The evaluation and analysis of the control facilities in a network environment with specific reference to Novell 4

08 September 2015

M.Com. / The auditor has the objective to express an opinion on the financial statements on which he is reporting. It is important for the auditor to know that the data which he is auditing has not been changed without the necessary authority or been lost and that the data meets the three Information Security Objectives (IS0s) ...

Computer networks - Security measures

Database security

Electronic data processing - Auditing

Privacy-preserving queries on encrypted databases

Meng, Xianrui

07 December 2016

In today's Internet, with the advent of cloud computing, there is a natural desire for enterprises, organizations, and end users to outsource increasingly large amounts of data to a cloud provider. Therefore, ensuring security and privacy is becoming a significant challenge for cloud computing, especially for users with sensitive and valuable data. Recently, many efficient and scalable query processing methods over encrypted data have been proposed. Despite that, numerous challenges remain to be addressed due to the high complexity of many important queries on encrypted large-scale datasets. This thesis studies the problem of privacy-preserving database query processing on structured data (e.g., relational and graph databases). In particular, this thesis proposes several practical and provable secure structured encryption schemes that allow the data owner to encrypt data without losing the ability to query and retrieve it efficiently for authorized clients. This thesis includes two parts. The first part investigates graph encryption schemes. This thesis proposes a graph encryption scheme for approximate shortest distance queries. Such scheme allows the client to query the shortest distance between two nodes in an encrypted graph securely and efficiently. Moreover, this thesis also explores how the techniques can be applied to other graph queries. The second part of this thesis proposes secure top-k query processing schemes on encrypted relational databases. Furthermore, the thesis develops a scheme for the top-k join queries over multiple encrypted relations. Finally, this thesis demonstrates the practicality of the proposed encryption schemes by prototyping the encryption systems to perform queries on real-world encrypted datasets.

Computer science

Cryptography

Database security

Data management

Graph theory

Information security/privacy

Query processing

Privacy preserving in serial data and social network publishing.

January 2010

Liu, Jia. / "August 2010." / Thesis (M.Phil.)--Chinese University of Hong Kong, 2010. / Includes bibliographical references (p. 69-72). / Abstracts in English and Chinese. / Chapter 1 --- Introduction --- p.1 / Chapter 2 --- Related Work --- p.3 / Chapter 3 --- Privacy Preserving Network Publication against Structural Attacks --- p.5 / Chapter 3.1 --- Background and Motivation --- p.5 / Chapter 3.1.1 --- Adversary knowledge --- p.6 / Chapter 3.1.2 --- Targets of Protection --- p.7 / Chapter 3.1.3 --- Challenges and Contributions --- p.10 / Chapter 3.2 --- Preliminaries and Problem Definition --- p.11 / Chapter 3.3 --- Solution:K-Isomorphism --- p.15 / Chapter 3.4 --- Algorithm --- p.18 / Chapter 3.4.1 --- Refined Algorithm --- p.21 / Chapter 3.4.2 --- Locating Vertex Disjoint Embeddings --- p.30 / Chapter 3.4.3 --- Dynamic Releases --- p.32 / Chapter 3.5 --- Experimental Evaluation --- p.34 / Chapter 3.5.1 --- Datasets --- p.34 / Chapter 3.5.2 --- Data Structure of K-Isomorphism --- p.37 / Chapter 3.5.3 --- Data Utilities and Runtime --- p.42 / Chapter 3.5.4 --- Dynamic Releases --- p.47 / Chapter 3.6 --- Conclusions --- p.47 / Chapter 4 --- Global Privacy Guarantee in Serial Data Publishing --- p.49 / Chapter 4.1 --- Background and Motivation --- p.49 / Chapter 4.2 --- Problem Definition --- p.54 / Chapter 4.3 --- Breach Probability Analysis --- p.57 / Chapter 4.4 --- Anonymization --- p.58 / Chapter 4.4.1 --- AG size Ratio --- p.58 / Chapter 4.4.2 --- Constant-Ratio Strategy --- p.59 / Chapter 4.4.3 --- Geometric Strategy --- p.61 / Chapter 4.5 --- Experiment --- p.62 / Chapter 4.5.1 --- Dataset --- p.62 / Chapter 4.5.2 --- Anonymization --- p.63 / Chapter 4.5.3 --- Evaluation --- p.64 / Chapter 4.6 --- Conclusion --- p.68 / Bibliography --- p.69

Data protection

Data mining

Database security

Adaptive Cryptographic Access Control for Dynamic Data Sharing Environments

Kayem, ANNE

21 October 2008

Distributed systems, characterized by their ability to ensure the execution of multiple transactions across a myriad of applications, constitute a prime platform for building Web applications. However, Web application interactions raise issues pertaining to security and performance that make manual security management both time-consuming and challenging. This thesis is a testimony to the security and performance enhancements afforded by using the autonomic computing paradigm to design an adaptive cryptographic access control framework for dynamic data sharing environments. One of the methods of enforcing cryptographic access control in these environments is to classify users into one of several groups interconnected in the form of a partially ordered set. Each group is assigned a single cryptographic key that is used for encryption/decryption. Access to data is granted only if a user holds the "correct" key, or can derive the required key from the one in their possession. This approach to access control is a good example of one that provides good security but has the drawback of reacting to changes in group membership by replacing keys, and re-encrypting the associated data, throughout the entire hierarchy. Data re-encryption is time-consuming, so, rekeying creates delays that impede performance. In order to support our argument in favor of adaptive security, we begin by presenting two cryptographic key management (CKM) schemes in which key updates affect only the class concerned or those in its sub-poset. These extensions enhance performance, but handling scenarios that require adaptability remain a challenge. Our framework addresses this issue by allowing the CKM scheme to monitor the rate at which key updates occur and to adjust resource (keys and encrypted data versions) allocations to handle future changes by anticipation rather than on demand. Therefore, in comparison to quasi-static approaches, the adaptive CKM scheme minimizes the long-term cost of key updates. Finally, since self-protecting CKM requires a lesser degree of physical intervention by a human security administrator, we consider the case of "collusion attacks" and propose two algorithms to detect as well as prevent such attacks. A complexity and security analysis show the theoretical improvements our schemes offer. Each algorithm presented is supported by a proof of concept implementation, and experimental results to show the performance improvements. / Thesis (Ph.D, Computing) -- Queen's University, 2008-10-16 16:19:46.617

Access Control

Database Security

Autonomic Computing

Cryptographic Key Management

Dynamic Data Sharing

On formal specification of authorization policies and their transformations : thesis /

Bai, Yun.

January 2000

Thesis (Ph.D.)--University of Western Sydney, 2000. / "A thesis submitted for the degree of Doctor of Philosophy at University of Western Sydney - Nepean." "September 2000." Bibliography : leaves 141-150.

Logic programming based formal representations for authorization and security protocols

Wang, Shujing.

January 2008

Thesis (Ph.D.) -- University of Western Sydney, 2008. / A thesis submitted for the degree of Doctor of Philosophy to the University of Western Sydney, College of Health and Science, School of Computing and Mathematics. Includes bibliography.

Confidentiality and integrity in distributed data exchange /

Miklau, Gerome.

January 2005

Thesis (Ph. D.)--University of Washington, 2005. / Vita. Includes bibliographical references (p. 132-142).

A model for legal compliance in the South African banking sector : an information security perspective

Maphakela, Madidimalo Rabbie

January 2008

In the past, many organisations used to keep their information on paper, which resulted in the loss of important information. In today’s knowledge era the information super-highway facilitates highly connected electronic environments where business applications can communicate on an intra- as well as inter-organizational level. As business expanded more into the cyber-world, so did the need to protect the information they have. Technology advances did not only bring benefits, it also increased the vulnerability of companies’ information. Information, the lifeblood of an organization, must be protected from threats such as hackers and fraud, amongst others. In the highly regulated financial sector, the protection of information is not only a best practice, but a legal obligation carrying penalties for non-compliance. From a positive aspect, organisations can identify security controls that can help them to secure their information, with the aid of legal sources. But organisations find themselves burdened by a burgeoning number of legal sources and requirements, which require vast resources and often become unmanageable. This research focuses on finding a solution for South African banks to comply with multiple legal sources, as seen from an information security perspective.

Database security -- South Africa

Computer security -- South Africa

Bezpečnost v databázi Oracle / Security in Oracle database

Lukanič, Michal

January 2010

The amount of electronically stored data is constantly growing. That's why we should consider the data security. Most electronic information is stored in the database. This thesis is concerned with ensuring data security in the Oracle database. First of all, I describe some of the available security surveys, to make it clear why we need to ensure the data security. In addition, I also describe the main aspects of information security. The aim is to introduce what we mean by security of information. Then I examine the recommendations of ISO 17799 standard, which is one of the sources for the measures described in the main part of this thesis. The next part is dedicated to finding the important security threats, which are used as a basis for following description of security tools. The aim of described recommendations and threats is to discover what is needed to ensure the data security. In the main part of this thesis I discuss the various security tools and procedures. The main objective of this thesis is the description of tools and procedures to ensure data security, following the recommendations of international standards and typical security threats. All described tools are part of the Oracle database. I place emphasis on the user access control.

Anomaly Detection in a SQL database: A Retrospective Investigation

Naserinia, Vahid, Beremark, Mikael

January 2022

Insider attacks aiming at stealing data are highly common, according to recent studies, and they are carried out in precise patterns. In order to protect against these threats, additional security measures, such as access control and encryption, must be used in conjunction with tools and methods that can detect anomalies in data access. By analyzing the input query syntax and the amount of data returned in the responses, we can deduce individuals' access patterns. Our method is based on SQL queries in database log files, which allow us to build profiles of ordinary users' access behavior by their doctors. Anomalies that deviate from these characteristics are deemed anomalous and thus indicative of possible data exfiltration or misuse. This paper uses machine learning techniques in existing algorithms to detect outliers and aggregate related data into clusters. Due to the sensitivity of the real-world data and restricting access to such datasets, we have developed our logfiles that groups log lines sequentially based on time and access intervals. Generated log files containing known abnormalities are used to demonstrate the use of real datasets. Our findings demonstrate that our method can effectively detect these anomalies, albeit more research by specialists is required to ensure whether the abnormalities detected were appropriately recognized.

Anomaly Detection

Machine Learning

Data Mining

Database Security

Intrusion Detection.

Computer and Information Sciences

Data- och informationsvetenskap