allowing for real-time analysis of system events. This research introduces an innovative method for generating AppArmor profiles by utilizing BPFtrace to monitor system alerts, creating customized security policies tailored to the specific needs of Docker-based web servers. Once the profiles are generated, the web server container is redeployed with enhanced security measures in place. This approach increases security by providing granular control and adaptability to address potential threats. The evaluation of the proposed method is conducted using CVE’s found in the open source literature affecting nginx and apache web servers that correspond to the classification system that was created. The Apache and Nginx containers was attacked with Metasploit, and benchmark tests including ltrace evaluation in accordance with existing literature were conducted. The results demonstrate the effectiveness of the proposed approach in mitigating security risks and strengthening the overall security posture of Docker-based web servers. This is achieved by limiting memcpy and memset shared library calls identified using bpftrace and applying rlimits in 9 AppArmor to limit their rate to normal levels (as gauged during testing) and deny other harmful file accesses and syscalls. The study’s findings contribute to the growing body of knowledge on container security and offer valuable insights for practitioners aiming to develop more secure web server deployments using Docker. </p> Data security and protection System and network security Networking and communications Docker security Webserver Containerization
85	IS THE FUTURE OF BEAUTY PERSONALIZED? : CASE STUDY FOR MICROBIOME SKINCARE BRAND SKINOME Kanaska, Santa Daniela January 2022 (has links) The researcher takes a user-centric empirical approach to estimate different consumer group participant views on the personalization technology adoption within the skincare industry. In addition, the study aims to highlight the main identified opportunities and concerns that users associate with the personalized technology solutions within the industry, such as skincare and product quizzes, in-depth questionnaires, smart skin analysis tools, and others. The empirical study sample consists of 17 subjects who represent three different generation groups (Generations X, Y, and Z). For data analysis purposes, the author has performed content and discourse analysis, sentiment assessment, and word cloud visualizations using the Python word cloud library. The conducted sentiment analysis shows that the Gen X group’s users overall have a negative attitude towards personalization technology adoption for the skincare (average sentiment: 0.294) in comparison to Gen Y and Gen Z consumers whose sentiment analysis results showed neutral and positive tendencies. The content analysis showed that Gen Y and Gen Z consumers are more concerned about the data governance and its associated risks than Gen X consumers for whom the results and skin health-related improvements were indicated as having higher importance. According to the gathered data, the majority of Gen Y and Gen Z consumer group participants see personalization technology as the future of the skincare industry; nevertheless, Gen X consumers believe that personalization within the skincare will not be attached to one brand and will be more focussed on addressing specific skin conditions and concerns as well as will be more evidence-based. / Forskaren använder sig av en användarcentrerad empirisk metod för att uppskatta olika konsumentgruppers åsikter om hur tekniken för att ge personliga hudvårdsråd används inom hudvårdsbranschen. Dessutom syftar studien till att belysa de viktigaste identifierade möjligheterna och farhågorna som användarna förknippar med dessa tekniska lösningar inom branschen, såsom hudvårds- och produkttester, djupgående frågeformulär, smarta hudanalysverktyg och andra. Den empiriska studiens urval består av 17 personer som representerar tre olika generationsgrupper (generationerna X, Y och Z). Författaren har för analysen av datan genomfört en innehålls- och diskursanalys, en känsloutvärdering samt en ordmolnsanalys med hjälp av Pythons ordmolnsbibliotek. Den genomförda känslighetsanalysen visar att användare i gruppen Gen X överlag har en negativ inställning till att införa teknik för att erhålla personliga hudvårdsråd (genomsnittlig känsla: 0,294) i jämförelse med konsumenter i generationerna Y och Z, vars känslighetsanalysresultat visade neutrala och positiva tendenser. Innehållsanalysen visade att Gen Y- och Gen Z-konsumenterna är mer oroade över datastyrningen och de därmed förknippade riskerna än Gen X-konsumenterna, för vilka resultaten och förbättringarna av hudhälsan angavs ha större betydelse. Resultaten av studien visar att en majoritet av Gen Y- och Gen Z-konsumentgruppens deltagare ser att utvecklandet och användandet av teknik för att ge personliga hudvårdsråd är framtiden för hudvårdsbranschen. Gen Xkonsumenterna tror dock att tekniken för personliga hudvårdsråd inte kommer att vara knuten till ett märke och att den kommer att vara mer inriktad på att hantera specifika hudtillstånd och problem samt vara mer evidensbaserad. personalization beauty tech Artificial Intelligence Recommender systems AI ethics data security teknik för personliga hudvårdsråd skönhetsteknik Artificiell Intelligens Rekommendationssystem AI-etik datasäkerhet Computer and Information Sciences Data- och informationsvetenskap
86	<strong>Deep Learning-Based Anomaly Detection in TLS Encrypted Traffic</strong> Kehinde Ayano (16650471) 03 August 2023 (has links) <p> The growing trend of encrypted network traffic is changing the cybersecurity threat scene. Most critical infrastructures and organizations enhance service delivery by embracing digital platforms and applications that use encryption to ensure that data and Information are moved across networks in an encrypted form to improve security. While this protects data confidentiality, hackers are also taking advantage of encrypted network traffic to hide malicious software known as malware that will easily bypass the conventional detection mechanisms on the system because the traffic is not transparent for the monitoring mechanism on the system to analyze. Cybercriminals leverage encryption using cryptographic protocols such as SSL/TLS to launch malicious attacks. This hidden threat exists because of the SSL encryption of benign traffic. Hence, there is a need for visibility in encrypted traffic. This research was conducted to detect malware in encrypted network traffic without decryption. The existing solution involves bulk decryption, analysis, and re-encryption. However, this method is prone to privacy issues, is not cost-efficient, and is time-consuming, creating huge overhead on the network. In addition, limited research exists on detecting malware in encrypted traffic without decryption. There is a need to strike a balance between security and privacy by building an intelligent framework that can detect malicious activity in encrypted network traffic without decrypting the traffic prior to inspection. With the payload still encrypted, the study focuses on extracting metadata from flow features to train the machine-learning model. It further deployed this set of features as input to an autoencoder, leveraging the construction error of the autoencoder for anomaly detection. </p> Data and information privacy Data security and protection System and network security Cybersecurity Privacy Encrypted Traffic Network Security Machine Learning Deep Learning
87	Defeating Critical Threats to Cloud User Data in Trusted Execution Environments Adil Ahmad (13150140) 26 July 2022 (has links) <p>In today’s world, cloud machines store an ever-increasing amount of sensitive user data, but it remains challenging to guarantee the security of our data. This is because a cloud machine’s system software—critical components like the operating system and hypervisor that can access and thus leak user data—is subject to attacks by numerous other tenants and cloud administrators. Trusted execution environments (TEEs) like Intel SGX promise to alter this landscape by leveraging a trusted CPU to create execution contexts (or enclaves) where data cannot be directly accessed by system software. Unfortunately, the protection provided by TEEs cannot guarantee complete data security. In particular, our data remains unprotected if a third-party service (e.g., Yelp) running inside an enclave is adversarial. Moreover, data can be indirectly leaked from the enclave using traditional memory side-channels.</p> <p><br></p> <p>This dissertation takes a significant stride towards strong user data protection in cloud machines using TEEs by defeating the critical threats of adversarial cloud services and memory side-channels. To defeat these threats, we systematically explore both software and hardware designs. In general, we designed software solutions to avoid costly hardware changes and present faster hardware alternatives.</p> <p><br></p> <p>We designed 4 solutions for this dissertation. Our Chancel system prevents data leaks from adversarial services by restricting data access capabilities through robust and efficient compiler-enforced software sandboxing. Moreover, our Obliviate and Obfuscuro systems leverage strong cryptographic randomization and prevent information leakage through memory side-channels. We also propose minimal CPU extensions to Intel SGX called Reparo that directly close the threat of memory side-channels efficiently. Importantly, each designed solution provides principled protection by addressing the underlying root-cause of a problem, instead of enabling partial mitigation.</p> <p><br></p> <p>Finally, in addition to the stride made by our work, future research thrust is required to make TEEs ubiquitous for cloud usage. We propose several such research directions to pursue the essential goal of strong user data protection in cloud machines.</p> Data security and protection Hardware security System and network security Cloud data protection Trusted Execution Environments (TEEs) Intel Software Guard eXtensions (SGX) Oblivious RAM (ORAM) Hardware extensions Compiler-aided protection
88	New Theoretical Techniques For Analyzing And Mitigating Password Cracking Attacks Peiyuan Liu (18431811) 26 April 2024 (has links) <p dir="ltr">Brute force guessing attacks continue to pose a significant threat to user passwords. To protect user passwords against brute force attacks, many organizations impose restrictions aimed at forcing users to select stronger passwords. Organizations may also adopt stronger hashing functions in an effort to deter offline brute force guessing attacks. However, these defenses induce trade-offs between security, usability, and the resources an organization is willing to investigate to protect passwords. In order to make informed password policy decisions, it is crucial to understand the distribution over user passwords and how policy updates will impact this password distribution and/or the strategy of a brute force attacker.</p><p dir="ltr">This first part of this thesis focuses on developing rigorous statistical tools to analyze user password distributions and the behavior of brute force password attackers. In particular, we first develop several rigorous statistical techniques to upper and lower bound the guessing curve of an optimal attacker who knows the user password distribution and can order guesses accordingly. We apply these techniques to analyze eight password datasets and two PIN datasets. Our empirical analysis demonstrates that our statistical techniques can be used to evaluate password composition policies, compare the strength of different password distributions, quantify the impact of applying PIN blocklists, and help tune hash cost parameters. A real world attacker may not have perfect knowledge of the password distribution. Prior work introduced an efficient Monte Carlo technique to estimate the guessing number of a password under a particular password cracking model, i.e., the number of guesses an attacker would check before this particular password. This tool can also be used to generate password guessing curves, but there is no absolute guarantee that the guessing number and the resulting guessing curves are accurate. Thus, we propose a tool called Confident Monte Carlo that uses rigorous statistical techniques to upper and lower bound the guessing number of a particular password as well as the attacker's entire guessing curve. Our empirical analysis also demonstrate that this tool can be used to help inform password policy decisions, e.g., identifying and warning users with weaker passwords, or tuning hash cost parameters.</p><p dir="ltr">The second part of this thesis focuses on developing stronger password hashing algorithms to protect user passwords against offline brute force attacks. In particular, we establish that the memory hard function Scrypt, which has been widely deployed as password hash function, is maximally bandwidth hard. We also present new techniques to construct and analyze depth robust graph with improved concrete parameters. Depth robust graph play an essential rule in the design and analysis of memory hard functions.</p> Cryptography Data security and protection Memory Hard Function Password Security Statistical Analysis Cryptography Theoretical Bounds Depth-Robust Graph Password Dataset Password Distribution Bandwidth Hardness Password Cracking Model
89	Language-Based Techniques for Policy-Agnostic Oblivious Computation Qianchuan Ye (18431691) 28 April 2024 (has links) <p dir="ltr">Protecting personal information is growing increasingly important to the general public, to the point that major tech companies now advertise the privacy features of their products. Despite this, it remains challenging to implement applications that do not leak private information either directly or indirectly, through timing behavior, memory access patterns, or control flow side channels. Existing security and cryptographic techniques such as secure multiparty computation (MPC) provide solutions to privacy-preserving computation, but they can be difficult to use for non-experts and even experts.</p><p dir="ltr">This dissertation develops the design, theory and implementation of various language-based techniques that help programmers write privacy-critical applications under a strong threat model. The proposed languages support private structured data, such as trees, that may hide their structural information and complex policies that go beyond whether a particular field of a record is private. More crucially, the approaches described in this dissertation decouple privacy and programmatic concerns, allowing programmers to implement privacy-preserving applications modularly, i.e., to independently develop application logic and independently update and audit privacy policies. Secure-by-construction applications are derived automatically by combining a standard program with a separately specified security policy.</p><p><br></p> Data and information privacy Data security and protection Programming languages Dependent types Algebraic data types Oblivious computation Multiparty computation Privacy policies Information flow control Functional languages
90	Improving the adoption of cloud computing by Small & Medium Scale Enterprise (SMEs in Nigeria Young, Destiny Assian 08 1900 (has links) In a traditional business environment, companies set up their organisation’s IT data infrastructure, install their applications and carry out the maintenance and management of their infrastructures. Whereas Cloud computing removes the need for companies to set up own data centers and run enterprise applications. Cloud computing technology provides businesses with the advantage of on-demand access, agility, scalability, flexibility and reduced cost of computing. An appreciable increase is being observed in the acceptance and migration to this new IT model in developing economies. In Nigeria, it has been observed that there is a somewhat unimpressive rate of adoption of Cloud computing by the microfinance operators. This research investigates the reason for the slow adoption of Cloud computing by SMEs in Nigeria with special consideration to the Microfinance subsector and to develop a model for improving the adoption of cloud computing by microfinance organisations. The research was conducted using a qualitative research design method. Interview was the main data collection instrument and data collected was analysed using thematic content analysis method. The analysis of the study revealed that SMEs in Nigeria, with particular reference to microfinance subsector in Akwa Ibom State are yet fully to embrace cloud technology. It was discovered that most of the SMEs studied, has some level of reservation about cloud computing arising from not having appropriate education and enlightenment about the cloud economic offerings and potentials. From the outcome of the research, the researcher identified that most people’s concerns are as a result of lack of knowledge about cloud computing and so the researcher concluded that appropriate enlightenment by industry stakeholders, cloud service providers, cloud enthusiasts and even the government on the risks and overwhelming economic incentives of cloud computing as well as the provision of a monitored free trial services will encourage the adoption of cloud computing by SMEs. / College of Engineering, Science and Technology / M.Tech. (Information Technology) ATU BIU Cloud Adoption Cloud Computing Cloud End-user Cloud Service Providers Data Security Microfinance PU PEOU IT Nigeria SMEs Vendors 004.67820338709669 SMEs (Small business) Microfinance -- Nigeria -- Case studies Data Security

Search results