A SOAP-based Model for secure messaging in a global context

Van Eeden, Johannes Jurie

January 2005

For integration between application-systems in a global context, interoperability needs to be established on a global level; global interoperability, in turn, is based on a global common application-interface. This is achieved through resolving differences in, inter alia, protocol profiles, among participants in the global network. ebXML is used as the point of departure. A messaging framework, which is based on existing Web technology and standards, is proposed. Certain security and Web service standards are examined to determine specific parameters for an interoperable secure messaging environment. A security based framework comprising a predefined message format and architecture is investigated for a secure interoperable global electronic marketspace.

Information security service management : a service management approach to information security management

Rastogi, Rahul

January 2011

In today’s world, information and the associated Information Technology are critical assets for many organizations. Any information security breach, or compromise of these assets, can lead to serious implications for organizations that are heavily dependent on these assets. For such organizations, information security becomes vital. Organizations deploy an information security infrastructure for protecting their information assets. This infrastructure consists of policies and controls. Organizations also create an information security management system for managing information security in the organization. While some of the policies and controls are of a purely technical nature, many depend upon the actions of end-users. However, end-users are known to exhibit both compliant and noncompliant behaviours in respect of these information security policies and controls in the organization. Non-compliant information security behaviours of end-users have the potential to lead to information security breaches. Non-compliance thus needs to be controlled. The discipline of information security and its management have evolved over the years. However, the discipline has retained the technology-driven nature of its origin. In this context, the discipline has failed to adequately appreciate the role played by the end-users and the complexities of their behaviour, as it relates to information security policies and controls. The pervasive information security management philosophy is that of treating end-users as the enemy. Compliance is sought to be achieved through awareness programs, rewards, punishments and evermore strict policies and controls. This has led to a bureaucratic information security management approach. The philosophy of treating end-users as the enemy has had an adverse impact on information security in the organization. It can be said that rather than curbing non-compliance by end-users, the present-day bureaucratic approach to information security management has contributed to non-compliance. This thesis calls this the end-user crisis. This research aims at resolving this crisis by identifying an improved approach to information security management in the organization. This research has applied the service management approach to information security management. The resultant Information Security Service Management (ISSM) views end-users as assets and resources, and not as enemies. The central idea of ISSM is that the end-user is to be treated as a customer, whose needs are to be satisfied. This research presents ISSM. This research also presents the various components of ISSM to aid in its implementation in an organization.

Information security in a distributed banking environment, with specific reference to security protocols.

Van Buuren, Suzi

22 August 2012

M.Comm. / The principal aim of the present dissertation is to determine the nature of an electronicbanking environment, to determine the threats within such an environment and the security functionality needed to ward off these threats. Security solutions for each area at risk will be provided in short. The main focus of the dissertation will fall on the security protocols that can be used as solutions to protect a banking system. In the dissertation, indication will also be given of what the security protocols, in their turn, depend on to provide protection to a banking system. There are several security protocols that can be used to secure a banking system. The problem, however, is to determine which protocol will provide the best security for a bank in a specific application. This dissertation is also aimed at providing a general security framework that banks could use to evaluate various security protocols which could be implemented to secure a banking system. Such framework should indicate which security protocols will provide a bank in a certain banking environment with the best protection against security threats. It should also indicate which protocols could be used in combination with others to provide the best security.

Banks and banking - Security measures

Internet - Security measures

Computer networks - Security measures

Mitigating social media threats towards information security : a case study of two academic institutions

01 September 2015

M.Tech. (Information Technology) / Since the introduction of Web 2.0, there has been an increase in the number of applications that promote the use of user-generated content, support social and collaborative interaction on the Web, and provide engaging user interactions. This together with the continuous increase in internet speed gave rise to the formation of interactive online communication channels, such as Social Media (SM). SM moved from just being a purely social platform to being an integral part of many organisations` business practices. Organisations saw an opportunity through SM to market themselves and interact with customers more efficiently and cost effectively, whist reaching a larger number of potential clients online ...

Social media - Security measures

Protecting the physical layer: threats and countermeasures to communication system and smart power grid. / CUHK electronic theses & dissertations collection

January 2013

Bi, Suzhi. / Thesis (Ph.D.)--Chinese University of Hong Kong, 2013. / Includes bibliographical references (leaves 113-119). / Electronic reproduction. Hong Kong : Chinese University of Hong Kong, [2012] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Abstract also in Chinese.

Computer networks--Security measures

Authenticated 2D barcode: design, implementation and applications. / CUHK electronic theses & dissertations collection

January 2013

Li, Chak Man. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2013. / Includes bibliographical references (leaves 150-159). / Electronic reproduction. Hong Kong : Chinese University of Hong Kong, [2012] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Abstracts also in Chinese.

QR codes--Security measures

Bar coding--Security measures

Mobile computing

IP traceback marking scheme based DDoS defense.

January 2005

Ping Yan. / Thesis submitted in: December 2004. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2005. / Includes bibliographical references (leaves 93-100). / Abstracts in English and Chinese. / Abstract --- p.i / Acknowledgement --- p.iii / Chapter 1 --- INTRODUCTION --- p.1 / Chapter 1.1 --- The Problem --- p.1 / Chapter 1.2 --- Research Motivations and Objectives --- p.3 / Chapter 1.3 --- The Rationale --- p.8 / Chapter 1.4 --- Thesis Organization --- p.9 / Chapter 2 --- BACKGROUND STUDY --- p.10 / Chapter 2.1 --- Distributed Denial of Service Attacks --- p.10 / Chapter 2.1.1 --- Taxonomy of DoS and DDoS Attacks --- p.13 / Chapter 2.2 --- IP Traceback --- p.17 / Chapter 2.2.1 --- Assumptions --- p.18 / Chapter 2.2.2 --- Problem Model and Performance Metrics --- p.20 / Chapter 2.3 --- IP Traceback Proposals --- p.24 / Chapter 2.3.1 --- Probabilistic Packet Marking (PPM) --- p.24 / Chapter 2.3.2 --- ICMP Traceback Messaging --- p.26 / Chapter 2.3.3 --- Logging --- p.27 / Chapter 2.3.4 --- Tracing Hop-by-hop --- p.29 / Chapter 2.3.5 --- Controlled Flooding --- p.30 / Chapter 2.4 --- DDoS Attack Countermeasures --- p.30 / Chapter 2.4.1 --- Ingress/Egress Filtering --- p.33 / Chapter 2.4.2 --- Route-based Distributed Packet Filtering (DPF) --- p.34 / Chapter 2.4.3 --- IP Traceback Based Intelligent Packet Filtering --- p.35 / Chapter 2.4.4 --- Source-end DDoS Attack Recognition and Defense --- p.36 / Chapter 2.4.5 --- Classification of DDoS Defense Methods --- p.38 / Chapter 3 --- ADAPTIVE PACKET MARKING SCHEME --- p.41 / Chapter 3.1 --- Scheme Overview --- p.41 / Chapter 3.2 --- Adaptive Packet Marking Scheme --- p.44 / Chapter 3.2.1 --- Design Motivation --- p.44 / Chapter 3.2.2 --- Marking Algorithm Basics --- p.46 / Chapter 3.2.3 --- Domain id Marking --- p.49 / Chapter 3.2.4 --- Router id Marking --- p.51 / Chapter 3.2.5 --- Attack Graph Reconstruction --- p.53 / Chapter 3.2.6 --- IP Header Overloading --- p.56 / Chapter 3.3 --- Experiments on the Packet Marking Scheme --- p.59 / Chapter 3.3.1 --- Simulation Set-up --- p.59 / Chapter 3.3.2 --- Experimental Results and Analysis --- p.61 / Chapter 4 --- DDoS DEFENSE SCHEMES --- p.67 / Chapter 4.1 --- Scheme I: Packet Filtering at Victim-end --- p.68 / Chapter 4.1.1 --- Packet Marking Scheme Modification --- p.68 / Chapter 4.1.2 --- Packet Filtering Algorithm --- p.69 / Chapter 4.1.3 --- Determining the Filtering Probabilities --- p.70 / Chapter 4.1.4 --- Suppressing Packets Filtering with did Markings from Nearby Routers --- p.73 / Chapter 4.2 --- Scheme II: Rate Limiting at the Sources --- p.73 / Chapter 4.2.1 --- Algorithm of the Rate-limiting Scheme --- p.74 / Chapter 4.3 --- Performance Measurements for Scheme I & Scheme II . --- p.77 / Chapter 5 --- CONCLUSION --- p.87 / Chapter 5.1 --- Contributions --- p.87 / Chapter 5.2 --- Discussion and Future Work --- p.91 / Bibliography --- p.100

Computer networks--Security measures

Internet--Security measures

Computer security

Practical data integrity protection in network-coded cloud storage.

January 2012

近年雲存儲發展迅速，它具彈性的收費模式還有使用上的便利性吸引了不少用家把它當作一個備份的平台，如何保障雲端上資料的完整性也就成了一項重要的課題。我們試著探討如何能有效地在客戶端檢查雲端上資料的完整性，並且在探測到雲存儲節點故障以後如何有效地進行修復。抹除碼(Erasure codes)透過產生冗餘，令編碼過後的資料能允許一定程度的缺片。雲端使用者可以利用抹除碼把檔案分散到不同的雲節點，即使其中一些節點壞了用戶還是能透過解碼餘下的資料來得出原檔。我們的研究是基於一種叫再造編碼(Regenerating code)的新興抹除碼。再造編碼借用了網絡編碼(Network coding)的概念，使得在修復錯誤節點的時候並不需要把完整的原檔先重構一遍，相比起一些傳統的抹除碼（如里德所羅門碼Reed-Solomoncode）能減少修復節點時需要下載的資料量。其中我們在FMSR這門再造編碼上實現了一個能有效檢測錯誤的系統FMSR-DIP。FMSR-DIP的好處是在檢測的時候只需要下載一小部份的資料，而且不要求節點有任何的編碼能力，可以直接對應現今的雲存儲。為了驗證我們系統的實用性，我們在雲存儲的測試平台上運行了一系列的測試。 / To protect outsourced data in cloud storage against corruptions, enabling integrity protection, fault tolerance, and efficient recovery for cloud storage becomes critical. To enable fault tolerance from a client-side perspective, users can encode their data with an erasure code and stripe the encoded data across different cloud storage nodes. We base our work on regenerating codes, a recently proposed type of erasure code that borrows the concept of network coding and requires less repair traffic than traditional erasure codes during failure recovery. We study the problem of remotely checking the integrity of regenerating-coded data against corruptions under a real-life cloud storage setting. Specifically, we design a practical data integrity protection (DIP) scheme for a specific regenerating code, while preserving the intrinsic properties of fault tolerance and repair traffic saving. Our DIP scheme is designed under the Byzantine adversarial model, and enables a client to feasibly verify the integrity of random subsets of outsourced data against general or malicious corruptions. It works under the simple assumption of thin-cloud storage and allows different parameters to be fine-tuned for the performance-security trade-off. We implement and evaluate the overhead of our DIP scheme in a cloud storage testbed under different parameter choices. We demonstrate that remote integrity checking can be feasibly integrated into regenerating codes in practical deployment. / Detailed summary in vernacular field only. / Chen, Chuk Hin Henry. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2012. / Includes bibliographical references (leaves 38-41). / Abstracts also in Chinese. / Chapter 1 --- Introduction --- p.1 / Chapter 2 --- Preliminaries --- p.4 / Chapter 2.1 --- FMSR Implementation --- p.4 / Chapter 2.2 --- Threat Model --- p.6 / Chapter 2.3 --- Cryptographic Primitives --- p.7 / Chapter 3 --- Design --- p.8 / Chapter 3.1 --- Design Goals --- p.8 / Chapter 3.2 --- Notation --- p.9 / Chapter 3.3 --- Overview of FMSR-DIP --- p.11 / Chapter 3.4 --- Basic Operations --- p.11 / Chapter 3.4.1 --- Upload operation --- p.11 / Chapter 3.4.2 --- Check operation --- p.13 / Chapter 3.4.3 --- Download operation --- p.15 / Chapter 3.4.4 --- Repair operation --- p.16 / Chapter 4 --- Implementation --- p.17 / Chapter 4.1 --- Integration of DIP into NCCloud --- p.17 / Chapter 4.2 --- Instantiating Cryptographic Primitives --- p.18 / Chapter 4.3 --- Trade-off Parameters --- p.19 / Chapter 5 --- Security Analysis --- p.22 / Chapter 5.1 --- Uses of Security Primitives --- p.22 / Chapter 5.2 --- Security Guarantees --- p.23 / Chapter 5.2.1 --- Corrupting an AECC Stripe --- p.23 / Chapter 5.2.2 --- Picking Corrupted Bytes for Checking --- p.25 / Chapter 5.2.3 --- Putting It All Together --- p.26 / Chapter 6 --- Evaluations --- p.27 / Chapter 6.1 --- Running Time Analysis --- p.27 / Chapter 6.2 --- Monetary Cost Analysis --- p.30 / Chapter 6.3 --- Summary --- p.33 / Chapter 7 --- Related Work --- p.34 / Chapter 8 --- Conclusions --- p.37 / Bibliography --- p.38

Cloud computing--Security measures

Computer networks--Security measures

Secure computer entertainments. / CUHK electronic theses & dissertations collection

January 2009

Computer entertainment is a big business today. Due to the availability of broadband network connections, the Internet is already a platform for many high quality multimedia applications. For example, online theaters and multi-player online games (MOG) are two of the most popular multimedia applications on the Internet. Although the Internet provides us a very convenient channel for data dissemination, its open architecture leads to many security issues. The security problems are especially complicated for computer entertainment applications since we must address both efficiency and security at the same time. In this thesis, we tackle four security issues in different aspects of computer entertainment applications. Specifically, the issues are (1) "to provide secure multimedia streaming while allowing proxy caching by untrusted third parties", (2) "to detect cheating in MOGs other than using conventional labor-intensive methods", (3) "to synchronize game clients in highly-interactive MOGs while resisting cheating in both the application and protocol level", and (4) "to exchange messages in peer-to-peer (P2P) MOGs so that distributed simulation is allowed but information exposure is mitigated". For each of the above issues, we present an effective solution that preserves the architecture of that particular multimedia application and also is feasible and efficient to deploy on the Internet. / Yeung, Siu Fung. / Adviser: John C. S. Lui. / Source: Dissertation Abstracts International, Volume: 70-09, Section: B, page: . / Thesis (Ph.D.)--Chinese University of Hong Kong, 2009. / Includes bibliographical references (leaves 137-142). / Electronic reproduction. Hong Kong : Chinese University of Hong Kong, [2012] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Electronic reproduction. [Ann Arbor, MI] : ProQuest Information and Learning, [200-] System requirements: Adobe Acrobat Reader. Available via World Wide Web. / Abstracts in English and Chinese. / School code: 1307.

Computer games

Computer networks--Security measures

A hippocratic privacy protection framework for relational databases.

Oberholzer, Hendrik Johannes Gerhardus.

January 2012

Thesis (DTech. degree in Computer Science and Data Processing: Software Development.)--Tshwane University of Technology, 2012. / Based on the fundamental assumption that individuals view their privacy differently, this study attempts to find a solution on how to protect the personal information of an individual stored in a relational database system against privacy violations. Secondly, to determine how the Hippocratic principles can be effectively applied to give individuals better control over their personal information, while at the same time allowing the organisation to process its transactions on the same personalised information. In answering these problems, the study established a set of extended principles to which the collection and the use of personal data should strictly hold.