Identity management in a public IaaS Cloud

In this thesis the unique environment that is the public IaaS cloud along with its differences from a traditional data center environment has been considered. The Cloud Security Alliance (CSA), states that “Managing identities and access control for enterprise applications remains one of the greatest challenges facing IT today”. The CSA also points out that “there is a lack of consistent secure methods for extending identity management into the cloud and across the cloud” [1]. This thesis examines this challenge of managing identities in the cloud by developing a list of best practices for implementing identity management in the cloud. These best practices were then tested by simulated misuse cases which were tested in a prototype of the implementation strategy. The results and analysis of the misuse cases show that the implementation of the identity management solution solves the problem of managing identities for the control of the infrastructure in the cloud. However, the analysis also shows that there are still areas where the properly implemented identity management solution fails to mitigate attacks to the infrastructure. These failures in particular are attacks that are sourced from the subscriber environments in the cloud. Finally, the best practices from this thesis also present some consistent methods for extending identity management into the cloud

Integrating a usable security protocol for user authentication into the requirements and design process

L'utilisabilité et la sécurité sont des éléments cruciaux dans le processus d'authentification des utilisateurs. L'un des défis majeurs auquel font face les organisations aujourd'hui est d'offrir des systèmes d'accès aux ressources logiques (par exemple, une application informatique) et physiques (par exemple, un bâtiment) qui soient à la fois sécurisées et utilisables. Afin d'atteindre ces objectifs, il faut d'abord mettre en œuvre les trois composantes indispensables que sont l'identification (c.-à-d., définir l'identité d'un utilisateur), l'authentification (c.-à-d., vérifier l'identité d'un utilisateur) et l'autorisation (c.-à-d., accorder des droits d'accès à un utilisateur). Plus particulièrement, la recherche en authentification de l'utilisateur est essentielle. Sans authentification, par exemple, des systèmes informatiques ne sont pas capables de vérifier si un utilisateur demandant l'accès à une ressource possède les droits de le faire. Bien que plusieurs travaux de recherche aient porté sur divers mécanismes de sécurité, très peu de recherches jusqu'à présent ont porté sur l'utilisabilité et la sécurité des méthodes d'authentification des utilisateurs. Pour cette raison, il nous paraît nécessaire de développer un protocole d'utilisabilité et de sécurité pour concevoir les méthodes d'authentification des utilisateurs. La thèse centrale de ce travail de recherche soutient qu'il y a un conflit intrinsèque entre la création de systèmes qui soient sécurisés et celle de systèmes qui soient facile d'utilisation. Cependant, l'utilisabilité et la sécurité peuvent être construites de manière synergique en utilisant des outils d'analyse et de conception qui incluent des principes d'utilisabilité et de sécurité dès l'étape d'Analyse et de Conception de la méthode d'authentification. Dans certaines situations il est possible d'améliorer simultanément l'utilisabilité et la sécurité en revisitant les décisions de conception prises dans le passé. Dans d'autres cas, il est plus avantageux d'aligner l'utilisabilité et la sécurité en changeant l'environnement régulateur dans lequel les ordinateurs opèrent. Pour cette raison, cette thèse a comme objectif principal non pas d'adresser l'utilisabilité et la sécurité postérieurement à la fabrication du produit final, mais de faire de la sécurité un résultat naturel de l'étape d'Analyse et de Conception du cycle de vie de la méthode d'authentification. \ud ______________________________________________________________________________ \ud MOTS-CLÉS DE L’AUTEUR : authentification de l'utilisateur, utilisabilité, sécurité informatique, contrôle d'accès

EmC-ICDSST 2019: 5th International Conference on Decision Support System Technology - ICDSST 2019 & EURO Mini Conference 2019 on "Decision Support Systems: Main Developments & Future Trends"

info:eu-repo/semantics/publishedVersio

Mobile Technology Deployment Strategies for Improving the Quality of Healthcare

Ineffective deployment of mobile technology jeopardizes healthcare quality, cost control, and access, resulting in healthcare organizations losing customers and revenue. A multiple case study was conducted to explore the strategies that chief information officers (CIOs) used for the effective deployment of mobile technology in healthcare organizations. The study population consisted of 3 healthcare CIOs and 2 healthcare information technology consultants who have experience in deploying mobile technology in a healthcare organization in the United States. The conceptual framework that grounded the study was Wallace and Iyer\u27s health information technology value hierarchy. Data were collected using semistructured interviews and document reviews, followed by within-case and cross-case analyses for triangulation and data saturation. Key themes that emerged from data analysis included the application of disruptive technology in healthcare, ownership and management of mobile health equipment, and cybersecurity. The healthcare CIOs and consultants emphasized their concern about the lack of cybersecurity in mobile technology. CIOs were reluctant to deploy the bring-your-own-device strategy in their organizations. The implications of this study for positive social change include the potential for healthcare CIOs to emphasize the business practice of supporting healthcare providers in using secure mobile equipment deployment strategies to provide enhanced care, safety, peace of mind, convenience, and ease of access to patients while controlling costs

CHORUS Deliverable 2.1: State of the Art on Multimedia Search Engines

Based on the information provided by European projects and national initiatives related to multimedia search as well as domains experts that participated in the CHORUS Think-thanks and workshops, this document reports on the state of the art related to multimedia content search from, a technical, and socio-economic perspective. The technical perspective includes an up to date view on content based indexing and retrieval technologies, multimedia search in the context of mobile devices and peer-to-peer networks, and an overview of current evaluation and benchmark inititiatives to measure the performance of multimedia search engines. From a socio-economic perspective we inventorize the impact and legal consequences of these technical advances and point out future directions of research

The Effects of Advanced Analytics and Machine Learning on the Transportation of Natural Gas

This qualitative single case study describes the effects of an advanced analytic and machine learning system (AAML) has on the transportation of natural gas pipelines and the causes for failure to fully utilize the advanced analytic and machine learning system. This study\u27s guiding theory was the Unified Theory of Acceptance and Use of Technology (UTAUT) model and Transformation Leadership. The factors for failure to fully utilize AAML systems were studied, and the factors that made the AAML system successful were also examined. Data were collected through participant interviews. This study indicates that the primary factors for failure to fully utilize AAML systems are training and resource allocation. The AAML system successfully increased the participants\u27 productivity and analytical abilities by eliminating the many manual steps involved in producing reports and analyzing business conditions. The AAML system also allowed the organization to gather and analyze real-time data in a volume and manner that would have been impossible before the AAML system was installed. The leadership team brought about the AAML system\u27s success through transformation leadership by encouraging creativity, spurring innovation while providing the proper funding, time, and personnel to support the AAML system

Vulnerability assessment of modern ICT infrastructure from an information warfare perspective.

Ph. D. University of KwaZulu-Natal, Durban 2011.The overall objective of the study is to provide a vulnerability assessment of the mobile communications infrastructure to information warfare attacks; this study has a South African focus. The mobile infrastructure was selected as the infrastructure and mobile devices incorporate the majority of modern ICT technologies, namely social networking, wireless connectivity and mobility, mass storage, as well as the telecommunications elements. The objectives of the study are to: Propose a new information warfare model, and from this deduce a vulnerability assessment framework from the specific information warfare perspective. These are the guiding frameworks and model for the study. Gather information regarding threats and vulnerabilities, with particular focus on potential use in information warfare and relevance to South Africa. Establish the criticality of the mobile infrastructure in South Africa. Use the gathered information in the vulnerability assessment, to assess the vulnerability of the mobile infrastructure and related devices and services. The model and framework are generated through desk-based research. The information is gathered from research protocols that are relevant to both research and risk and vulnerability assessment, these include: expert input through interviews and a research workshop, incident and trend analyses through news and vendor reports and academic publishing, computer simulation, questionnaire survey, and mathematical analyses. The information is then triangulated by using it in the vulnerability assessment. The primary and secondary data shows that attacks on confidentiality are the most prevalent for both computer-based networks and the mobile infrastructure. An increase in threats and incidents for both computer and mobile platforms is being seen. The information security trends in South Africa indicate that the existing security concerns are likely to worsen, in particular the high infection rates. The research indicates that the mobile infrastructure is critical in South Africa. The study validates the proposed framework, which indicates that South Africa is vulnerable to an information warfare attack in general. Key aspects of vulnerability in the mobile infrastructure are highlighted; the apparent high load of the mobile infrastructure in South Africa can be seen as a high risk vulnerability. Suggestions to mitigate vulnerabilities and threats are provided