Secret message sharing through JPEG images on social media platform

Lyn, Ran

January 2017

University of Macau / Faculty of Science and Technology / Department of Computer and Information Science

Social media

Image processing -- Security measures

A dynamic distributed trust model to control access to resources over the Internet

Lei, Hui.

10 April 2008

The access control mechanisms used in traditional security infrastructures, such as ACL and password applications, have been proven inadequate, inflexible, and difficult to apply in the Internet due to the incredible magnitude of today's Internet. Recently, research for expressing trust information in the digital world has been explored to be complementary to security mechanisms. This thesis deals with the access control for the resources provided over the Internet. On line digital content service is exemplary of such an application. In this work, we have concentrated on the idea of a trust management system, which was first proposed by Blaze et a1 in 1996, and we have proposed a general-purpose, application-independent Dynamic Distributed Trust Model (DDTM). In our DDTM, access rights are directly associated with a trust value. The trust values in this thesis are further classified into direct trust values, indirect trust values and trust authorization levels. We have calculated and expressed each type of the trust values as explicit numerical values. The core of this model is the recommendation-based trust model, organized as a Trust Delegation Tree (TDT), and the authorization delegation realized by delegation certificate chains. Moreover, the DDTM provides a distributed key-oriented certificate-issuing mechanism with no centralized global authority. A Dynamic Distributed Trust Protocol (DDTP) was developed as a general protocol for establishing and managing the trust relationship in a TDT structure. The protocol was verified by means of the verification tool, SPIN, and was prototyped to simulate communication and behaviors among the certificate issuer nodes on a TDT.

Internet -- Access control

Internet -- Security measures

Novel framework to support information security audit in virtual environment

Nagarle Shivashankarappa, A.

January 2013

Over the years, the focus of information security has evolved from technical issue to business issue. Heightened competition from globalization compounded by emerging technologies such as cloud computing has given rise to new threats and vulnerabilities which are not only complex but unpredictable. However, there are enormous opportunities which can bring value to business and enhance stakeholders’ wealth. Enterprises in Oman are compelled to embark e-Oman strategy which invariably increases the complexity due to integration of heterogeneous systems and outsourcing with external business partners. This implies that there is a need for a comprehensive model that integrates people, processes and technology and provides enterprise information security focusing on organizational transparency and enhancing business value. It was evident through interviews with security practitioners that existing security models and frameworks are inadequate to meet the dynamic nature of threats and challenges inherent in virtualization technology which is a catalyst to cloud computing. Hence the intent of this research is to evaluate enterprise information security in Oman and explore the potential of building a balanced model that aligns governance, risk management and compliance with emphasis to auditing in virtual environment. An integrated enterprise governance, risk and compliance model was developed where enterprise risk management acts as a platform, both mitigating risk on one hand and as a framework for defining cost controls and quantifying revenue opportunities on the other. Further, security standards and frameworks were evaluated and some limitations were identified. A framework for implementing IT governance focusing on critical success factors was developed after analysing and mapping the four domains of COBIT with various best practices. Server virtualization using bare metal architecture was practically tested which provides fault-tolerance and automated load balancing with enhanced security. Taxonomy of risks inherent in virtual environments was identified and an audit process flow was devised that provides insight to auditors to assess the adequacy of controls in a virtual environment. A novel framework for a successful audit in virtual environment is the contribution of this research that has changed some of the security assumptions and audit controls in virtual environment.

005.8

An information security perspective on XML web services.

Chetty, Jacqueline

29 May 2008

The Internet has come a long way from its humble beginnings of being used as a simple way of transporting data within the US army and other academic organizations. With the exploding growth of the Internet and the World Wide Web or WWW more and more people and companies are not only providing services via the WWW but are also conducting business transactions. In today’s Web-based environment where individuals and organizations are conducting business online, it is imperative that the technologies that are being utilized are secure in every way. It is important that any individual or organization that wants to protect their data in one form or another adhere to the five (5) basic security services. These security services are Identification and Authentication, Authorization, Confidentiality, Integrity and Non-repudiation This study looks at two Web-based technologies, namely XML and XML Web services and provides an evaluation of whether or not the 5 security services form part of the security surrounding these Web-based technologies. Part 1 is divided into three chapters. Chapter 1, is an Introduction and roadmap to the dissertation. This chapter provides an introduction to the dissertation. Chapter 2 provides an Overview of XML. The reader must not view this chapter as a technical chapter. It is simply a chapter that provides the reader with an understanding of XML so that the reader is able to understand the chapter surrounding XML security. Chapter 3 provides an Overview of Web services. Again the reader must not view this chapter as a technical chapter and as in chapter 2 this chapter must be seen as an overview providing the reader with a broad picture of what Web services is. A lot of technical background and know how has not been included in these two chapters. Part 2 is divided into a further three chapters. Chapter 4 is titled Computer Security and provides the reader with a basic understanding surrounding security in general. The 5 security services are introduced in more detail and the important mechanisms and aspects surrounding security are explained. Chapter 5 looks at how XML and Web services are integrated. This is a short chapter with diagrams that illustrate how closely XML and Web services are interwoven. Chapter 6 is the most important chapter of the dissertation. This chapter is titled XML and Web services security. This chapter provides the reader with an understanding of the various XML mechanisms that form part of the Web services environment, thus providing security in the form of the 5 security services. Each XML mechanism is discussed and each security service is discussed in relation to these various mechanisms. This is all within the context of the Web services environment. The chapter concludes with a table that summarizes each security service along with its corresponding XML mechanism. Part 3 includes one chapter. Chapter 7 is titled Mapping XML and Web services against the 5 security services. This chapter makes use of the information from the previous chapter and provides a summary in the form of a table. This table identifies each security service and looks at the mechanisms that provide that service within a Web services environment. Part 4 provides a conclusion to the dissertation. Chapter 8 is titled Conclusion and provides a summary of each preceding chapter. This chapter also provides a conclusion and answers the question of whether or not the 5 information security services are integrated into XML and Web services. / von Solms, S.H., Prof.

Computer security

World Wide Web security measures

Using virtualisation to create a more secure online banking infrastructure

Du Toit, Jaco Louis

09 December 2013

M.Sc. (Computer Science) / Sim swop, Phishing, Zeus and SpyEye are all terms that may be found in articles concerning online banking fraud. Home users are unsure of how the configuration of their computers affects the risk profile for conducting online banking. Software installed by a home user on their computer may be malware designed to steal banking details. Customers expect banks to provide a safe online banking system. The challenge that banks have is that they cannot control the configuration that exists on a client operating system. The V-Bank system was designed to determine whether virtualisation can be used as a means to increase the security for online banking. The V-Bank system uses a virtual machine that is run from a guest that is single purpose, read-only and fulfils the configuration requirements that the bank has for a client system. The V-Bank system also utilises public and private key encryption for identification, authentication and authorisation mechanisms in the online banking system. The architecture of the V-Bank system defines online banking as an end-to-end system. It approaches online banking as a system that consists of three major components. The three major components is a client-side component, network and server-side environment. The V-Bank system gives banks the ability to provide customers with a system that is controlled from the client, through the network to the server. The V-Bank system demonstrates that virtualisation can be used to increase the security of online banking.

Internet banking - Security measures

Virtual computer systems

Factors impacting the adoption of biometric authentication in the local banking sector

Pooe, Antonio

08 November 2011

M.Tech. / This research is concerned with establishing the causes for the slow adoption of biometric authentication in the South African banking sector and constitutes exploratory research. It looks at the widely accepted means of authentication and delves deeper into why these modes may not be sufficient to protect sensitive data. The scope of the research is limited to the banking sector only. The first sections of the study establish what the biometric authentication norms are amongst international banking institutions. This is then followed by an environmental study of the South African approach to biometric authentication. Owing to the limited number of banks in South Africa compared to developed countries, the study is limited to the four major banking institutions in South Africa, namely ABSA, Standard Bank, Nedbank and First National Bank. An online survey was used to gather the required data for analysis. The general approach adopted to investigate the extent to which biometric authentication is used by the said four banks was to first measure the respondents’ knowledge of biometrics and to establish the level of exposure the respondents had to the said technology. The next step was then to establish the extent to which the participating banks had investigated the use of biometric authentication. This was followed by consideration of the current use of biometric authentication and lastly, the future use and user perceptions regarding various aspects of biometric authentication in the financial services sector. A matrix that identifies the factors perceived to be impacting the adoption of biometric authentication concludes the last chapter on user perception.

Biometry

Authentication

Banks and banking - Security measures

Biometriese enkelaantekening tot IT stelsels

Tait, Bobby Laubscher

21 April 2009

M.Comm.

Computer security

Access control

Security measures

Biometry

Hostage incident management : preparedness and response of international non-governmental organisations

Lauvik, Kjell Erik

January 2014

It is broadly accepted that there is a need for better security management and protocols for hostage incident management, there is currently a lack of basic empirical knowledge about the existing security management protocols with reference to existing policies, knowledge and the capability of International Non-Governmental Organisations (INGOs) to handle hostage incidents. Many INGOs have successfully managed high-profile hostage crises, but there is still a considerable level of uncertainty about the way these crises have been solved and the way their success can be seen in relation to other crises. This study aimed to understand how INGOs prepare themselves for hostage incidents, whether policies, procedures are in place, how they manage hostage situations, and also how INGO staff are trained and prepared. The methodology adopted for this study was qualitative and comprised of indepth interviews with sixteen INGOs and ten industry experts and a review of INGO documents, policies and plans. The study sheds light on some of the less talked-about aspects for INGO security management in general, as well as preparedness and responsibility towards their staff. The study suggests that while most organisations have a level of preparedness in place, enhancing each agency’s respective policies may assist the organisation in better management. The study also found that there is a higher use of ransom payment than expected, and that there is an increasing willingness to engage external expertise to assisting in managing a hostage crisis. The study makes several recommendations that may have policy implications, including pre-deployment hostile environment training, reviewing potential cooperation between INGOs and United Nations, and the use of external resources to assist in managing a hostage crisis. It also recommends a revision of existing negotiation models, as the current models are lacking in addressing protracted hostage cases. The establishment of an accurate database of incidents to allow for improved interpretation of trends and scope of hostage cases is also recommended.

Hostage negotions

Towards a user centric model for identity and access management within the online environment

Deas, Matthew Burns

January 2008

Today, one is expected to remember multiple user names and passwords for different domains when one wants to access on the Internet. Identity management seeks to solve this problem through creating a digital identity that is exchangeable across organisational boundaries. Through the setup of collaboration agreements between multiple domains, users can easily switch across domains without being required to sign in again. However, use of this technology comes with risks of user identity and personal information being compromised. Criminals make use of spoofed websites and social engineering techniques to gain illegal access to user information. Due to this, the need for users to be protected from online threats has increased. Two processes are required to protect the user login information at the time of sign-on. Firstly, user’s information must be protected at the time of sign-on, and secondly, a simple method for the identification of the website is required by the user. This treatise looks at the process for identifying and verifying user information, and how the user can verify the system at sign-in. Three models for identity management are analysed, namely the Microsoft .NET Passport, Liberty Alliance Federated Identity for Single Sign-on and the Mozilla TrustBar for system authentication.

Computers -- Access control

Computer networks -- Security measures

Authorisation as audit risk in an information technology environment

Kruger, Willem Jacobus

05 February 2014

M.Comm. / Please refer to full text to view abstract

Auditing - Access control.

Computer networks - Security measures